-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
148 lines (118 loc) · 6.2 KB
/
Dockerfile
File metadata and controls
148 lines (118 loc) · 6.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# syntax=docker/dockerfile:1
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
ARG NODE_VERSION=18.18.0
ARG NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
################################################################################
# Use node image for base image for all stages.
FROM node:${NODE_VERSION}-alpine as base
# Set working directory for all build stages.
WORKDIR /usr/src/hostconfig/https
RUN <<EOF
apk update
apk add --no-interactive git
EOF
# RUN <<EOF
# useradd -s /bin/bash -m vscode
# groupadd docker
# usermod -aG docker vscode
# EOF
################################################################################
# Create a stage for installing production dependecies.
FROM base as deps
# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.yarn to speed up subsequent builds.
# Leverage bind mounts to package.json and yarn.lock to avoid having to copy them
# into this layer.
RUN --mount=type=bind,source=package.json,target=package.json \
--mount=type=bind,source=yarn.lock,target=yarn.lock \
--mount=type=bind,source=tsconfig.json,target=tsconfig.json \
--mount=type=bind,source=src/index.ts,target=src/index.ts \
--mount=type=bind,source=src/index.d.ts,target=src/index.d.ts \
--mount=type=bind,source=src/test/healthcheck.ts,target=src/test/healthcheck.ts \
--mount=type=bind,source=src/test/sample.ts,target=src/test/sample.ts \
--mount=type=bind,source=views/error.pug,target=views/error.pug \
--mount=type=bind,source=views/index.pug,target=views/index.pug \
--mount=type=bind,source=views/user.pug,target=views/user.pug \
--mount=type=bind,source=views/layout.pug,target=views/layout.pug \
--mount=type=cache,target=/root/.yarn \
yarn install --frozen-lockfile
RUN --mount=type=bind,source=.certs/CA/CA.key,target=.certs/CA/CA.key \
--mount=type=bind,source=.certs/CA/CA.pem,target=.certs/CA/CA.pem \
--mount=type=bind,source=.certs/CA/localhost/localhost.key,target=.certs/CA/localhost/localhost.key \
--mount=type=bind,source=.certs/CA/localhost/localhost.decrypted.key,target=.certs/CA/localhost/localhost.decrypted.key \
--mount=type=bind,source=.certs/CA/localhost/localhost.ext,target=.certs/CA/localhost/localhost.ext \
--mount=type=bind,source=.certs/CA/localhost/localhost.csr,target=.certs/CA/localhost/localhost.csr \
--mount=type=bind,source=.certs/CA/localhost/localhost.crt,target=.certs/CA/localhost/localhost.crt \
--mount=type=cache,target=/root/.certs \
/bin/cp -rvf .certs node_modules/@hostconfig/.certs
################################################################################
# Create a stage for building the application.
FROM deps as build
# Download additional development dependencies before building, as some projects require
# "devDependencies" to be installed to build. If you don't need this, remove this step.
RUN --mount=type=bind,source=package.json,target=package.json \
--mount=type=bind,source=yarn.lock,target=yarn.lock \
--mount=type=bind,source=tsconfig.json,target=tsconfig.json \
--mount=type=bind,source=src/index.ts,target=src/index.ts \
--mount=type=bind,source=src/index.d.ts,target=src/index.d.ts \
--mount=type=bind,source=src/test/healthcheck.ts,target=src/test/healthcheck.ts \
--mount=type=bind,source=src/test/sample.ts,target=src/test/sample.ts \
--mount=type=bind,source=views/error.pug,target=views/error.pug \
--mount=type=bind,source=views/index.pug,target=views/index.pug \
--mount=type=bind,source=views/user.pug,target=views/user.pug \
--mount=type=bind,source=views/layout.pug,target=views/layout.pug \
--mount=type=cache,target=/root/.yarn \
yarn install --frozen-lockfile
RUN --mount=type=bind,source=.certs/CA/CA.key,target=.certs/CA/CA.key \
--mount=type=bind,source=.certs/CA/CA.pem,target=.certs/CA/CA.pem \
--mount=type=bind,source=.certs/CA/localhost/localhost.key,target=.certs/CA/localhost/localhost.key \
--mount=type=bind,source=.certs/CA/localhost/localhost.decrypted.key,target=.certs/CA/localhost/localhost.decrypted.key \
--mount=type=bind,source=.certs/CA/localhost/localhost.ext,target=.certs/CA/localhost/localhost.ext \
--mount=type=bind,source=.certs/CA/localhost/localhost.csr,target=.certs/CA/localhost/localhost.csr \
--mount=type=bind,source=.certs/CA/localhost/localhost.crt,target=.certs/CA/localhost/localhost.crt \
--mount=type=cache,target=/root/.certs \
/bin/cp -rvf .certs node_modules/@hostconfig/.certs
# Copy the rest of the source files into the image.
COPY . .
COPY views ./views
# Run the build script.
RUN yarn run build
RUN chown node .certs/CA/localhost/localhost.decrypted.key
RUN cp -rvf .certs ./dist/.certs
RUN cp -rvf .certs/CA/localhost/localhost.crt /usr/local/share/ca-certificates/localhost.crt
RUN update-ca-certificates
################################################################################
# Create a new stage to run the application with minimal runtime dependencies
# where the necessary files are copied from the build stage.
FROM base as final
# Don't use production node environment by default - this is set in 'yarn start'
# ENV NODE_ENV production
# Run the application as a non-root user.
USER node
# Copy package.json so that package manager commands can be used.
COPY package.json .
# Copy the production dependencies from the deps stage and also
# the built application from the build stage into the image.
COPY --from=deps /usr/src/hostconfig/https/node_modules ./node_modules
COPY --from=build /usr/src/hostconfig/https/dist ./dist
COPY --from=build /usr/src/hostconfig/https/.certs ./dist/.certs
# Files to be built
COPY tsconfig.json .
COPY src ./src
# COPY test ./test
# COPY views ./views
# check every 30s to ensure this service returns HTTP 200
HEALTHCHECK --interval=30s \
CMD node dist/test/healthcheck.js
# Expose the port that the application listens on.
# Default to port 80 for node, and 9229 and 9230 (tests) for debug
ARG PORT=443
ENV PORT $PORT
EXPOSE $PORT
# 9229 9230
# Run the application.
CMD yarn start
# Alternatively, run the debugger
# CMD yarn dbg