-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathDockerfile
More file actions
83 lines (63 loc) · 2.51 KB
/
Dockerfile
File metadata and controls
83 lines (63 loc) · 2.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# =============================================================================
# Eagle-API Multi-Stage Dockerfile
# =============================================================================
# Node.js 22 API server for EPIC (Environmental Assessment Office)
#
# Build: docker build -t eagle-api .
# Run: docker run -p 3000:3000 eagle-api
# =============================================================================
# -----------------------------------------------------------------------------
# Stage 1: Dependencies
# -----------------------------------------------------------------------------
FROM node:22-alpine AS base
WORKDIR /app
# Enable Corepack for Yarn
RUN corepack enable
# Copy package files
COPY package.json yarn.lock .yarnrc.yml ./
# Install production dependencies only
RUN yarn install --immutable
# Remove nested test lockfiles that may contain vulnerable dependencies
RUN find ./node_modules -name "package-lock.json" -path "*/test/*" -delete 2>/dev/null || true
# -----------------------------------------------------------------------------
# Stage 2: Production Runtime
# -----------------------------------------------------------------------------
FROM node:22-alpine
# Build arguments for labels
ARG COMMIT_SHA
ARG COMMIT_AUTHOR
ARG COMMIT_TIMESTAMP
ARG COMMIT_MESSAGE
WORKDIR /app
# Labels for image metadata
LABEL commit.id="${COMMIT_SHA}" \
commit.author="${COMMIT_AUTHOR}" \
commit.timestamp="${COMMIT_TIMESTAMP}" \
commit.message="${COMMIT_MESSAGE}" \
app.name="eagle-api" \
app.component="api" \
io.openshift.expose-services="3000:http" \
io.openshift.tags="node,eagle-api,epic"
# Update Alpine packages to latest security patches
RUN apk upgrade --no-cache
# Remove npm to eliminate bundled vulnerabilities (we use Yarn via corepack)
RUN rm -rf /usr/local/lib/node_modules/npm
# Create non-root user for security (OpenShift compatible)
RUN addgroup -g 1001 -S nodejs && \
adduser -S nodejs -u 1001
# Copy production dependencies from base stage
COPY --from=base /app/node_modules ./node_modules
# Copy application source code
COPY --chown=nodejs:nodejs . .
# Create directories with proper permissions
RUN mkdir -p uploads logs && \
chown -R nodejs:nodejs uploads logs
# Switch to non-root user
USER nodejs
# Expose port
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3000/api/docs || exit 1
# Start the application
CMD ["node", "app.js"]