-
Notifications
You must be signed in to change notification settings - Fork 41
Expand file tree
/
Copy pathDockerfile
More file actions
58 lines (48 loc) · 2.34 KB
/
Dockerfile
File metadata and controls
58 lines (48 loc) · 2.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Keep up to date with Active LTS: https://nodejs.org/en/about/previous-releases
#
# IMPORTANT: keep the 'run' layer below in sync.
FROM node:22@sha256:23c24e85395992be118734a39903e08c8f7d1abc73978c46b6bda90060091a49 AS build
# Create a non-root user to build (principle of least privilege).
WORKDIR /build
RUN groupadd --gid 2002 build && useradd --gid 2002 --uid 2002 --home /build build
RUN chown 2002:2002 /build
USER 2002:2002
# Install only runtime dependencies into a separate directory. This will be copied into the runner
# image.
WORKDIR /build/runtime_dependencies
COPY --chown=2002:2002 package.json yarn.lock ./
RUN yarn install --frozen-lockfile --production
# Copy package.json and yarn.lock in a separate layer from the source code and install the
# dependencies. This allows docker to cache this step if package.json and yarn.lock haven't changed
# from the last docker build, making build times a lot faster.
WORKDIR /build
COPY --chown=2002:2002 package.json yarn.lock ./
RUN yarn install --frozen-lockfile
# Copy the source code and build.
COPY --chown=2002:2002 . .
RUN yarn prisma generate
RUN yarn build
# Start a new container filesystem and copy in just the runtime dependencies and the built
# application.
#
# IMPORTANT: keep the 'build' layer above in sync.
FROM node:22@sha256:23c24e85395992be118734a39903e08c8f7d1abc73978c46b6bda90060091a49 AS run
WORKDIR /bloom_api
# Copy over build artifacts.
COPY --from=build /build/runtime_dependencies/ .
COPY --from=build /build/dist ./dist
# Need to copy the prisma schema file and generated package from `yarn prisma generate`.
# TODO: be explicit about where the client package is generated:
# https://www.prisma.io/docs/orm/prisma-client/setup-and-configuration/generating-prisma-client
COPY --from=build /build/prisma/schema.prisma ./prisma/schema.prisma
COPY --from=build /build/prisma/migrations ./prisma/migrations
COPY --from=build /build/node_modules/.prisma ./node_modules/.prisma
# Make sure directory for csv exports exists.
WORKDIR /bloom_api/src/temp
# Create a non-root user to run (principle of least privilege).
WORKDIR /bloom_api
RUN groupadd --gid 2002 bloom_api && useradd --gid 2002 --uid 2002 --home /bloom_api bloom_api
RUN chown --recursive 2002:2002 /bloom_api
USER 2002:2002
# Run any DB migrations then start the server.
CMD [ "/bin/bash", "-c", "yarn db:migration:run && yarn start:prod" ]