57 lines
1.6 KiB
Docker
57 lines
1.6 KiB
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# Base image (Debian-based for glibc + OpenSSL compatibility)
|
|
FROM node:20-bookworm-slim AS base
|
|
WORKDIR /app
|
|
ENV NODE_ENV=production
|
|
# Install OpenSSL and required certs
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends openssl ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Dependencies stage (install deps and generate Prisma client)
|
|
FROM base AS deps
|
|
COPY package*.json ./
|
|
RUN npm ci --omit=dev && npm cache clean --force
|
|
# Copy prisma schema and generate client (glibc target will be detected)
|
|
COPY prisma ./prisma
|
|
ENV PRISMA_SKIP_POSTINSTALL_GENERATE=true
|
|
RUN npx prisma generate
|
|
|
|
# Build stage (compile TypeScript)
|
|
FROM node:20-bookworm-slim AS build
|
|
WORKDIR /app
|
|
COPY package*.json ./
|
|
RUN npm ci && npm cache clean --force
|
|
COPY tsconfig.json ./
|
|
COPY src ./src
|
|
COPY prisma ./prisma
|
|
RUN npx prisma generate
|
|
RUN npm run build
|
|
|
|
# Runtime image
|
|
FROM node:20-bookworm-slim AS runner
|
|
WORKDIR /app
|
|
ENV NODE_ENV=production
|
|
# Ensure OpenSSL present
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends openssl ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user
|
|
RUN groupadd -r appgroup && useradd -r -g appgroup appuser
|
|
|
|
# Copy node_modules with generated Prisma client
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
# Copy built files
|
|
COPY --from=build /app/dist ./dist
|
|
# Copy package files
|
|
COPY package*.json ./
|
|
|
|
# Create logs directory and set permissions
|
|
RUN mkdir -p logs && chown -R appuser:appgroup logs && chmod -R 755 logs
|
|
|
|
EXPOSE 8080
|
|
USER appuser
|
|
CMD ["node", "dist/app.js"]
|