Harden the Image

$ SOURCE_DATE_EPOCH=1 GITHUB_SHA="N/A" scripts/docker_build.sh -p linux/amd64 -t 007-alpine-hardening -n
...

$ docker images de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening --format "{{.Repository}}\t{{.Tag}}\t{{.Size}}"
de.sdavids/sdavids-node-docker-image-slimming  007-alpine-hardening   196MB

$ docker run --rm de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening du -hs /usr/bin/node
118.0M /usr/bin/node

$ docker run --rm de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening du -hs /node
6.2M /node

$ docker run --rm de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening du -hs /node/node_modules
6.2M /node/node_modules

$ docker run --rm de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening stat -c "%s" /node/server.mjs
2515

$ docker run --rm de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening ls -A /node
healthcheck.mjs
node_modules
server.mjs
tmp

$ docker image history --format "table {{.Size}}\t{{.CreatedBy}}" de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening
SIZE      CREATED BY
0B        LABEL org.opencontainers.image.licenses=Apac…
0B        HEALTHCHECK &{["CMD-SHELL" "node /node/healt…
0B        CMD ["node" "server.mjs"]
0B        EXPOSE [3000/tcp]
0B        USER node:node
0B        ENV PORT=3000
0B        ENV NODE_ENV=production
16.4kB    COPY --chown=node:node /node ./ # buildkit
6.52MB    COPY --chown=node:node /node/node_modules no…
4.1kB     WORKDIR /node
2.99MB    COPY /usr/lib/libgcc_s.so.1 /usr/lib/libstdc…
124MB     COPY /usr/local/bin/node /usr/bin/ # buildkit
0B        ENV TMPDIR=/node/tmp
1.45MB    RUN /bin/ash -eo pipefail -c echo "https://d…
0B        SHELL [/bin/ash -eo pipefail -c]
0B        CMD ["/bin/sh"]
9.11MB    ADD alpine-minirootfs-3.23.2-x86_64.tar.gz /…

$ printf 'Layer Count: %s\n' "$(docker history de.sdavids/sdavids-node-docker-image-slimming:007-alpine-hardening | tail -n +2 | wc -l | tr -d ' ')"
Layer Count: 17