refactor: slim down the backend containers (#4233)

* refactor: slim down the backend containers

* refactor: make containers run as non-root user in container

* chore: correct casing for the build stage definitions

* chore: remove docker compose version field as its obsolete

* chore: optimise chown and chmod into the COPY command itself

* chore: add package overrides for packages with reported vulns

* chore: add pnpm to containers + set workdir dir to the backend project

* fix: permission issues with the fe containers

* chore: define env variables on AIO

aio_run.mjs

@@ -51,7 +51,7 @@ fs.rmSync("build.env")
 
 const caddyFileName = process.env.ENABLE_SUBPATH_BASED_ACCESS === 'true' ? 'aio-subpath-access.Caddyfile' : 'aio-multiport-setup.Caddyfile'
 const caddyProcess = runChildProcessWithPrefix("caddy", ["run", "--config", `/etc/caddy/${caddyFileName}`, "--adapter", "caddyfile"], "App/Admin Dashboard Caddy")
-const backendProcess = runChildProcessWithPrefix("pnpm", ["run", "start:prod"], "Backend Server")
+const backendProcess = runChildProcessWithPrefix("node", ["/dist/backend/dist/main.js"], "Backend Server")
 
 caddyProcess.on("exit", (code) => {
   console.log(`Exiting process because Caddy Server exited with code ${code}`)

docker-compose.deploy.yml

@@ -1,8 +1,6 @@
 # THIS IS NOT TO BE USED FOR PERSONAL DEPLOYMENTS!
 # Internal Docker Compose Image used for internal testing deployments
 
-version: "3.7"
-
 services:
   hoppscotch-db:
     image: postgres:15

docker-compose.yml

@@ -1,7 +1,6 @@
 # To make it easier to self-host, we have a preset docker compose config that also
 # has a container with a Postgres instance running.
 # You can tweak around this file to match your instances
-version: "3.7"
 
 services:
   # This service runs the backend app in the port 3170

package.json

@@ -34,7 +34,13 @@
   },
   "pnpm": {
     "overrides": {
-      "vue": "3.3.9"
+      "vue": "3.3.9",
+      "@nestjs-modules/mailer>mjml": "5.0.0-alpha.4",
+      "subscriptions-transport-ws>ws": "7.5.10",
+      "@nestjs/graphql>ws": "8.17.1",
+      "braces": "3.0.3",
+      "express": "4.19.2",
+      "pug": "3.0.3"
     },
     "packageExtensions": {
       "@hoppscotch/httpsnippet": {

packages/hoppscotch-backend/package.json

@@ -5,6 +5,10 @@
   "author": "",
   "private": true,
   "license": "UNLICENSED",
+  "files": [
+    "prisma",
+    "dist"
+  ],
   "scripts": {
     "prebuild": "rimraf dist",
     "build": "nest build",
@@ -56,7 +60,7 @@
     "handlebars": "4.7.7",
     "io-ts": "2.2.16",
     "luxon": "3.2.1",
-    "nodemailer": "6.9.1",
+    "nodemailer": "6.9.14",
     "passport": "0.6.0",
     "passport-github2": "0.1.12",
     "passport-google-oauth20": "2.0.0",

packages/hoppscotch-backend/prod_run.mjs

@@ -39,8 +39,8 @@ const caddyProcess = runChildProcessWithPrefix(
   'App/Admin Dashboard Caddy',
 );
 const backendProcess = runChildProcessWithPrefix(
-  'pnpm',
-  ['run', 'start:prod'],
+  'node',
+  ['/dist/backend/dist/main.js'],
   'Backend Server',
 );
 

packages/hoppscotch-backend/tsconfig.build.json

@@ -1,4 +1,8 @@
 {
   "extends": "./tsconfig.json",
-  "exclude": ["node_modules", "test", "dist", "**/*spec.ts"]
+  "exclude": ["node_modules", "test", "dist", "**/*spec.ts"],
+  "compilerOptions": {
+    "declaration": false,
+    "sourceMap": false
+  }
 }

packages/hoppscotch-selfhost-web/selfhost-web.Caddyfile

@@ -1,5 +1,5 @@
 :80 :3000 {
 	try_files {path} /
-	root * /site
+	root * /site/selfhost-web
 	file_server
 }