From 274b6d83214ce0b8640755358aa36aaf7e1d0653 Mon Sep 17 00:00:00 2001 From: Ajeet Raina Date: Wed, 21 Jan 2026 23:29:12 +0530 Subject: [PATCH 1/3] Update Dockerfile with secure base image and non-root user - Use node:24-alpine base image - Run as non-root user (node) for security - Create /etc/todos directory with proper permissions --- content/get-started/workshop/02_our_app.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/content/get-started/workshop/02_our_app.md b/content/get-started/workshop/02_our_app.md index 563871f9c233..cc5eb31b5380 100644 --- a/content/get-started/workshop/02_our_app.md +++ b/content/get-started/workshop/02_our_app.md @@ -57,17 +57,19 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te ```dockerfile # syntax=docker/dockerfile:1 - - FROM node:lts-alpine + FROM node:24-alpine WORKDIR /app + COPY package.json yarn.lock ./ + RUN yarn install --production && \ + mkdir -p /etc/todos && chown node:node /etc/todos COPY . . - RUN yarn install --production - CMD ["node", "src/index.js"] + USER node EXPOSE 3000 + CMD ["node", "src/index.js"] ``` - This Dockerfile starts off with a `node:lts-alpine` base image, a - light-weight Linux image that comes with Node.js and the Yarn package + This Dockerfile starts off with a `node:24-alpine` base image, a + light-weight Linux image that comes with Node.js and the YARN package manager pre-installed. It copies all of the source code into the image, installs the necessary dependencies, and starts the application. From 6ed508466d8961a63e9fa84fe36624c5a31e86de Mon Sep 17 00:00:00 2001 From: Ajeet Raina Date: Thu, 22 Jan 2026 00:28:59 +0530 Subject: [PATCH 2/3] Used NPM instead of classic YARN --- content/get-started/workshop/02_our_app.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/get-started/workshop/02_our_app.md b/content/get-started/workshop/02_our_app.md index cc5eb31b5380..afde6a42d560 100644 --- a/content/get-started/workshop/02_our_app.md +++ b/content/get-started/workshop/02_our_app.md @@ -59,8 +59,9 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te # syntax=docker/dockerfile:1 FROM node:24-alpine WORKDIR /app - COPY package.json yarn.lock ./ - RUN yarn install --production && \ + COPY package*.json ./ + RUN npm install --omit=dev && \ + rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx && \ mkdir -p /etc/todos && chown node:node /etc/todos COPY . . USER node @@ -69,7 +70,7 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te ``` This Dockerfile starts off with a `node:24-alpine` base image, a - light-weight Linux image that comes with Node.js and the YARN package + light-weight Linux image that comes with Node.js and the npm package manager pre-installed. It copies all of the source code into the image, installs the necessary dependencies, and starts the application. From 8aa5e684601cb76acbebac3878e8a16698377970 Mon Sep 17 00:00:00 2001 From: "Ajeet Singh Raina, Docker Captain, ARM Innovator" Date: Thu, 22 Jan 2026 12:54:58 +0530 Subject: [PATCH 3/3] Enhance Dockerfile description with detailed points Updated the explanation of the Dockerfile to provide a detailed breakdown of its components and functionality. --- content/get-started/workshop/02_our_app.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/content/get-started/workshop/02_our_app.md b/content/get-started/workshop/02_our_app.md index afde6a42d560..8ea00be34aad 100644 --- a/content/get-started/workshop/02_our_app.md +++ b/content/get-started/workshop/02_our_app.md @@ -69,10 +69,17 @@ To build the image, you'll need to use a Dockerfile. A Dockerfile is simply a te CMD ["node", "src/index.js"] ``` - This Dockerfile starts off with a `node:24-alpine` base image, a - light-weight Linux image that comes with Node.js and the npm package - manager pre-installed. It copies all of the source code into the image, - installs the necessary dependencies, and starts the application. + This Dockerfile: + + - Starts with a `node:24-alpine` base image, a lightweight Linux image that comes with Node.js and npm pre-installed + - Sets `/app` as the working directory for subsequent instructions + - Copies `package.json` and `package-lock.json` first to leverage Docker's layer caching for dependencies + - Installs production dependencies only (`--omit=dev`) + - Removes npm after installation since it's no longer needed at runtime + - Creates the `/etc/todos` directory for the SQLite database with proper ownership + - Copies the application source code + - Switches to the non-root node user for security + - Exposes port `3000` and starts the application 2. Build the image using the following commands: