addressed errors from hadolint

apps/schematic/api/Dockerfile

@@ -1,6 +1,6 @@
 FROM tiangolo/uwsgi-nginx-flask:python3.10
 
-# add label 
+# add label
 LABEL org.opencontainers.image.authors='Milen Nikolov <[email protected]>, Andrew Lamb <[email protected]>, Mialy DeFelice <[email protected]>, Gianna Jordan <[email protected]>, Lingling Peng <[email protected]>'
 
 # the environment variables defined here are the default
@@ -13,56 +13,63 @@ ENV PYTHONFAULTHANDLER=1 \
     PIP_DISABLE_PIP_VERSION_CHECK=on \
     PIP_DEFAULT_TIMEOUT=200 \
     POETRY_VERSION=1.3.0 \
-    APP_PARENT_DIR=/app \ 
+    APP_PARENT_DIR=/app \
+    NGINX_CONFIG=/etc/nginx/conf.d \
     APP_DIR=/app/app \
     ROOT=/ \
-    UWSGI_INI=/app/uwsgi.ini \ 
+    UWSGI_INI=/app/uwsgi.ini \
     NGINX_WORKER_PROCESSES=1 \
     VERSION=$TAG
 
 # run open ssl and generate certificate
-RUN apt update \
+RUN apt-get update -qq -y && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get install --no-install-recommends -qq -y \
+      openssl jq \
     && apt-get -y autoclean \
     && apt-get -y autoremove \
-    && rm -rf /var/lib/apt/lists/* \
-    && apt-get update \ 
-    && apt-get install --no-install-recommends -y openssl jq 
+    && rm -rf /var/lib/apt/lists/*
 
 # add dhparam.pem
+# dhparam.pem was used in ssl-params.conf
 COPY dhparam.pem /etc/ssl/dhparam.pem
 
 # copy all nginx config files
-COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf /etc/nginx/conf.d/
+WORKDIR ${NGINX_CONFIG}
+COPY ./self-signed.conf ./ssl-params.conf ./certificate.conf ./
 
 # copy to use custom uwsgi.ini
-COPY uwsgi.ini /app/uwsgi.ini 
+COPY uwsgi.ini /app/uwsgi.ini
 
-# copy files relevant for schematic apis, including uwsgi.ini
-# also install dependencies
-WORKDIR /app/app
+# copy files relevant for schematic apis
 COPY pyproject.toml poetry.lock /app/app/
 COPY ./schematic_api /app/app/schematic_api
 
-RUN pip install --no-cache-dir poetry \
+# install dependencies
+WORKDIR /app/app
+# Use the version of Poetry installed in the dev container.
+# See /workspaces/sage-monorepo/tools/devcontainers/sage/.devcontainer/Dockerfile
+RUN pip install --no-cache-dir poetry==1.6.1 \
   && poetry config --local virtualenvs.create false \
   && poetry run pip install "cython<3.0.0" \
   && poetry run pip install --no-build-isolation pyyaml==5.4.1 \
-  && poetry install --with prod --no-root --no-interaction --no-ansi
-
-# temporary here until schematic allows .synapseCache to a different path
-RUN mkdir -p /root/.synapseCache /app/app/manifests \
-    && echo "This is a test file." > /root/.synapseCache/test.txt \
-    && chmod -R 777 /root /app
+  && poetry install --with prod --no-root --no-interaction --no-ansi \
+  # Update file permission
+  && mkdir /root/.synapseCache /app/app/manifests \
+  # temporary here to ensure .synapseCache is not empty
+  && echo "This is a test file." > /root/.synapseCache/test.txt \
+  # temporary here until we move .synapseCache to a different path
+  && chmod -R 777 /root /app
 
 # Modify entrypoint script to allow SSL private key and certificate to be saved
 WORKDIR ${ROOT}
-COPY uwsgi-nginx-entrypoint.sh entrypoint2.sh
-COPY uwsgi-nginx-entrypoint.sh uwsgi-nginx-entrypoint2.sh
-COPY save_key_certificate.py ./
-
-RUN chmod +x uwsgi-nginx-entrypoint2.sh entrypoint2.sh \
-    && chown -R nginx /uwsgi-nginx-entrypoint2.sh /entrypoint2.sh
+COPY uwsgi-nginx-entrypoint.sh ./entrypoint2.sh
+COPY uwsgi-nginx-entrypoint.sh ./uwsgi-nginx-entrypoint2.sh
+COPY save_key_certificate.py ./save_key_certificate.py
 
+RUN chmod +x uwsgi-nginx-entrypoint2.sh \
+  && chmod +x entrypoint2.sh \
+  && chown -R nginx /uwsgi-nginx-entrypoint2.sh \
+  && chown -R nginx /entrypoint2.sh
 
 WORKDIR ${APP_DIR}