feat: Optimize Dockerfile (#2337)
* feat: optimize dockerfile
use new dockerfile syntaxes
leverage multi-stage builds
strip yarn cache from image
use stricter yarn install command
run as a non-root user
* fix: mark yarn-deduplicate as a required dep
`yarn --production` will fail on a clean install otherwise
* fix: add sequelize required files for migrations
* fix: use correct ARG syntax for multistage builds
* revert: mark yarn-deduplicate as a required dep
no longer required as of 0b3adad751
This commit is contained in:
parent
c81c9a9d2d
commit
52fc861bcf
52
Dockerfile
52
Dockerfile
|
@ -1,23 +1,49 @@
|
||||||
FROM node:14-alpine
|
# syntax=docker/dockerfile:1.2
|
||||||
|
ARG APP_PATH=/opt/outline
|
||||||
|
FROM node:14-alpine AS deps-common
|
||||||
|
|
||||||
ENV APP_PATH /opt/outline
|
ARG APP_PATH
|
||||||
RUN mkdir -p $APP_PATH
|
WORKDIR $APP_PATH
|
||||||
|
COPY ./package.json ./yarn.lock ./
|
||||||
|
|
||||||
|
# ---
|
||||||
|
FROM deps-common AS deps-dev
|
||||||
|
RUN yarn install --no-optional --frozen-lockfile && \
|
||||||
|
yarn cache clean
|
||||||
|
|
||||||
|
# ---
|
||||||
|
FROM deps-common AS deps-prod
|
||||||
|
RUN yarn install --production=true --frozen-lockfile && \
|
||||||
|
yarn cache clean
|
||||||
|
|
||||||
|
# ---
|
||||||
|
FROM node:14-alpine AS builder
|
||||||
|
|
||||||
|
ARG APP_PATH
|
||||||
WORKDIR $APP_PATH
|
WORKDIR $APP_PATH
|
||||||
|
|
||||||
COPY package.json ./
|
|
||||||
COPY yarn.lock ./
|
|
||||||
|
|
||||||
RUN yarn --pure-lockfile
|
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
|
COPY --from=deps-dev $APP_PATH/node_modules ./node_modules
|
||||||
|
RUN yarn build
|
||||||
|
|
||||||
RUN yarn build && \
|
# ---
|
||||||
yarn --production --ignore-scripts --prefer-offline && \
|
FROM node:14-alpine AS runner
|
||||||
rm -rf shared && \
|
|
||||||
rm -rf app
|
|
||||||
|
|
||||||
|
ARG APP_PATH
|
||||||
|
WORKDIR $APP_PATH
|
||||||
ENV NODE_ENV production
|
ENV NODE_ENV production
|
||||||
CMD yarn start
|
|
||||||
|
COPY --from=builder $APP_PATH/build ./build
|
||||||
|
COPY --from=builder $APP_PATH/server ./server
|
||||||
|
COPY --from=builder $APP_PATH/.sequelizerc ./.sequelizerc
|
||||||
|
COPY --from=deps-prod $APP_PATH/node_modules ./node_modules
|
||||||
|
COPY --from=builder $APP_PATH/package.json ./package.json
|
||||||
|
|
||||||
|
RUN addgroup -g 1001 -S nodejs && \
|
||||||
|
adduser -S nodejs -u 1001 && \
|
||||||
|
chown -R nodejs:nodejs $APP_PATH/build
|
||||||
|
|
||||||
|
USER nodejs
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
CMD ["yarn", "start"]
|
||||||
|
|
Reference in New Issue