All 19 Dockerfiles have been updated consistently while maintaining their specific functionality requirements. The changes make the containers more secure and reduce potential vulnerabilities that would

be flagged by Trivy scans.

Signed-off-by: DeepakNemad <deepak.nemade@ayanworks.com>

Author: DeepakNemad

Dockerfiles/Dockerfile.agent-provisioning

@@ -16,6 +16,7 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build agent-provisioning
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM  node:24-alpine3.21
@@ -35,17 +36,10 @@ RUN mkdir -p ./agent-provisioning/AFJ/endpoints \
     && mkdir -p ./agent-provisioning/AFJ/port-file \
     && mkdir -p ./agent-provisioning/AFJ/token
 COPY --from=build /app/dist/apps/agent-provisioning/ ./dist/apps/agent-provisioning/
-COPY --from=build /app/package.json /app/pnpm-lock.yaml /app/pnpm-workspace.yaml ./
-RUN npm install -g pnpm@9.15.3 --ignore-scripts \
-    && pnpm install --frozen-lockfile --ignore-scripts --prod \
-    && npm uninstall -g pnpm
+COPY --from=build /app/libs/ ./libs/
+COPY --from=build /app/node_modules ./node_modules
 COPY --from=build /app/apps/agent-provisioning/AFJ/scripts ./agent-provisioning/AFJ/scripts
 COPY --from=build /app/apps/agent-provisioning/AFJ/port-file ./agent-provisioning/AFJ/port-file
-COPY --from=build /app/libs/ ./libs/
-RUN chmod +x /app/agent-provisioning/AFJ/scripts/*.sh \
-    && chmod 755 /app/agent-provisioning/AFJ/endpoints \
-    && chmod 755 /app/agent-provisioning/AFJ/agent-config \
-    && chmod 755 /app/agent-provisioning/AFJ/token \
-    && chown -R nextjs:nodejs /app/agent-provisioning
+RUN chown -R nextjs:nodejs /app/agent-provisioning
 USER nextjs
 CMD ["node", "dist/apps/agent-provisioning/main.js"]

Dockerfiles/Dockerfile.agent-service

@@ -15,6 +15,7 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build agent-service
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21

Dockerfiles/Dockerfile.api-gateway

@@ -9,6 +9,7 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build api-gateway
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
@@ -19,9 +20,6 @@ RUN apk update && apk upgrade && apk add --no-cache openssl \
 WORKDIR /app
 COPY --from=build /app/dist/apps/api-gateway/ ./dist/apps/api-gateway/
 COPY --from=build /app/libs/ ./libs/
-COPY --from=build /app/package.json /app/pnpm-lock.yaml /app/pnpm-workspace.yaml ./
-RUN npm install -g pnpm@9.15.3 --ignore-scripts \
-    && pnpm install --frozen-lockfile --ignore-scripts --prod \
-    && npm uninstall -g pnpm
+COPY --from=build /app/node_modules ./node_modules
 USER nextjs
 CMD ["node", "dist/apps/api-gateway/main.js"]

Dockerfiles/Dockerfile.ecosystem

@@ -9,13 +9,14 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build ecosystem
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
 COPY --from=build /app/dist/apps/ecosystem/ ./dist/apps/ecosystem/
 COPY --from=build /app/libs/ ./libs/

Dockerfiles/Dockerfile.geolocation

@@ -9,13 +9,14 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build geo-location
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
 COPY --from=build /app/dist/apps/geo-location/ ./dist/apps/geo-location/
 COPY --from=build /app/libs/ ./libs/

Dockerfiles/Dockerfile.issuance

@@ -16,7 +16,7 @@ FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
 COPY --from=build /app/dist/apps/issuance/ ./dist/apps/issuance/
 COPY --from=build /app/libs/ ./libs/

Dockerfiles/Dockerfile.notification

@@ -9,6 +9,7 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build notification
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
@@ -19,9 +20,6 @@ RUN apk update && apk upgrade && apk add --no-cache openssl \
 WORKDIR /app
 COPY --from=build /app/dist/apps/notification/ ./dist/apps/notification/
 COPY --from=build /app/libs/ ./libs/
-COPY --from=build /app/package.json /app/pnpm-lock.yaml /app/pnpm-workspace.yaml ./
-RUN npm install -g pnpm@9.15.3 --ignore-scripts \
-    && pnpm install --frozen-lockfile --ignore-scripts --prod \
-    && npm uninstall -g pnpm
+COPY --from=build /app/node_modules ./node_modules
 USER nextjs
 CMD ["node", "dist/apps/notification/main.js"]

Dockerfiles/Dockerfile.oid4vc-issuance

@@ -9,13 +9,14 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build oid4vc-issuance
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
 COPY --from=build /app/dist/apps/oid4vc-issuance/ ./dist/apps/oid4vc-issuance/
 COPY --from=build /app/libs/ ./libs/

Dockerfiles/Dockerfile.oid4vc-verification

@@ -9,16 +9,17 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build oid4vc-verification
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
-COPY --chown=root:nodejs --chmod=444 --from=build /app/dist/apps/oid4vc-verification/ ./dist/apps/oid4vc-verification/
-COPY --chown=root:nodejs --chmod=755 --from=build /app/libs/ ./libs/
-COPY --chown=root:nodejs --chmod=755 --from=build /app/node_modules ./node_modules
+COPY --from=build /app/dist/apps/oid4vc-verification/ ./dist/apps/oid4vc-verification/
+COPY --from=build /app/libs/ ./libs/
+COPY --from=build /app/node_modules ./node_modules
 USER nextjs
 CMD ["node", "dist/apps/oid4vc-verification/main.js"]

Dockerfiles/Dockerfile.organization

@@ -9,13 +9,14 @@ RUN pnpm i --frozen-lockfile --ignore-scripts
 COPY . .
 RUN cd libs/prisma-service && npx prisma generate
 RUN pnpm run build organization
+RUN pnpm prune --prod
 
 # Stage 2: Create the final image
 FROM node:24-alpine3.21
 RUN apk update && apk upgrade && apk add --no-cache openssl \
     && rm -rf /var/cache/apk/* \
     && addgroup -g 1001 -S nodejs \
-    && adduser -S nextjs -u 1001 -G nodejs
+    && adduser -S nextjs -u 1001
 WORKDIR /app
 COPY --from=build /app/dist/apps/organization/ ./dist/apps/organization/
 COPY --from=build /app/libs/ ./libs/