refactor: run upgrade in dockerfiles to update dependencies (#5508)

chore: Update Dockerfiles to use COPY instead of ADD run apt-get upgrade

- Replaced ADD commands with COPY for better clarity and consistency across Dockerfiles.
- Added apt-get upgrade and clean commands to reduce image size and ensure packages are up to date.
- Updated user creation commands to include necessary cleanup steps.
- Ensured all Dockerfiles follow a similar structure for maintainability.

docker/build_and_push.Dockerfile

@@ -21,6 +21,7 @@ ENV UV_COMPILE_BYTECODE=1
 ENV UV_LINK_MODE=copy
 
 RUN apt-get update \
+    && apt-get upgrade -y \
     && apt-get install --no-install-recommends -y \
     # deps for building python deps
     build-essential \
@@ -29,6 +30,7 @@ RUN apt-get update \
     npm \
     # gcc
     gcc \
+
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/*
 
@@ -41,7 +43,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     --mount=type=bind,source=src/backend/base/pyproject.toml,target=src/backend/base/pyproject.toml \
     uv sync --frozen --no-install-project --no-editable
 
-ADD ./src /app/src
+COPY ./src /app/src
 
 COPY src/frontend /tmp/src/frontend
 WORKDIR /tmp/src/frontend
@@ -52,9 +54,9 @@ RUN --mount=type=cache,target=/root/.npm \
     && rm -rf /tmp/src/frontend
 
 WORKDIR /app
-ADD ./pyproject.toml /app/pyproject.toml
-ADD ./uv.lock /app/uv.lock
-ADD ./README.md /app/README.md
+COPY ./pyproject.toml /app/pyproject.toml
+COPY ./uv.lock /app/uv.lock
+COPY ./README.md /app/README.md
 
 RUN --mount=type=cache,target=/root/.cache/uv \
     uv sync --frozen --no-editable
@@ -65,7 +67,12 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 ################################
 FROM python:3.12.3-slim AS runtime
 
-RUN useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data
+
 COPY --from=builder --chown=1000 /app/.venv /app/.venv
 
 # Place executables in the environment at the front of the path

docker/build_and_push_base.Dockerfile

@@ -22,6 +22,7 @@ ENV UV_COMPILE_BYTECODE=1
 ENV UV_LINK_MODE=copy
 
 RUN apt-get update \
+    && apt-get upgrade -y \
     && apt-get install --no-install-recommends -y \
     # deps for building python deps
     build-essential \
@@ -44,7 +45,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
     cd src/backend/base && uv sync --frozen --no-install-project --no-dev --no-editable
 
-ADD ./src /app/src
+COPY ./src /app/src
 
 COPY src/frontend /tmp/src/frontend
 WORKDIR /tmp/src/frontend
@@ -53,14 +54,14 @@ RUN npm install \
     && cp -r build /app/src/backend/base/langflow/frontend \
     && rm -rf /tmp/src/frontend
 
-ADD ./src/backend/base /app/src/backend/base
+COPY ./src/backend/base /app/src/backend/base
 WORKDIR /app/src/backend/base
 # again we need these because of workspaces
-ADD ./pyproject.toml /app/pyproject.toml
-ADD ./uv.lock /app/uv.lock
-ADD ./src/backend/base/pyproject.toml /app/src/backend/base/pyproject.toml
-ADD ./src/backend/base/uv.lock /app/src/backend/base/uv.lock
-ADD ./src/backend/base/README.md /app/src/backend/base/README.md
+COPY ./pyproject.toml /app/pyproject.toml
+COPY ./uv.lock /app/uv.lock
+COPY ./src/backend/base/pyproject.toml /app/src/backend/base/pyproject.toml
+COPY ./src/backend/base/uv.lock /app/src/backend/base/uv.lock
+COPY ./src/backend/base/README.md /app/src/backend/base/README.md
 RUN --mount=type=cache,target=/root/.cache/uv \
     uv sync --frozen --no-dev --no-editable
 
@@ -70,7 +71,11 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 ################################
 FROM python:3.12.3-slim AS runtime
 
-RUN useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data
 # and we use the venv at the root because workspaces
 COPY --from=builder --chown=1000 /app/.venv /app/.venv
 

docker/build_and_push_ep.Dockerfile

@@ -21,6 +21,7 @@ ENV UV_COMPILE_BYTECODE=1
 ENV UV_LINK_MODE=copy
 
 RUN apt-get update \
+    && apt-get upgrade -y \
     && apt-get install --no-install-recommends -y \
     # deps for building python deps
     build-essential \
@@ -41,7 +42,7 @@ RUN --mount=type=cache,target=/root/.cache/uv \
     --mount=type=bind,source=src/backend/base/pyproject.toml,target=src/backend/base/pyproject.toml \
     uv sync --frozen --no-install-project --no-editable
 
-ADD ./src /app/src
+COPY ./src /app/src
 
 COPY src/frontend /tmp/src/frontend
 WORKDIR /tmp/src/frontend
@@ -52,9 +53,9 @@ RUN --mount=type=cache,target=/root/.npm \
     && rm -rf /tmp/src/frontend
 
 WORKDIR /app
-ADD ./pyproject.toml /app/pyproject.toml
-ADD ./uv.lock /app/uv.lock
-ADD ./README.md /app/README.md
+COPY ./pyproject.toml /app/pyproject.toml
+COPY ./uv.lock /app/uv.lock
+COPY ./README.md /app/README.md
 
 RUN --mount=type=cache,target=/root/.cache/uv \
     uv sync --frozen --no-editable
@@ -65,8 +66,13 @@ RUN --mount=type=cache,target=/root/.cache/uv \
 ################################
 FROM python:3.12.3-slim AS runtime
 
-RUN useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data && \
-    mkdir /data && chown -R 1000:0 /data
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y curl \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && useradd user -u 1000 -g 0 --no-create-home --home-dir /app/data \
+    && mkdir /data && chown -R 1000:0 /data
 
 COPY --from=builder --chown=1000 /app/.venv /app/.venv
 

docker/cdk.Dockerfile

@@ -3,7 +3,11 @@ FROM --platform=linux/amd64 python:3.10-slim
 WORKDIR /app
 
 # Install Poetry
-RUN apt-get update && apt-get install gcc g++ curl build-essential postgresql-server-dev-all -y
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install gcc g++ curl build-essential postgresql-server-dev-all -y \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
 RUN curl -sSL https://install.python-poetry.org | python3 -
 # # Add Poetry to PATH
 ENV PATH="${PATH}:/root/.local/bin"

docker/dev.Dockerfile

@@ -3,7 +3,9 @@ ENV TZ=UTC
 
 WORKDIR /app
 
-RUN apt-get update && apt-get install -y \
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y \
     build-essential \
     curl \
     npm \