-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
159 lines (133 loc) · 6.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# syntax=docker/dockerfile:1.12.1
# Copyright (C) 2023 - present, Juergen Zimmermann, Hochschule Karlsruhe
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
# Aufruf: docker build --tag juergenzimmermann/buch:2024.10.1-bookworm .
# ggf. --progress=plain
# ggf. --no-cache
# Get-Content Dockerfile | docker run --rm --interactive hadolint/hadolint:2.12.1-beta-debian
# Linux: cat Dockerfile | docker run --rm --interactive hadolint/hadolint:2.12.1-beta-debian
# docker network ls
# https://docs.docker.com/engine/reference/builder/#syntax
# https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md
# https://hub.docker.com/r/docker/dockerfile
# https://docs.docker.com/build/building/multi-stage
# https://github.com/textbook/starter-kit/blob/main/Dockerfile
# https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker
# https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html
# ARG: "build-time" Variable
# ENV: "build-time" und "runtime" Variable
ARG NODE_VERSION=23.5.0
# ---------------------------------------------------------------------------------------
# S t a g e d i s t
# ---------------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-bookworm-slim AS dist
# ggf. Python fuer Argon2
# https://packages.debian.org/bookworm/python3.11-minimal
# https://packages.debian.org/trixie/python3.12-minimal
# "python3-dev" enthaelt "multiprocessing"
# "build-essential" enthaelt "make"
RUN <<EOF
# https://explainshell.com/explain?cmd=set+-eux
set -eux
apt-get update
apt-get upgrade --yes
# Debian Bookworm bietet nur Packages fuer Python 3.11; Ubuntu Jammy LTS nur fuer Python 3.10
# https://packages.debian.org/bookworm/python3.11-minimal
# https://packages.debian.org/bookworm/python3.11-dev
# Python 3.12: Uebersetzung des Python-Quellcodes erforderlich
# https://itnixpro.com/how-to-install-python-3-12-on-debian-12debian-11
apt-get install --no-install-recommends --yes python3.11-minimal=3.11.2-6+deb12u4 python3.11-dev=3.11.2-6+deb12u4 build-essential=12.9
ln -s /usr/bin/python3.11 /usr/bin/python3
ln -s /usr/bin/python3.11 /usr/bin/python
npm i -g --no-audit --no-fund npm
EOF
USER node
WORKDIR /home/node
COPY src ./src
# https://docs.docker.com/engine/reference/builder/#run---mounttypebind
RUN --mount=type=bind,source=package.json,target=package.json \
--mount=type=bind,source=package-lock.json,target=package-lock.json \
--mount=type=bind,source=nest-cli.json,target=nest-cli.json \
--mount=type=bind,source=tsconfig.json,target=tsconfig.json \
--mount=type=bind,source=tsconfig.build.json,target=tsconfig.build.json \
--mount=type=cache,target=/root/.npm <<EOF
set -eux
# ci (= clean install) mit package-lock.json
npm ci --no-audit --no-fund
npm run build
EOF
# ------------------------------------------------------------------------------
# S t a g e d e p e n d e n c i e s
# ------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-bookworm-slim AS dependencies
RUN <<EOF
set -eux
apt-get update
apt-get upgrade --yes
# https://packages.debian.org/bookworm/python3.11-minimal
# https://packages.debian.org/bookworm/python3.11-dev
apt-get install --no-install-recommends --yes python3.11-minimal=3.11.2-6+deb12u4 python3.11-dev=3.11.2-6+deb12u4 build-essential=12.9
ln -s /usr/bin/python3.11 /usr/bin/python3
ln -s /usr/bin/python3.11 /usr/bin/python
npm i -g --no-audit --no-fund npm
EOF
USER node
WORKDIR /home/node
RUN --mount=type=bind,source=package.json,target=package.json \
--mount=type=bind,source=package-lock.json,target=package-lock.json \
--mount=type=cache,target=/root/.npm <<EOF
set -eux
# ci (= clean install) mit package-lock.json
# --omit=dev: ohne devDependencies
npm ci --no-audit --no-fund --omit=dev --omit=peer
EOF
# ------------------------------------------------------------------------------
# S t a g e f i n a l
# ------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-bookworm-slim AS final
# Anzeige bei "docker inspect ..."
# https://specs.opencontainers.org/image-spec/annotations
# https://spdx.org/licenses
# MAINTAINER ist deprecated https://docs.docker.com/engine/reference/builder/#maintainer-deprecated
LABEL org.opencontainers.image.title="buch" \
org.opencontainers.image.description="Appserver buch mit Basis-Image Debian Bookworm" \
org.opencontainers.image.version="2024.10.1-bookworm" \
org.opencontainers.image.licenses="GPL-3.0-or-later" \
org.opencontainers.image.authors="[email protected]"
RUN <<EOF
set -eux
apt-get update
apt-get upgrade --yes
# https://github.com/Yelp/dumb-init
# https://packages.debian.org/bookworm/dumb-init
apt-get install --no-install-recommends --yes dumb-init=1.2.5-2
apt-get autoremove --yes
apt-get clean --yes
rm -rf /var/lib/apt/lists/*
rm -rf /tmp/*
EOF
WORKDIR /opt/app
USER node
COPY --chown=node:node package.json .env ./
COPY --from=dependencies --chown=node:node /home/node/node_modules ./node_modules
COPY --from=dist --chown=node:node /home/node/dist ./dist
COPY --chown=node:node src/config/resources ./dist/config/resources
EXPOSE 3000
# Bei CMD statt ENTRYPOINT kann das Kommando bei "docker run ..." ueberschrieben werden
# "Array Syntax" damit auch <Strg>C funktioniert
# https://github.com/Yelp/dumb-init:
# "a simple process supervisor and init system designed to run as PID 1 inside
# minimal container environments (such as Docker)""
ENTRYPOINT ["dumb-init", "/usr/local/bin/node", "dist/main.js"]