Skip to content

Commit

Permalink
improve Dockerfile
Browse files Browse the repository at this point in the history
compose file should maybe make it run as readonly container, also dependabot for the dockjer tags would be a good idea

Signed-off-by: Zoey <[email protected]>
  • Loading branch information
Zoey2936 authored Sep 12, 2024
1 parent 2e5014e commit 7b7d2c7
Showing 1 changed file with 21 additions and 23 deletions.
44 changes: 21 additions & 23 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,27 +1,25 @@
# syntax=docker/dockerfile:latest
# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
# SPDX-License-Identifier: AGPL-3.0-or-later

ARG NODE_VERSION=20

FROM node:${NODE_VERSION}-alpine

ENV NODE_ENV production

WORKDIR /usr/src/app

RUN --mount=type=bind,source=package.json,target=package.json \
--mount=type=bind,source=package-lock.json,target=package-lock.json \
--mount=type=cache,target=/root/.npm \
npm ci --omit=dev

# Run the application as a non-root user.
USER node

# Copy the rest of the source files into the image.
COPY . .

# Expose the port that the application listens on.
FROM node:20.17.0-alpine3.20 AS build
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
ARG NODE_ENV=production
COPY . /app
WORKDIR /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates && \
npm install --global clean-modules && \
npm clean-install && \
clean-modules --yes && \
npm cache clean --force

FROM node:20.17.0-alpine3.20
COPY --from=build --chown=nobody:nobody /app /app
WORKDIR /app
RUN apk upgrade --no-cache -a && \
apk add --no-cache ca-certificates tzdata netcat-openbsd
USER nobody
EXPOSE 3002

# Run the application.
CMD node websocket_server/server.js
ENTRYPOINT ["npm", "run", "server:start"]
HEALTHCHECK CMD nc -z 127.0.0.1 3002 || exit 1

0 comments on commit 7b7d2c7

Please sign in to comment.