- For portal and apigw, omit dev dependencies when npm install.

[imda-kwokwk]

Description

Modify Dockerfile and the integration-test.yml GHA to omit dev dependencies when installing packages for portal and apigw.

Motivation and Context

Get rid of vulnerability results caused by dev dependencies as they are not part of the prod build.

[Explain the motivation or the context behind this pull request. Why is it necessary?]

Type of Change

How to Test

Run existing integration tests.

Checklist

Please check all the boxes that apply to this pull request using "x":

• I have tested the changes locally and verified that they work as expected.
• I have added or updated the necessary documentation (README, API docs, etc.).
• I have added appropriate unit tests or functional tests for the changes made.
• I have followed the project's coding conventions and style guidelines.
• I have rebased my branch onto the latest commit of the main branch.
• I have squashed or reorganized my commits into logical units.
• I have added any necessary dependencies or packages to the project's build configuration.
• I have performed a self-review of my own code.
• I have read, understood and agree to the Developer Certificate of Origin below, which this project utilises.

Screenshots (if applicable)

[If the changes involve visual modifications, include screenshots or GIFs that demonstrate the changes.]

Additional Notes

[Add any additional information or context that might be relevant to reviewers.]

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
   have the right to submit it under the open source license
   indicated in the file; or

(b) The contribution is based upon previous work that, to the best
   of my knowledge, is covered under an appropriate open source
   license and I have the right under that license to submit that
   work with modifications, whether created in whole or in part
   by me, under the same open source license (unless I am
   permitted to submit under a different license), as indicated
   in the file; or

(c) The contribution was provided directly to me by some other
   person who certified (a), (b) or (c) and I have not modified
   it.

(d) I understand and agree that this project and the contribution
   are public and that a record of the contribution (including all
   personal information I submit with it, including my sign-off) is
   maintained indefinitely and may be redistributed consistent with
   this project or the open source license(s) involved.

[imda-benedictlee]

Approved

[imda-benedictlee]

SCA Workflow still requires some refactoring. Can ignore SCA Failure.