g00dvin
72752b1a0b
Some checks are pending
Build and Push Docker Image / build-and-push (push) Waiting to run
65 lines
1.6 KiB
Docker
65 lines
1.6 KiB
Docker
# -------- Builder stage --------
|
|
FROM debian:bookworm-slim AS builder
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Node + build tools for native modules (better-sqlite3)
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates curl gnupg \
|
|
nodejs npm \
|
|
python3 make g++ pkg-config libsqlite3-dev \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy only manifests first to leverage Docker cache
|
|
COPY package*.json ./
|
|
|
|
# Install production deps (build native modules here)
|
|
ENV CI=true
|
|
RUN npm ci --omit=dev
|
|
|
|
# Copy source
|
|
COPY . .
|
|
|
|
# -------- Runtime stage --------
|
|
FROM debian:bookworm-slim
|
|
ENV DEBIAN_FRONTEND=noninteractive
|
|
|
|
# Install tini for proper PID 1 and signal handling
|
|
# Install Node.js runtime, Chromium and minimal libs
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates curl gnupg \
|
|
tini \
|
|
nodejs npm \
|
|
chromium \
|
|
libx11-6 libxcomposite1 libxdamage1 libxrandr2 libxkbcommon0 \
|
|
libgtk-3-0 libnss3 libdrm2 libgbm1 libasound2 fonts-liberation \
|
|
fonts-dejavu-core \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy node_modules and app from builder
|
|
COPY --from=builder /app/node_modules /app/node_modules
|
|
COPY --from=builder /app/package*.json /app/
|
|
COPY . .
|
|
|
|
# Security: drop root
|
|
RUN useradd -ms /bin/bash nodeuser && chown -R nodeuser:nodeuser /app
|
|
USER nodeuser
|
|
|
|
# Environment
|
|
ENV PORT=3000 \
|
|
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 \
|
|
PLAYWRIGHT_BROWSERS_PATH=0 \
|
|
CHROMIUM_PATH=/usr/bin/chromium \
|
|
CACHE_TTL_SECONDS=21600
|
|
|
|
EXPOSE 3000
|
|
|
|
# Use tini as PID 1 so we don't need `--init`
|
|
ENTRYPOINT ["/usr/bin/tini", "--"]
|
|
|
|
# Start the service
|
|
CMD ["node", "server.js"]
|
|
|