From 5e0e5929491ae01d975d4da53e6181872f25afaf Mon Sep 17 00:00:00 2001
From: Lennart Goedhart <lennart@omnibase.com.au>
Date: Mon, 6 Dec 2021 17:56:04 +1100
Subject: [PATCH] Fixes broken Docker image build

The `npm audit fix` in the `Dockerfile` is currently
deleting vulnerable packages. Although we do want to have package
security, this should be done in a development process, not as part
of the Docker build.

This commit also reduces the Docker image size and improves security.
---
 Dockerfile | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0c69448193b..304d1290924 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,17 +2,22 @@ FROM node:14.15.3-alpine
 
 LABEL maintainer="Nightscout Contributors"
 
-RUN mkdir -p /opt/app
-ADD . /opt/app
 WORKDIR /opt/app
-RUN chown -R node:node /opt/app
-USER node
+ADD . /opt/app
 
-RUN npm install && \
+# TODO: We should be able to do `RUN npm install --only=production`.
+# For this to work, we need to copy only package.json and things needed for `npm`'s to succeed.
+# TODO: Do we need to re-add `npm audit fix`? Or should that be part of a development process/stage?
+RUN npm install --cache /tmp/empty-cache && \
   npm run postinstall && \
   npm run env && \
-  npm audit fix
+  rm -rf /tmp/*
+  # TODO: These should be added in the future to correctly cache express-minify content to disk
+  # Currently, doing this breaks the browser cache.
+  # mkdir /tmp/public && \
+  # chown node:node /tmp/public
 
+USER node
 EXPOSE 1337
 
 CMD ["node", "lib/server/server.js"]