This commit is contained in:
Tom Trappmann
@@ -2,8 +2,12 @@
|
|||||||
FROM node:20-alpine AS build
|
FROM node:20-alpine AS build
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
|
# Needed for node-gyp / native deps on Alpine
|
||||||
|
RUN apk add --no-cache python3 make g++ git
|
||||||
|
|
||||||
# Install deps
|
# Install deps
|
||||||
COPY package*.json ./
|
COPY package*.json ./
|
||||||
|
# If you have a package-lock.json, this will be deterministic.
|
||||||
RUN npm ci
|
RUN npm ci
|
||||||
|
|
||||||
# Copy source + build
|
# Copy source + build
|
||||||
@@ -18,13 +22,11 @@ ENV NODE_ENV=production
|
|||||||
ENV PORT=3000
|
ENV PORT=3000
|
||||||
ENV HOST=0.0.0.0
|
ENV HOST=0.0.0.0
|
||||||
|
|
||||||
# Optional: run as non-root
|
|
||||||
RUN addgroup -S nodegroup && adduser -S nodeuser -G nodegroup
|
RUN addgroup -S nodegroup && adduser -S nodeuser -G nodegroup
|
||||||
|
|
||||||
# Copy only the built output
|
|
||||||
COPY --from=build /app/.output ./.output
|
COPY --from=build /app/.output ./.output
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
USER nodeuser
|
USER nodeuser
|
||||||
|
|
||||||
CMD ["node", ".output/server/index.mjs"]
|
CMD ["node", ".output/server/index.mjs"]
|
||||||
|
|||||||
Reference in New Issue
Block a user