Add tini as INIT in container. Rewrite server.js
Some checks are pending
Build and Push Docker Image / build-and-push (push) Waiting to run
Some checks are pending
Build and Push Docker Image / build-and-push (push) Waiting to run
This commit is contained in:
parent
a5a0ed828d
commit
72752b1a0b
2 changed files with 282 additions and 147 deletions
57
Dockerfile
57
Dockerfile
|
|
@ -1,48 +1,65 @@
|
|||
# Base minimal Debian
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
# Prevent tzdata prompts
|
||||
# -------- Builder stage --------
|
||||
FROM debian:bookworm-slim AS builder
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Install Node.js, Chromium and minimal runtime libs
|
||||
# Note: chromium package on Debian provides /usr/bin/chromium
|
||||
# Node + build tools for native modules (better-sqlite3)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates curl gnupg \
|
||||
nodejs npm \
|
||||
chromium \
|
||||
# Minimal GUI/Chromium runtime libs often needed by Playwright Chromium
|
||||
libx11-6 libxcomposite1 libxdamage1 libxrandr2 libxkbcommon0 \
|
||||
libgtk-3-0 libnss3 libdrm2 libgbm1 libasound2 fonts-liberation \
|
||||
# Useful for font rendering
|
||||
fonts-dejavu-core \
|
||||
python3 make g++ pkg-config libsqlite3-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# App directory
|
||||
WORKDIR /app
|
||||
|
||||
# Install only production deps
|
||||
# Copy only manifests first to leverage Docker cache
|
||||
COPY package*.json ./
|
||||
|
||||
# Install production deps (build native modules here)
|
||||
ENV CI=true
|
||||
RUN npm ci --omit=dev
|
||||
|
||||
# Copy source
|
||||
COPY . .
|
||||
|
||||
# Security: run as non-root
|
||||
# -------- Runtime stage --------
|
||||
FROM debian:bookworm-slim
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Install tini for proper PID 1 and signal handling
|
||||
# Install Node.js runtime, Chromium and minimal libs
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates curl gnupg \
|
||||
tini \
|
||||
nodejs npm \
|
||||
chromium \
|
||||
libx11-6 libxcomposite1 libxdamage1 libxrandr2 libxkbcommon0 \
|
||||
libgtk-3-0 libnss3 libdrm2 libgbm1 libasound2 fonts-liberation \
|
||||
fonts-dejavu-core \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Copy node_modules and app from builder
|
||||
COPY --from=builder /app/node_modules /app/node_modules
|
||||
COPY --from=builder /app/package*.json /app/
|
||||
COPY . .
|
||||
|
||||
# Security: drop root
|
||||
RUN useradd -ms /bin/bash nodeuser && chown -R nodeuser:nodeuser /app
|
||||
USER nodeuser
|
||||
|
||||
# Environment for service
|
||||
# Environment
|
||||
ENV PORT=3000 \
|
||||
# Ensure Playwright uses system Chromium and does not download browsers
|
||||
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 \
|
||||
PLAYWRIGHT_BROWSERS_PATH=0 \
|
||||
# Explicit executable if needed in code; here server uses default, so optional
|
||||
CHROMIUM_PATH=/usr/bin/chromium
|
||||
CHROMIUM_PATH=/usr/bin/chromium \
|
||||
CACHE_TTL_SECONDS=21600
|
||||
|
||||
# Expose service port
|
||||
EXPOSE 3000
|
||||
|
||||
# Use tini as PID 1 so we don't need `--init`
|
||||
ENTRYPOINT ["/usr/bin/tini", "--"]
|
||||
|
||||
# Start the service
|
||||
CMD ["node", "server.js"]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue