From f34099d384212de14f642f10b7944d7cd551952c Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Thu, 23 Nov 2023 13:56:58 +0100
Subject: [PATCH] build(docker): optimize image size

By executing the curl call directly as the nobody user

Closes #1012

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
---
 .dockerignore                |  9 ++++++++-
 .gitlab-ci.yml               |  2 +-
 docker/production/Dockerfile | 10 +++++-----
 docker/tests/Dockerfile      |  6 +++---
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index d887b97bc..7f29df34a 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,10 @@
 _build
 CONTRIBUTING.md
+coverage
+demo
 deps
+doc
+docs
 docker-compose.yml
 Dockerfile
 .elixir_ls
@@ -16,4 +20,7 @@ README.md
 SECURITY.md
 ssh_match_hostname
 package-lock.json
-node_modules
\ No newline at end of file
+node_modules
+playwright-report
+test
+tests
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 045ca95c2..81bc7c465 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -375,7 +375,7 @@ package-app-dev:
       - ${APP_ASSET}
 
 # Packaging app for multi-arch
-multi-arch-release:
+package-multi-arch-release:
   stage: build
   image: docker:24
   variables:
diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile
index 385056bbb..6b40facd2 100644
--- a/docker/production/Dockerfile
+++ b/docker/production/Dockerfile
@@ -51,7 +51,7 @@ LABEL org.opencontainers.image.title="mobilizon" \
     org.opencontainers.image.created=$BUILD_DATE
 
 RUN apk add --no-cache curl openssl ca-certificates ncurses-libs file postgresql-client libgcc libstdc++ imagemagick python3 py3-pip py3-pillow py3-cffi py3-brotli gcc g++ musl-dev python3-dev pango libxslt-dev ttf-cantarell openssl1.1-compat
-RUN pip install weasyprint pyexcel-ods3
+RUN pip --no-cache-dir install weasyprint pyexcel-ods3
 
 # Create every data directory
 RUN mkdir -p /var/lib/mobilizon/uploads && chown nobody:nobody /var/lib/mobilizon/uploads
@@ -60,14 +60,14 @@ RUN mkdir -p /var/lib/mobilizon/tzdata && chown nobody:nobody /var/lib/mobilizon
 RUN mkdir -p /var/lib/mobilizon/sitemap && chown nobody:nobody /var/lib/mobilizon/sitemap
 RUN mkdir -p /var/lib/mobilizon/uploads/exports/{csv,pdf,ods} && chown -R nobody:nobody /var/lib/mobilizon/uploads/exports
 
-# Get timezone geodata
-RUN curl -L 'https://packages.joinmobilizon.org/tz_world/timezones-geodata.dets' -o /var/lib/mobilizon/timezones/timezones-geodata.dets
-RUN chown -R nobody:nobody /var/lib/mobilizon/timezones
-
 # Create configuration directory
 RUN mkdir -p /etc/mobilizon && chown nobody:nobody /etc/mobilizon
 
 USER nobody
+
+# Get timezone geodata
+RUN curl -L 'https://packages.joinmobilizon.org/tz_world/timezones-geodata.dets' -o /var/lib/mobilizon/timezones/timezones-geodata.dets
+
 EXPOSE 4000
 
 ENV MOBILIZON_DOCKER=true
diff --git a/docker/tests/Dockerfile b/docker/tests/Dockerfile
index 835295eb2..7cccbada3 100644
--- a/docker/tests/Dockerfile
+++ b/docker/tests/Dockerfile
@@ -2,10 +2,10 @@ FROM elixir:latest
 LABEL maintainer="Thomas Citharel <thomas.citharel@framasoft.org>"
 
 ENV REFRESHED_AT=2023-11-20
-RUN apt-get update -yq && apt-get install -yq build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool python3-pip python3-setuptools
-RUN curl -sL https://deb.nodesource.com/setup_20.x | bash && apt-get install nodejs -yq
+RUN apt-get update -yq && apt-get install -yq ca-certificates build-essential inotify-tools postgresql-client git curl gnupg xvfb libgtk-3-dev libnotify-dev libgconf-2-4 libnss3 libxss1 libasound2 cmake exiftool python3-pip python3-setuptools
+RUN mkdir -p /etc/apt/keyrings && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list && apt-get update && apt-get install nodejs -yq
 RUN npm install -g wait-on
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 RUN mix local.hex --force && mix local.rebar --force
-RUN pip3 install -Iv weasyprint pyexcel_ods3
+RUN pip3 --no-cache-dir install -Iv weasyprint pyexcel_ods3
 RUN curl https://dbip.mirror.framasoft.org/files/dbip-city-lite-latest.mmdb --output GeoLite2-City.mmdb -s && mkdir -p /usr/share/GeoIP && mv GeoLite2-City.mmdb /usr/share/GeoIP/