Skip to content
Snippets Groups Projects
Commit dd9bc287 authored by Lukáš Kratochvíl's avatar Lukáš Kratochvíl
Browse files

feat: server Dockerfile - added USER instruction not to run under the root user

parent 13463909
No related branches found
No related tags found
No related merge requests found
#---------- DEVELOPMENT ----------
FROM node:16-alpine AS development
# we do not want to run under the root user
USER node
# install node_modules outside app root in container so local development won't run into a problem of bind-mounting over it with local source code
WORKDIR /usr/src
COPY ["package.json", "package-lock.json", "./"]
COPY --chown=node:node ["package.json", "package-lock.json", "./"]
RUN npm install
# ensures that exactly these executables (from the node_modules folder) are used instead of any other executables which might also be installed on the system inside the Docker image
ENV PATH=/usr/src/node_modules/.bin:$PATH
WORKDIR /usr/src/app
COPY prisma/schema.prisma ./prisma/
COPY --chown=node:node prisma/schema.prisma ./prisma/
RUN npx prisma generate
COPY . .
COPY --chown=node:node . .
CMD ["npm", "run", "start:dev"]
......@@ -22,13 +25,16 @@ CMD ["npm", "run", "start:dev"]
#---------- PRODUCTION ----------
FROM node:16-alpine AS production
# we do not want to run under the root user
USER node
ARG NODE_ENV=production
ENV NODE_ENV=${NODE_ENV}
WORKDIR /usr/src
COPY --from=development /usr/src/package.json ./
COPY --from=development /usr/src/package-lock.json ./
COPY --chown=node:node --from=development /usr/src/package.json ./
COPY --chown=node:node --from=development /usr/src/package-lock.json ./
# install only 'dependencies' and not 'devDependencies'
RUN npm install --omit=dev
# ensures that exactly these executables (from the node_modules folder) are used instead of any other executables which might also be installed on the system inside the Docker image
......@@ -36,9 +42,9 @@ ENV PATH=/usr/src/node_modules/.bin:$PATH
WORKDIR /usr/src/app
COPY prisma/schema.prisma ./prisma/
COPY --chown=node:node prisma/schema.prisma ./prisma/
RUN npx prisma generate
COPY --from=development /usr/src/app/dist ./dist
COPY --chown=node:node --from=development /usr/src/app/dist ./dist
CMD ["npm", "run", "start:prod"]
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment