replace Chromeless with puppeteer

Chromeless has been deprecated for a couple years, the cool kids use
Puppeteer these days.

As an added benefit, this should get rid of all the security alerts
that the old package-lock.json was triggering.

Author: beniwohli

docker/opbeans/rum/Dockerfile

@@ -1,38 +1,50 @@
-FROM node:8-slim
+FROM node:10-slim
 
-RUN apt-get -qq update && apt-get -qq install -y \
-	libgconf-2-4 \
-	apt-transport-https \
-	ca-certificates \
-	curl \
-	gnupg \
-	--no-install-recommends \
-	&& curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
-	&& echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
-	&& apt-get -qq update && apt-get -qq install -y \
-	google-chrome-unstable \
-	--no-install-recommends \
-	&& rm -rf /var/lib/apt/lists/*
+# Install latest chrome dev package and fonts to support major charsets (Chinese, Japanese, Arabic, Hebrew, Thai and a few others)
+# Note: this installs the necessary libs to make the bundled version of Chromium that Puppeteer
+# installs, work.
+RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
+    && sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list' \
+    && apt-get update \
+    && apt-get install -y google-chrome-unstable fonts-ipafont-gothic fonts-wqy-zenhei fonts-thai-tlwg fonts-kacst fonts-freefont-ttf \
+      --no-install-recommends \
+    && rm -rf /var/lib/apt/lists/*
 
-# Add Chrome as a user
-RUN groupadd -r chrome && useradd -r -g chrome -G audio,video chrome \
-	&& mkdir -p /home/chrome && chown -R chrome:chrome /home/chrome
+# If running Docker >= 1.13.0 use docker run's --init arg to reap zombie processes, otherwise
+# uncomment the following lines to have `dumb-init` as PID 1
+ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 /usr/local/bin/dumb-init
+RUN chmod +x /usr/local/bin/dumb-init
+ENTRYPOINT ["dumb-init", "--"]
 
-WORKDIR /home/chrome
+# Uncomment to skip the chromium download when installing puppeteer. If you do,
+# you'll need to launch puppeteer with:
+#     browser.launch({executablePath: 'google-chrome-unstable'})
+# ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
 
-# Run Chrome non-privileged
-USER chrome
+WORKDIR /home/pptruser
 
-# Expose port 9222
-EXPOSE 9222
+# Install puppeteer so it's available in the container.
+RUN npm i puppeteer \
+    # Add user so we don't need --no-sandbox.
+    # same layer as npm install to keep re-chowned files from using up several hundred MBs more space
+    && groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
+    && mkdir -p /home/pptruser/Downloads \
+    && chown -R pptruser:pptruser /home/pptruser
+#    && chown -R pptruser:pptruser /node_modules
 
-COPY package*.json /home/chrome/
+# Run everything after as non-privileged user.
+USER pptruser
+
+
+#CMD ["google-chrome-unstable"]
+
+COPY package*.json /home/pptruser/
 
 RUN npm install
 
-ENV CHROME_PATH=/usr/bin/chromium-browser
+#ENV CHROME_PATH=/usr/bin/chromium-browser
 
-COPY tasks.js /home/chrome/
-COPY processes.config.js /home/chrome/
+COPY tasks.js /home/pptruser/
+COPY processes.config.js /home/pptruser/
 
 CMD ["node_modules/.bin/pm2-docker", "processes.config.js"]