45 lines
1.3 KiB
Docker
45 lines
1.3 KiB
Docker
# Base image (WACE Docker Hub)
|
|
FROM dockerhub.wace.me/node:20.19-alpine.linux AS base
|
|
WORKDIR /app
|
|
ENV NODE_ENV=production
|
|
# Install OpenSSL, curl (for healthcheck), and required certs
|
|
RUN apk add --no-cache openssl ca-certificates curl
|
|
|
|
# Dependencies stage (install production dependencies)
|
|
FROM base AS deps
|
|
COPY package*.json ./
|
|
RUN npm ci --omit=dev --prefer-offline --no-audit && npm cache clean --force
|
|
|
|
# Build stage (compile TypeScript)
|
|
FROM dockerhub.wace.me/node:20.19-alpine.linux AS build
|
|
WORKDIR /app
|
|
COPY package*.json ./
|
|
RUN npm ci --prefer-offline --no-audit && npm cache clean --force
|
|
COPY tsconfig.json ./
|
|
COPY src ./src
|
|
RUN npm run build
|
|
|
|
# Runtime image - base 이미지 재사용으로 중복 설치 제거
|
|
FROM base AS runner
|
|
ENV NODE_ENV=production
|
|
|
|
# Create non-root user (Alpine 방식)
|
|
RUN addgroup -S appgroup && adduser -S -G appgroup appuser
|
|
|
|
# Copy production node_modules
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
# Copy built files
|
|
COPY --from=build /app/dist ./dist
|
|
# Copy package files
|
|
COPY package*.json ./
|
|
|
|
# 루트 디렉토리만 생성하고 appuser에게 쓰기 권한 부여
|
|
# 하위 디렉토리는 애플리케이션이 런타임에 자동 생성
|
|
RUN mkdir -p logs uploads data && \
|
|
chown -R appuser:appgroup /app && \
|
|
chmod -R 755 /app
|
|
|
|
EXPOSE 3001
|
|
USER appuser
|
|
CMD ["node", "dist/app.js"]
|