From bcf1b38b12d3765d87387742a2121b44f6fe8981 Mon Sep 17 00:00:00 2001 From: Erin Sullivan Date: Wed, 6 May 2026 10:26:11 -0400 Subject: [PATCH 1/2] Changing `NODE_MAJOR` to `lts` to ensure we are using the latest long-term support version of Node.js in our Dockerfile. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d6b60729..1a845bc7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ FROM ruby:4.0-slim AS base ARG UID=1000 ARG GID=1000 -ARG NODE_MAJOR=20 +ARG NODE_MAJOR=lts RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ From 8c6e33c1ddd99e325f31b2ccff813eda271face0 Mon Sep 17 00:00:00 2001 From: Erin Sullivan Date: Wed, 6 May 2026 10:26:11 -0400 Subject: [PATCH 2/2] use multistage build to build js assets We want to have dependabot keep node up to date. The most straightforward way to do that is to separate out the building of js assets from the ruby app. That means the ruby image can't run node, but we don't need it to run the app. The js/css docker compose services need to use the assets target instead of the main web target. --- Dockerfile | 40 ++++++++++++++++++++++++++++------------ compose.yml | 4 ++-- init.sh | 4 ++-- 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index d6b60729..0f539c31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,29 @@ +################################################################################ +# Node Assets +################################################################################ +FROM node:25.9.0@sha256:c69f4e0640e5b065f2694579793e4309f1e0e49868b0f2fea29c44d9c0dc2caf AS assets + +# Use non-root "app" user in directory /app +ARG UID=1000 +ARG GID=1000 + +RUN groupadd -g ${GID} -o app +RUN useradd -m -d /app -u ${UID} -g ${GID} -o -s /bin/bash app + +USER app + +WORKDIR /app + +# Install packages +COPY package.json package-lock.json ./ +RUN npm ci + +COPY eslint.config.js ./ +COPY ./assets ./assets +COPY ./test ./test + +RUN npm run build + ################################################################################ # BASE ################################################################################ @@ -5,8 +31,6 @@ FROM ruby:4.0-slim AS base ARG UID=1000 ARG GID=1000 -ARG NODE_MAJOR=20 - RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ build-essential \ @@ -18,13 +42,6 @@ RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends \ git -RUN mkdir -p /etc/apt/keyrings -RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg -RUN echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_${NODE_MAJOR}.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list -RUN apt-get update -yqq && apt-get install -yqq --no-install-recommends nodejs - -RUN npm install -g npm - RUN groupadd -g ${GID} -o app RUN useradd -m -d /app -u ${UID} -g ${GID} -o -s /bin/bash app @@ -70,6 +87,5 @@ USER app RUN bundle install -RUN npm ci -RUN npm run build - +COPY --chown=${UID}:{GID} --from=assets /app/public/scripts /app/public/scripts +COPY --chown=${UID}:{GID} --from=assets /app/public/styles /app/public/styles diff --git a/compose.yml b/compose.yml index 5505f4e9..8f9b476a 100644 --- a/compose.yml +++ b/compose.yml @@ -118,7 +118,7 @@ services: js: build: context: . - target: development + target: assets args: UID: ${UID:-1000} GID: ${GID:-1000} @@ -133,7 +133,7 @@ services: css: build: context: . - target: development + target: assets args: UID: ${UID:-1000} GID: ${GID:-1000} diff --git a/init.sh b/init.sh index 3f5723f5..0a14ceee 100755 --- a/init.sh +++ b/init.sh @@ -17,7 +17,7 @@ echo "📦 Installing Gems" docker compose run --rm app bundle echo "📦 Installing Node modules" -docker compose run --rm web npm install +docker compose run --rm js npm install echo "📦 Building js and css" -docker compose run --rm web npm run build +docker compose run --rm js npm run build