41 lines
1.4 KiB
Docker
41 lines
1.4 KiB
Docker
# ── Stage 1: builder ───────────────────────────────────────────────
|
|
FROM node:18-alpine AS builder
|
|
WORKDIR /app
|
|
COPY package.json package-lock.json ./
|
|
COPY prisma ./prisma/
|
|
RUN npm ci --no-audit --no-fund
|
|
RUN npx prisma generate
|
|
|
|
# ── Stage 2: production ────────────────────────────────────────────
|
|
FROM node:18-alpine AS production
|
|
ENV NODE_ENV=production
|
|
WORKDIR /app
|
|
|
|
# Non-root user
|
|
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
|
|
# Production-only npm dependencies
|
|
COPY package.json package-lock.json ./
|
|
RUN npm ci --omit=dev --no-audit --no-fund
|
|
|
|
# Copy generated Prisma client from builder
|
|
COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma
|
|
# Copy prisma CLI so init container can run 'prisma migrate deploy'
|
|
COPY --from=builder /app/node_modules/prisma ./node_modules/prisma
|
|
COPY --from=builder /app/node_modules/.bin/prisma ./node_modules/.bin/prisma
|
|
|
|
# Copy app source + Prisma schema/migrations
|
|
COPY src ./src
|
|
COPY prisma ./prisma
|
|
|
|
# Temp uploads dir (emptyDir volume mounted here in k8s)
|
|
RUN mkdir -p uploads
|
|
|
|
USER appuser
|
|
EXPOSE 3000
|
|
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
|
|
CMD wget -qO- http://localhost:3000/health || exit 1
|
|
|
|
CMD ["node", "src/server.js"]
|