Bad Dockerfile

[Paebbels]

The Dockerfile for export-server (image-export/Dockerfile) is not good:

FROM node:slim

LABEL maintainer="JGraph Ltd"

RUN apt-get update -y && \
    apt-get install -y --no-install-recommends \
        git curl software-properties-common chromium libatk-bridge2.0-0 libgtk-3-0 && \
    apt-add-repository contrib && \
    apt-get update -y && \
    apt-get install -y --no-install-recommends \
        ttf-mscorefonts-installer && \
    mkdir /usr/local/drawio && \
    cd /usr/local/drawio && \
    git clone https://github.com/jgraph/draw-image-export2.git && \
    cd draw-image-export2 && \
    npm install && \
    apt-get remove -y --purge chromium git
    
WORKDIR /usr/local/drawio/draw-image-export2

EXPOSE 8000

CMD ["npm", "start"]

Review:

1. Label maintainer is outdated.
   Use org.opencontainers.image.*** labels.
2. At next, setting the following set of OCI labels will allow for container inspection tools:

   ...
   --label "org.opencontainers.image.title=..." \
   --label "org.opencontainers.image.description=..." \
   --label "org.opencontainers.image.authors=Firstname Lastname <email@address.com>" \
   --label "org.opencontainers.image.vendor=..." \
   --label "org.opencontainers.image.version=1.0" \
   --label "org.opencontainers.image.revision=${CI_COMMIT_SHA}" \
   --label "org.opencontainers.image.created=$(date -u +"%Y-%m-%dT%H:%M:%SZ")" \
   --label "org.opencontainers.image.url=${CI_PROJECT_URL}" \
   --label "org.opencontainers.image.source=$(printf ${CI_REPOSITORY_URL} | sed 's|//.*@|//|')" \
   --label "org.opencontainers.image.documentation=${CI_PROJECT_URL}" \
   --label "org.opencontainers.image.license=MIT" \
   ...
   

3. apt-get update and apt-get install exist two times.
   Reorder the apt-get commands to void duplications and reduce build time.
4. Why is chromium installed?
   It's later uninstalled and obviously no dependency.
5. Don't clone source files in a Dockerfile.
   Sources are cloned outside of the Docker build process and handed over into the Docker build process via
   RUN --mount=type=bind,target=/context:

   RUN --mount=type=bind,target=/context \
       mkdir -p /tools \
    && cp /context/ToolBox.sh /tools/

6. Only copy necessary files into the Docker image. For sure, the Git repository contains unnecessary files.
   Specify a .dockerignore file to reduce the visible files in a Docker build context.
7. At best specify a list of packages to install in an external file, instead of listing individual dependencies in the Dockerfile.

   RUN --mount=type=bind,target=/context \
       apt-get update \
    && xargs --no-run-if-empty --exit --arg-file=/context/Install.packages apt-get install -y --no-install-recommends \
    && rm -rf /var/lib/apt/lists/* \
    && apt-get clean
   

8. When removing chromium and git, the apt caches are not cleaned !
   Run rm -rf /var/lib/apt/lists/* and apt-get clean.

[draw-io-triage-bot]

👋 Thank you for opening this issue!

---

Summary: The user provides a detailed code review of the image-export Dockerfile, identifying multiple issues including outdated labels, redundant apt-get calls, unnecessary chromium install/uninstall, cloning source code inside the build, missing apt cache cleanup, and suggests adopting Docker best practices such as OCI labels, .dockerignore, bind mounts, and external package lists.

---

📝 Additional Information Needed

To help us investigate this more effectively, could you please provide:

• Are you willing to submit a pull request implementing these Dockerfile improvements, or is this primarily a request for the maintainers to address?
• Have you tested a revised Dockerfile locally with these changes to confirm the export server still functions correctly?

---

---

_{🤖 This is an automated response to help with initial triage. A human maintainer will review this issue. If you've provided all the requested information, no further action is needed - we'll get back to you soon!}