Use official node:alpine

[simonepri]

Hello, @Unitech
Check this:
mhart/alpine-node#76
nodejs/docker-node#156

The official one also have less CVE issues (whit the one from @mhart Docker Cloud reports lots of CVE).

Best regards,
Simone

[simonepri]

@Unitech currently :latest intalls node 7 and this will break lots of project based on this image.

What do you think about creating more branches?

Here you can see all nodejs tags available:
https://hub.docker.com/_/node/

My suggestion will be to add these branches:
master -> node:alpine
6.9 -> node:boron-alpine
4.7 -> node:argon-alpine

[Unitech]

@simonepri I just gave you the contributor permission on this repository, feel free to update the branches so we can have different image with different nodejs versions

[simonepri]

@Unitech What you think about the usage of folders instead of branches?
As you can see the official node repo uses folders:
https://github.com/nodejs/docker-node

I think is more clear and maintenable.
What do you think about it?

Because with folder anyone could create a pullrequest in order to add other versions in the future.

[Unitech]

Having multiple branches allow the docker registry to automatically build different Docker images

https://hub.docker.com/r/keymetrics/pm2-docker-alpine/

So keeping that structure is better

[simonepri]

The docker registry is also able to automatically build different docker images using different Dockerfiles (pointing each tag to a different dockerfile) in the repo. In this way you don't have to create multiple unmantained branches

[Unitech]

I did not know! So let's switch to different folders instead of different branches

[simonepri]

Are you sure? Take a look into the docker registry to see how you can do it:
https://docs.docker.com/docker-hub/builds/#/add-and-run-a-new-build
As you can see, you can specify the "Dockerfile" location, so you create different tags on the same branch using different Dockerfiles.

If you agree I will create a pull request with the modifications

[Unitech]

Alright I found the page to edit the build settings
Agreed for the changes

[mhart]

@simonepri would love to know more about this "Docker Cloud reports lots of CVE" claim that you've made?

[mhart]

@simonepri the official Docker image was based off mine – it's the same alpine version and contains the same packages – so I'd be fascinated to know how there's a difference in CVE issues?

(I'm not suggesting to stick with my image btw – please do move to the official one – just concerned about this claim)

[simonepri]

@mhart currently I'm not able to show you it, but on Docker Cloud each time you build your image it has a service that scans the image and reports you if there are CVE.
When I first write that claim I was using this image, then i switched to the official node:alpine and all CVE reported from Docker Cloud disappered.

[mhart]

@simonepri would be great if you could show it to me – just a screenshot or whatever. Just unclear as to whether there's actual CVEs, or just that it couldn't scan it properly because it wasn't a "blessed" image like the official one is.

[simonepri]

@mhart I will do it as soon as possible 👍

[simonepri]

@Unitech sorry I've just pushed the modification to this repo insted on the mine forked one, I've just reverted. I'm going to open a pull request.
Sorry for the trouble.