feat:#65 increased OCI image base images versions, slightly optimized Dockerfiles and adjust docker-compose.yml's to make them OCI compliant

docker-compose.dev.yml

@@ -46,7 +46,7 @@ services:
       - "net"
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.25
     restart: always
     volumes:
       - ./reverseproxy.dev.conf:/opt/bitnami/nginx/conf/nginx.conf

docker-compose.prod.yml

@@ -45,7 +45,7 @@ services:
       - "net"
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.25
     restart: always
     volumes:
       - ./reverseproxy.conf:/opt/bitnami/nginx/conf/nginx.conf

docker-compose.yml

@@ -43,22 +43,19 @@ services:
       dockerfile: Dockerfile
       context: ./frontend
       target: prod
-    command: "npm run dev"
     # open port 8000
     ports:
       - "8000:8000"
-    volumes:
-      - ./frontend/src:/app/src
 
   rproxy:
-    image: bitnami/nginx:1.25
+    image: docker.io/bitnami/nginx:1.27
     volumes:
       - ./reverseproxy.local.conf:/opt/bitnami/nginx/conf/nginx.conf
     depends_on:
       - htwkalender-data-manager
       - htwkalender-frontend
     ports:
-      - "80:80"
+      - "8080:8080"
 
 volumes:
   pb_data:

frontend/Dockerfile

@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM node:lts-alpine AS build
+FROM docker.io/node:lts-alpine AS build
 
 WORKDIR /app
 COPY package*.json ./
@@ -24,7 +24,7 @@ COPY / ./
 RUN npm run build
 
 # development stage
-FROM node:lts-alpine AS dev
+FROM docker.io/node:lts-alpine AS dev
 
 WORKDIR /app
 COPY package*.json ./
@@ -33,7 +33,7 @@ COPY . ./
 
 # production stage
 # https://hub.docker.com/r/bitnami/nginx -> always run as non-root user
-FROM bitnami/nginx:1.25 AS prod
+FROM docker.io/bitnami/nginx:1.27 AS prod
 
 # copy build files from build container
 COPY --from=build /app/dist /app

reverseproxy.local.conf

@@ -25,8 +25,8 @@ http {
     limit_req_zone $ratelimit_key zone=createFeed:10m rate=1r/m;
 
     server {
-        listen              80;
-        listen              [::]:80;
+        listen              8080;
+        listen              [::]:8080;
         http2               on;
 
         location /api/feed {

services/data-manager/Dockerfile

@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM golang:alpine AS build
+FROM docker.io/golang:alpine AS build
 
 WORKDIR /htwkalender-data-manager
 
@@ -29,20 +29,19 @@ COPY common/. ./common
 RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-data-manager data-manager/main.go
 
 # production stage
-FROM alpine:3.20.1 AS prod
+FROM docker.io/alpine:3.21 AS prod
 
 WORKDIR /htwkalender-data-manager
 
 ARG USER=ical
 RUN adduser -Ds /bin/sh "$USER" && \
-    chown "$USER":"$USER" ./
-
-USER $USER
-RUN mkdir -p data
+    mkdir -p data && \
+    chown -R "$USER":"$USER" ./
 
 # copies executable from build container
-COPY --chown=$USER:$USER --chmod=644 --from=build /htwkalender-data-manager ./
-RUN chmod +x main
+COPY --chown=$USER:$USER --chmod=744 --from=build /htwkalender-data-manager ./
+
+USER $USER
 
 # Expose port 8090 to the outside world
 EXPOSE 8090

services/ical/Dockerfile

@@ -15,7 +15,7 @@
 #along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 # build stage
-FROM golang:alpine AS build
+FROM docker.io/golang:alpine AS build
 
 WORKDIR /htwkalender-ical
 
@@ -29,19 +29,19 @@ COPY common/. ./common
 RUN CGO_ENABLED=1 GOOS=linux go build -o /htwkalender-ical ical/main.go
 
 # production stage
-FROM alpine:latest AS prod
+FROM docker.io/alpine:3.21 AS prod
 
 WORKDIR /htwkalender-ical
 
 ARG USER=ical
-RUN adduser -Ds /bin/sh $USER && \
-    chown $USER:$USER ./
-
-USER $USER
-RUN mkdir -p data
+RUN adduser -Ds /bin/sh "$USER" && \
+    mkdir -p data && \
+    chown -R "$USER":"$USER" ./
 
 # copies executable from build container
-COPY --chown=$USER:$USER --from=build /htwkalender-ical ./
+COPY --chown=$USER:$USER --chmod=744 --from=build /htwkalender-ical ./
+
+USER $USER
 
 # Expose port 8091 to the outside world
 EXPOSE 8091