generated from samialdury/nodejs-project
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
129 lines (90 loc) · 3.85 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
ARG NODE_VERSION=20
ARG TINI_VERSION="v0.19.0"
ARG WORK_DIR="/app"
ARG COMMIT_SHA="unknown"
ARG LOG_LEVEL="info"
ARG PROJECT_NAME="nodejs-api"
ARG ENV="prod"
ARG PORT=8080
################################################################
# #
# Prepare alpine image #
# #
################################################################
FROM node:${NODE_VERSION}-alpine as node-alpine
ARG TINI_VERSION
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static /tini
RUN chmod +x /tini
RUN apk --no-cache add curl
RUN curl -sf https://gobinaries.com/tj/node-prune | sh
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable
################################################################
# #
# Prepare distroless image #
# #
################################################################
FROM gcr.io/distroless/nodejs${NODE_VERSION}-debian12:nonroot as node-distroless
################################################################
# #
# Install all dependencies and build TypeScript #
# #
################################################################
FROM node-alpine as build-js
ARG WORK_DIR
WORKDIR ${WORK_DIR}
# pnpm fetch does require only lockfile
COPY pnpm-lock.yaml pnpm-lock.yaml
# If you patched any package, include patches before running pnpm fetch
RUN pnpm fetch
COPY package.json package.json
COPY tsconfig.base.json tsconfig.base.json
COPY tsconfig.prod.json tsconfig.prod.json
COPY src src
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --offline --frozen-lockfile
RUN ./node_modules/.bin/tsc --project ./tsconfig.prod.json
################################################################
# #
# Install only production dependencies & prune unused files #
# #
################################################################
FROM node-alpine as install-prod-deps
ARG WORK_DIR
WORKDIR ${WORK_DIR}
ENV NODE_ENV="production"
# pnpm fetch does require only lockfile
COPY --from=build-js ${WORK_DIR}/pnpm-lock.yaml pnpm-lock.yaml
# If you patched any package, include patches before running pnpm fetch
RUN pnpm fetch --prod
COPY --from=build-js ${WORK_DIR}/package.json package.json
RUN --mount=type=cache,id=pnpm,target=/pnpm/store pnpm install --offline --frozen-lockfile --prod
RUN node-prune
################################################################
# #
# Copy only necessary data for runtime #
# #
################################################################
FROM node-distroless as final
ARG WORK_DIR
ARG COMMIT_SHA
ARG LOG_LEVEL
ARG PROJECT_NAME
ARG PORT
ARG ENV
WORKDIR ${WORK_DIR}
ENV NODE_OPTIONS="--enable-source-maps"
ENV NODE_ENV="production"
ENV COMMIT_SHA=${COMMIT_SHA}
ENV LOG_LEVEL=${LOG_LEVEL}
ENV PROJECT_NAME=${PROJECT_NAME}
ENV PORT=${PORT}
ENV ENV=${ENV}
COPY --from=node-alpine --chown=nonroot:nonroot /tini /tini
COPY --from=build-js --chown=nonroot:nonroot ${WORK_DIR}/package.json package.json
COPY --from=build-js --chown=nonroot:nonroot ${WORK_DIR}/build build
COPY --from=install-prod-deps --chown=nonroot:nonroot ${WORK_DIR}/node_modules node_modules
USER nonroot:nonroot
ENTRYPOINT ["/tini", "--"]
EXPOSE ${PORT}
CMD ["/nodejs/bin/node", "./build/src/main.js"]