45 lines
1.1 KiB
Docker
45 lines
1.1 KiB
Docker
# --- STAGE 1: Build the application ---
|
|
FROM node:20-alpine AS builder
|
|
WORKDIR /app
|
|
|
|
# Copy dependency configurations
|
|
COPY package*.json ./
|
|
|
|
# Install all dependencies (including devDependencies needed for building)
|
|
RUN npm ci
|
|
|
|
# Copy the rest of the application source code
|
|
COPY . .
|
|
|
|
# Build the production application
|
|
RUN npm run build
|
|
|
|
# Prune node_modules down to only production requirements
|
|
RUN npm prune --production
|
|
|
|
|
|
# --- STAGE 2: Run the application ---
|
|
FROM node:20-alpine AS runner
|
|
WORKDIR /app
|
|
|
|
# Set production configurations
|
|
ENV NODE_ENV=production
|
|
ENV PORT=3000
|
|
|
|
# Create a secure non-root system user for security hardening
|
|
RUN addgroup -g 1001 -S nodejs && \
|
|
adduser -u 1001 -S svelteuser -G nodejs
|
|
|
|
# Copy essential production files from the builder stage
|
|
COPY --from=builder /app/package.json ./package.json
|
|
COPY --from=builder /app/node_modules ./node_modules
|
|
COPY --from=builder /app/build ./build
|
|
|
|
# Switch execution contexts to the non-root user
|
|
USER svelteuser
|
|
|
|
# Expose target internal application port
|
|
EXPOSE 3000
|
|
|
|
# Fire up the SvelteKit Node cluster server
|
|
CMD ["node", "build/index.js"] |