-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
100 lines (79 loc) · 2.74 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
############################################################################################################
# Stage: prepare a base image with all native utils pre-installed, used both by builder and definitive image
FROM node:20.11.1-alpine3.19 AS nativedeps
RUN apk add --no-cache openssl graphicsmagick
######################################
# Stage: nodejs dependencies and build
FROM nativedeps AS builder
# try to prevent ETIMEDOUT errors
RUN npm config set maxsockets=1
WORKDIR /webapp
ADD package.json .
ADD package-lock.json .
ADD patches patches
# use clean-modules on the same line as npm ci to be lighter in the cache
RUN npm ci && npm install --no-save maildev && \
./node_modules/.bin/clean-modules --yes --exclude mocha/lib/test.js --exclude "**/*.mustache"
# Adding UI files
ADD public public
ADD nuxt.config.js .
ADD config config
ADD contract contract
ADD i18n i18n
# also install deps in types submodule
ADD types types
WORKDIR /webapp
# Build UI
ENV NODE_ENV production
RUN npm run build-types
RUN npm run build
# Adding server files
ADD server server
ADD scripts scripts
# Check quality
ADD .eslintignore .eslintignore
RUN npm run lint
RUN npm audit --omit=dev --audit-level=critical
ADD test test
RUN npm run test
# Cleanup /webapp/node_modules so it can be copied by next stage
RUN npm prune --production
# maildev installed separately to avoid flagging vulnerability https://github.com/advisories/GHSA-vc6q-ccj9-9r89
# not too bug a deal, as it is used only in pre-production
RUN npm install maildev --no-save
RUN rm -rf node_modules/.cache
##################################
# Stage: main nodejs service stage
FROM nativedeps
MAINTAINER "[email protected]"
RUN apk add --no-cache dumb-init
WORKDIR /webapp
# We could copy /webapp whole, but this is better for layering / efficient cache use
COPY --from=builder /webapp/node_modules /webapp/node_modules
COPY --from=builder /webapp/package.json /webapp/package.json
COPY --from=builder /webapp/nuxt-dist /webapp/nuxt-dist
COPY --from=builder /webapp/types /webapp/types
ADD nuxt.config.js nuxt.config.js
ADD i18n i18n
ADD server server
ADD scripts scripts
ADD config/default.js config/
ADD config/production.js config/
ADD config/custom-environment-variables.js config/
ADD contract contract
# Adding licence, manifests, etc.
ADD README.md BUILD.json* ./
ADD LICENSE .
ADD nodemon.json .
# configure node webapp environment
ENV NODE_ENV production
ENV DEBUG db,upgrade*
# the following line would be a good practice
# unfortunately it is a problem to activate now that the service was already deployed
# with volumes belonging to root
#USER node
VOLUME /webapp/data
VOLUME /webapp/security
RUN chmod -R 777 ./nuxt-dist
EXPOSE 8080
CMD ["dumb-init", "node", "--max-http-header-size", "64000", "server"]