FormSG/Dockerfile.base at develop · dylankhoo/FormSG · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# syntax=docker/dockerfile:1

# =============================================================================
# build-base: Full build toolchain with pre-installed node_modules
# =============================================================================
FROM node:22.22.2-alpine3.22 AS build-base
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN npm install -g pnpm@10.30.3

# Install build dependencies (same as Dockerfile.production build stage)
RUN apk upgrade --no-cache && \
    apk --no-cache add --virtual native-deps \
    g++ gcc libgcc libstdc++ linux-headers autoconf automake make nasm python3 git curl \
    build-base cairo-dev pango-dev giflib-dev libjpeg-turbo-dev librsvg-dev && \
    pnpm add -g node-gyp@12.2.0

WORKDIR /build

# Copy only dependency-related files for layer caching
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
COPY apps/backend/package.json ./apps/backend/
COPY packages/shared/package.json ./packages/shared/
COPY packages/sdk/package.json ./packages/sdk/
COPY apps/frontend/package.json ./apps/frontend/

RUN pnpm install --frozen-lockfile --filter "!services/*" --filter "!packages/react-email-preview/*"

# =============================================================================
# runtime-base: Minimal runtime image with system deps and non-root user
# =============================================================================
FROM node:22.22.2-alpine3.22 AS runtime-base
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN npm install -g pnpm@10.30.3

RUN apk upgrade --no-cache && \
    apk add --no-cache \
    nss \
    freetype \
    freetype-dev \
    harfbuzz \
    ca-certificates \
    ttf-freefont \
    tini \
    cairo \
    pango \
    librsvg \
    giflib

# Pre-create non-root user
RUN addgroup -S formsguser && adduser -S -g formsguser formsguser