Refactor Images to Multi-Stage Builds

[jan-abel-inwt]

see #54

[github-advanced-security]

Snyk Container found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

[Copilot]

Pull Request Overview

Refactors all container images to multi-stage builds, introducing non-root execution and shared build patterns.

• Adds builder/final stages across Dockerfiles with ARG-driven configuration.
• Introduces new helper scripts (e.g., installAutomake.sh) and build tooling (Makefile, metadata labels).
• Updates documentation (README) and adds license and Dependabot configuration.

Reviewed Changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 24 comments.

Show a summary per file

File	Description
r-shiny/installAutomake.sh	New Automake install script used in shiny builder stage.
r-shiny/Dockerfile	Converted to multi-stage build; installs system deps, Automake, Shiny packages, copies built library.
r-model/Dockerfile	Multi-stage build for modeling stack (rstan, prophet).
r-geos/Dockerfile	Multi-stage build for geospatial stack; system libs and R packages.
r-batch/aws.config	Removed AWS config file (now handled differently).
r-batch/Dockerfile	Multi-stage build; adds AWS CLI, Java, database libs, R packages, final stage artifact copying.
r-base/installAutomake.sh	Adjusted fetch URL and chaining style for Automake install.
r-base/Dockerfile	Major refactor to multi-stage; user creation, system deps, R config, artifact promotion.
README.md	Updated descriptions, versions, and multi-stage notes.
Makefile	New build orchestration and version update automation.
LICENSE	Added GPL-2.0-or-later license text.
Jenkinsfile	Adds OCI labels (revision, created) during builds.
.github/dependabot.yml	Adds Dependabot config for r-base Dockerfile updates.

Comments suppressed due to low confidence (2)

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pull Request Overview

Copilot reviewed 13 out of 13 changed files in this pull request and generated 9 comments.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Runtime system libraries (libudunits2, libgdal, xdg-utils, automake binaries) installed only in the builder stage are not present in the final stage, so compiled packages (e.g. leaflet, sf dependencies, or others using GDAL/UDUNITS) may fail to load due to missing shared objects. Re-install the required runtime (non -dev if possible) libraries in this final stage or move their installation to this stage while keeping only build-only deps (e.g. -dev headers, automake for compilation) in the builder.

[Copilot]

rstan/prophet were built against system libraries (e.g. libnode-dev for V8 / HTTP handling) added only in the builder stage; those libraries are not present in the final stage, which can cause runtime linkage errors. Install the required runtime packages again (using non -dev variants if available) in this final stage or keep them in a shared base layer.

[Copilot]

Geospatial packages (sf, stars, terra, raster) need GDAL/GEOS/PROJ/UDUNITS shared libs at runtime, but those were installed only in the builder stage and are absent here. Re-install runtime libraries (prefer non -dev variants like libgdal30, libgeos-c1, libprojNN, libudunits2) in this final stage or split build vs runtime dependencies properly.

[Copilot]

openjdk-8-jdk and other system libs (e.g. libmysqlclient-dev, libpq-dev) used for building packages are not installed in this final runtime stage; packages relying on Java (rJava, Arrow with JNI) or DB connectors may fail to load. Install the necessary runtime components (JRE/JDK + required libs) here or move them to a shared base final layer.