Dockerfiles redesigned

[Pyatakov]

Description

This PR contains completely redesigned Docker files for each service and an updated docker-compose file. They contain several changes and improvements over the original version. Overall, the updated Docker files follows best practices for multi-stage builds, caching, and creating smaller and more secure final images.

Changes

Here's a summary of the main changes:

1. Multi-stage builds: The updated Dockerfile uses a more structured multi-stage build approach, with clearly named stages for each step of the build process (interfaces, common, deps, build, and image) for better organisation and clarity.
2. Base image: It introduces a base image, which is used as the starting point for all subsequent stages. The NODE_VERSION is defined as an argument at the beginning of the Dockerfile to specify the Node.js version.
3. Node image: The updated version uses the node:20.11.1-alpine variant of the Node.js image, which is a slimmer version compared to the full node:20 image. Slim variants contain only the essential packages needed to run Node.js applications, resulting in smaller image sizes and increased security.
4. Yarn cache: It introduces a cache mount for the Yarn cache directory (/root/.yarn) using the --mount=type=cache flag. This helps speed up subsequent builds by reusing the cached dependencies.
5. Copying files: The updated version uses the COPY --link flag to create hardlinks instead of copying files, which can help reduce image size and improve build performance.
6. Production dependencies: It separates the installation of production dependencies into a dedicated deps stage, which allows for better layer caching and faster builds. This stage is used to create a smaller final image that doesn't include development dependencies.
7. Non-root user: The final image in the updated version runs the application as a non-root user (node) for improved security.
8. Build: Moved the yarn install command to the build stage and added the --frozen-lockfile flag (where possible) to ensure reproducibility.
9. CMD instruction: The updated Dockerfile uses a JSON array format for the CMD instruction, which is the recommended format.
10. Final image: The final image stage (image) copies only the necessary files from the deps and build stages, reducing the image size.
11. Removed unnecessary steps: The updated version removes some unnecessary steps, such as copying directories, which are not used in the final image.
12. Dockerignore: .dockerignore files added (or updated) for every service to make sure that only relevant files are copied.
13. Docker Compose: The init: true option in a Docker Compose file specifies that the container should run as an init process. This means that the container will be responsible for initializing the system and starting other processes within the container. https://docs.docker.com/compose/compose-file/compose-file-v2/#init

Checklist

• Documented (Code comments, README, etc.)
• Tested (unit, integration, etc.)

[wiz-inc-8f76296f7c]

Wiz Scan Summary

IaC Misconfigurations
Vulnerabilities
Sensitive Data
Total
Secrets

[github-actions]

Unit Test Results

27 tests  ±0   27 ✔️ ±0   0s ⏱️ ±0s
27 suites ±0     0 💤 ±0 
  3 files   ±0     0 ❌ ±0 

Results for commit 887d1b6. ± Comparison against base commit 33bad67.