2023 updates (#107)

* npm ci now works as expected
* update linters
* fixing lints
* update workdir since they fixed chown
* update for v2 compose

.github/workflows/call-docker-build.yaml

@@ -51,31 +51,4 @@ jobs:
       ### defaults to:
       image-names: |
         ghcr.io/${{ github.repository }}
-
-      ### REQUIRED set rules for tagging images, based on special action syntax:
-      ### https://github.com/docker/metadata-action#tags-input
-      ### defaults to:
-      tag-rules: |
-        type=raw,value=latest,enable=${{ endsWith(github.ref, github.event.repository.default_branch) }}
-        type=ref,event=pr
-        type=ref,event=branch
-        type=semver,pattern={{version}}
-        type=raw,value=gha-${{ github.run_id }}
-      
-      ### path to where docker should copy files into image
-      ### defaults to root of repository (.)
-      # context: .
-
-      ### Dockerfile alternate name. Default is Dockerfile (relative to context path)
-      # file: Containerfile
-
-      ### build stage to target, defaults to empty, which builds to last stage in Dockerfile
-      # target:
-
-      ### platforms to build for, defaults to linux/amd64
-      ### other options: linux/amd64,linux/arm64,linux/arm/v7
-      # platforms: linux/amd64
-
-      ### Create a PR comment with image tags and labels
-      ### defaults to false
-      # comment-enable: false
+        ${{ github.repository }}

Dockerfile

@@ -1,6 +1,7 @@
-# if you're doing anything beyond your local machine, please pin this to a specific version at https://hub.docker.com/_/node/
-# FROM node:14-alpine also works here for a smaller image (But I prefer the more reliable debian slim)
-FROM node:16-slim
+# If you're doing anything beyond your local machine, please pin this to a specific version at https://hub.docker.com/_/node/
+# Always use slim. If you need additional packages, add them with apt
+# Alpine variants are not offically supported by Node.js, so we use the default debian variant
+FROM node:18-slim
 
 # set our node environment, either development or production
 # defaults to production, compose overrides this to development on build and run
@@ -16,15 +17,21 @@ EXPOSE $PORT 9229 9230
 # but pin this version for the best stability
 RUN npm i npm@latest -g
 
-# install dependencies first, in a different location for easier app bind mounting for local development
-# due to default /opt permissions we have to create the dir with root and change perms
-RUN mkdir /opt/node_app && chown node:node /opt/node_app
-WORKDIR /opt/node_app
+# remember to put things that don't change much at the top for better caching
+# this entrypoint script will copy any file-based secrets into envs
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+
 # the official node image provides an unprivileged user as a security best practice
 # but we have to manually enable it. We put it here so npm installs dependencies as the same
 # user who runs the app.
 # https://github.com/nodejs/docker-node/blob/master/docs/BestPractices.md#non-root-user
 USER node
+
+# install dependencies first, in a different location for easier app bind mounting for local development
+# WORKDIR now sets correct permissions if you set USER first
+WORKDIR /opt/node_app
+
 COPY --chown=node:node package.json package-lock.json* ./
 RUN npm ci && npm cache clean --force
 ENV PATH /opt/node_app/node_modules/.bin:$PATH
@@ -37,10 +44,6 @@ HEALTHCHECK --interval=30s CMD node healthcheck.js
 WORKDIR /opt/node_app/app
 COPY --chown=node:node . .
 
-COPY docker-entrypoint.sh /usr/local/bin/
-ENTRYPOINT ["docker-entrypoint.sh"]
-
-
 # if you want to use npm start instead, then use `docker run --init in production`
 # so that signals are passed properly. Note the code in index.js is needed to catch Docker signals
 # using node here is still more graceful stopping then npm with --init afaik

docker-compose.yml

@@ -25,7 +25,7 @@ services:
       # for example, to add bower to your app while developing, just install it inside the container
       # and then nodemon will restart. Your changes will last until you "docker compose down" and will
       # be saved on host for next build.
-      # remember to install from the parent directory to the code bind-mount:
+      # remember to isntall from the parent directory to the code bind-mount:
       # docker compose exec -w /opt/node_app node npm install --save bower
       - ./package.json:/opt/node_app/package.json
       - ./package-lock.json:/opt/node_app/package-lock.json

docker-stack.yml

@@ -1,6 +1,6 @@
-version: '3.1'
-
+version: '3.9'
 # a stack-file version of this for running in Swarm services
+# Swarm still needs the 3.x version for stacks
 
 services:
   node: