49 lines
1.2 KiB
Docker
49 lines
1.2 KiB
Docker
FROM node:20-alpine
|
|
|
|
LABEL maintainer="ITAM Team <devops@itam.local>"
|
|
|
|
# Set production environment
|
|
ENV NODE_ENV=production
|
|
|
|
WORKDIR /app
|
|
|
|
# Install curl for health checks and dumb-init for proper signal handling
|
|
RUN apk add --no-cache curl dumb-init
|
|
|
|
# Copy package files
|
|
COPY package*.json ./
|
|
|
|
# Install production dependencies only
|
|
RUN npm ci --only=production
|
|
|
|
# Copy application code
|
|
COPY server.js ./
|
|
COPY src ./src
|
|
|
|
# Create non-root user 'appuser' with UID 1001 (1000 already in use by node image)
|
|
RUN addgroup -g 1001 appuser && \
|
|
adduser -D -u 1001 -G appuser appuser
|
|
|
|
# Set ownership of application files to appuser
|
|
RUN chown -R appuser:appuser /app
|
|
|
|
# Create logs directory
|
|
RUN mkdir -p /app/logs && \
|
|
chown -R appuser:appuser /app/logs
|
|
|
|
# Switch to non-root user
|
|
USER appuser
|
|
|
|
# Expose port
|
|
EXPOSE 3000
|
|
|
|
# Health check - backend should implement /health endpoint
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
|
|
CMD curl -f http://localhost:3000/health || exit 1
|
|
|
|
# Use dumb-init from PATH to avoid distro-specific absolute path issues
|
|
ENTRYPOINT ["dumb-init", "--"]
|
|
|
|
# Run application
|
|
CMD ["npm", "run", "server"]
|