first commit
This commit is contained in:
45
Dockerfile
Normal file
45
Dockerfile
Normal file
@@ -0,0 +1,45 @@
|
||||
# --- STAGE 1: Build the application ---
|
||||
FROM node:20-alpine AS builder
|
||||
WORKDIR /app
|
||||
|
||||
# Copy dependency configurations
|
||||
COPY package*.json ./
|
||||
|
||||
# Install all dependencies (including devDependencies needed for building)
|
||||
RUN npm ci
|
||||
|
||||
# Copy the rest of the application source code
|
||||
COPY . .
|
||||
|
||||
# Build the production application
|
||||
RUN npm run build
|
||||
|
||||
# Prune node_modules down to only production requirements
|
||||
RUN npm prune --production
|
||||
|
||||
|
||||
# --- STAGE 2: Run the application ---
|
||||
FROM node:20-alpine AS runner
|
||||
WORKDIR /app
|
||||
|
||||
# Set production configurations
|
||||
ENV NODE_ENV=production
|
||||
ENV PORT=3000
|
||||
|
||||
# Create a secure non-root system user for security hardening
|
||||
RUN addgroup -g 1001 -S nodejs && \
|
||||
adduser -u 1001 -S svelteuser -G nodejs
|
||||
|
||||
# Copy essential production files from the builder stage
|
||||
COPY --from=builder /app/package.json ./package.json
|
||||
COPY --from=builder /app/node_modules ./node_modules
|
||||
COPY --from=builder /app/build ./build
|
||||
|
||||
# Switch execution contexts to the non-root user
|
||||
USER svelteuser
|
||||
|
||||
# Expose target internal application port
|
||||
EXPOSE 3000
|
||||
|
||||
# Fire up the SvelteKit Node cluster server
|
||||
CMD ["node", "build/index.js"]
|
||||
Reference in New Issue
Block a user