28 lines
871 B
Docker
28 lines
871 B
Docker
# ── Stage 1: install production dependencies ──────────────────────────────────
|
|
FROM node:20-alpine AS deps
|
|
|
|
WORKDIR /app
|
|
|
|
COPY package.json package-lock.json* ./
|
|
RUN if [ -f package-lock.json ]; then npm ci --omit=dev; else npm install --omit=dev; fi
|
|
|
|
# ── Stage 2: hardened, minimal runtime ────────────────────────────────────────
|
|
FROM gcr.io/distroless/nodejs20-debian12:nonroot
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
|
|
COPY server ./server
|
|
COPY public ./public
|
|
COPY config ./config
|
|
|
|
ENV NODE_ENV=production
|
|
ENV PORT=8080
|
|
|
|
EXPOSE 8080
|
|
|
|
HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=3 \
|
|
CMD ["/nodejs/bin/node", "server/healthcheck.js"]
|
|
|
|
CMD ["server/index.js"] |