mirror of
https://github.com/stonith404/pingvin-share.git
synced 2024-11-04 23:10:13 +01:00
Run docker container as non root user (#242)
* Run docker container as non root user * Pass UID and GID as a variable + alpine-based image * change apt-get to apk * chore: remove unnecessary packages from Dockerfile * chore: remove unnecessary `chown` --------- Co-authored-by: Elias Schneider <login@eliasschneider.com>
This commit is contained in:
adriadam10
GitHub
parent
3d76e41cd8
commit
3f1d3b7833
23
Dockerfile
23
Dockerfile
@ -1,27 +1,24 @@
|
||||
# Using node slim because prisma ORM needs libc for ARM builds
|
||||
|
||||
# Stage 1: on frontend dependency change
|
||||
FROM node:19-slim AS frontend-dependencies
|
||||
FROM node:19-alpine AS frontend-dependencies
|
||||
WORKDIR /opt/app
|
||||
COPY frontend/package.json frontend/package-lock.json ./
|
||||
RUN npm ci
|
||||
|
||||
# Stage 2: on frontend change
|
||||
FROM node:19-slim AS frontend-builder
|
||||
FROM node:19-alpine AS frontend-builder
|
||||
WORKDIR /opt/app
|
||||
COPY ./frontend .
|
||||
COPY --from=frontend-dependencies /opt/app/node_modules ./node_modules
|
||||
RUN npm run build
|
||||
|
||||
# Stage 3: on backend dependency change
|
||||
FROM node:19-slim AS backend-dependencies
|
||||
FROM node:19-alpine AS backend-dependencies
|
||||
WORKDIR /opt/app
|
||||
COPY backend/package.json backend/package-lock.json ./
|
||||
RUN npm ci
|
||||
|
||||
# Stage 4:on backend change
|
||||
FROM node:19-slim AS backend-builder
|
||||
RUN apt-get update && apt-get install -y openssl
|
||||
FROM node:19-alpine AS backend-builder
|
||||
WORKDIR /opt/app
|
||||
COPY ./backend .
|
||||
COPY --from=backend-dependencies /opt/app/node_modules ./node_modules
|
||||
@ -29,9 +26,14 @@ RUN npx prisma generate
|
||||
RUN npm run build && npm prune --production
|
||||
|
||||
# Stage 5: Final image
|
||||
FROM node:19-slim AS runner
|
||||
FROM node:19-alpine AS runner
|
||||
ENV NODE_ENV=docker
|
||||
RUN apt-get update && apt-get install -y curl openssl
|
||||
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
RUN deluser node
|
||||
RUN adduser -u $UID -g $GID node -D
|
||||
USER node
|
||||
|
||||
WORKDIR /opt/app/frontend
|
||||
COPY --from=frontend-builder /opt/app/public ./public
|
||||
@ -46,8 +48,9 @@ COPY --from=backend-builder /opt/app/prisma ./prisma
|
||||
COPY --from=backend-builder /opt/app/package.json ./
|
||||
|
||||
WORKDIR /opt/app
|
||||
|
||||
EXPOSE 3000
|
||||
HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1
|
||||
|
||||
# HOSTNAME=0.0.0.0 fixes https://github.com/vercel/next.js/issues/51684. It can be removed as soon as the issue is fixed
|
||||
CMD cp -rn /tmp/img /opt/app/frontend/public && HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod
|
||||
CMD cp -rn /tmp/img /opt/app/frontend/public && HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod
|
||||
|
||||
Loading…
Reference in New Issue
Block a user