Egor fureunoir Gorbunov
fb84f1f89b
Fixes: 1) No fixes applied; Extra: 1) Supervisor service configured with environment variables and custom start script; 2) Uses multi-stage build for optimized runtime; 3) Sets up non-root user for security; 4) Exposes port 7777; 5) Depends on app service; 6) Uses default logging config.
38 lines
1.1 KiB
Docker
38 lines
1.1 KiB
Docker
# syntax=docker/dockerfile:1
|
|
FROM node:22-bookworm-slim AS build
|
|
WORKDIR /app
|
|
|
|
ARG EVIBES_BASE_DOMAIN
|
|
ARG EVIBES_PROJECT_NAME
|
|
ENV EVIBES_BASE_DOMAIN=$EVIBES_BASE_DOMAIN
|
|
ENV EVIBES_PROJECT_NAME=$EVIBES_PROJECT_NAME
|
|
|
|
COPY ./supervisor/package.json ./supervisor/package-lock.json ./
|
|
RUN npm ci --include=optional
|
|
|
|
COPY ./supervisor ./
|
|
RUN npm run build
|
|
|
|
FROM node:22-bookworm-slim AS runtime
|
|
WORKDIR /app
|
|
|
|
ENV HOST=0.0.0.0
|
|
ENV PORT=7777
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN addgroup --system --gid 1001 nodeapp \
|
|
&& adduser --system --uid 1001 --ingroup nodeapp --home /home/nodeapp nodeapp
|
|
USER nodeapp
|
|
|
|
COPY --from=build /app/.output/ ./
|
|
|
|
RUN install -d -m 0755 -o nodeapp -g nodeapp /home/nodeapp \
|
|
&& printf '#!/bin/sh\nif [ \"$DEBUG\" = \"1\" ]; then export NODE_ENV=development; else export NODE_ENV=production; fi\nexec node /app/server/index.mjs\n' > /home/nodeapp/start.sh \
|
|
&& chown nodeapp:nodeapp /home/nodeapp/start.sh \
|
|
&& chmod +x /home/nodeapp/start.sh
|
|
|
|
USER nodeapp
|
|
CMD ["sh", "/home/nodeapp/start.sh"]
|