-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
99 lines (75 loc) · 2.54 KB
/
Dockerfile
File metadata and controls
99 lines (75 loc) · 2.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# CodePark - Security-Hardened Dockerfile
# Multi-stage build for optimized and secure container images
# ================================
# Stage 1: Dependencies
# ================================
FROM node:26-alpine AS dependencies
# Install security updates
RUN apk update && apk upgrade && \
apk add --no-cache \
dumb-init \
tini \
&& rm -rf /var/cache/apk/*
# Set working directory
WORKDIR /app
# Copy package files
COPY package*.json ./
# Install production dependencies (lockfile-only) for reproducible builds
RUN npm ci --only=production --ignore-scripts && \
npm cache clean --force
# ================================
# Stage 2: Builder
# ================================
FROM node:26-alpine AS builder
WORKDIR /app
# Copy package files and dependencies from previous stage
COPY package*.json ./
COPY --from=dependencies /app/node_modules ./node_modules
# Copy application source
COPY . .
# Build application (if needed)
# RUN npm run build
# ================================
# Stage 3: Production
# ================================
FROM node:26-alpine AS production
# Install dumb-init and security updates
RUN apk update && apk upgrade && \
apk add --no-cache dumb-init && \
rm -rf /var/cache/apk/*
# Create non-root user for security
RUN addgroup -g 1001 -S nodejs && \
adduser -S nodejs -u 1001
# Set working directory
WORKDIR /app
# Copy dependencies from dependencies stage
COPY --from=dependencies --chown=nodejs:nodejs /app/node_modules ./node_modules
# Copy application files from builder stage
COPY --from=builder --chown=nodejs:nodejs /app ./
# Create necessary directories with correct permissions
RUN mkdir -p logs uploads tmp && \
chown -R nodejs:nodejs /app
# Set environment variables
ENV NODE_ENV=production \
PORT=3000 \
HOST=0.0.0.0
# Expose port
EXPOSE 3000
# Switch to non-root user
USER nodejs
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD node -e "require('http').get('http://localhost:3000/health', (r) => { process.exit(r.statusCode === 200 ? 0 : 1); })"
# Use dumb-init to handle signals properly
ENTRYPOINT ["dumb-init", "--"]
# Start application
CMD ["node", "index.js"]
# ================================
# Metadata
# ================================
LABEL maintainer="SkandaBT" \
description="CodePark - Experimental collaboration platform" \
version="3.0.0-experimental" \
org.opencontainers.image.source="https://github.com/skanda890/CodePark" \
org.opencontainers.image.licenses="MIT" \
security.scan="enabled"