FROM node:20.19.5-bookworm-slim AS deps WORKDIR /app COPY package.json pnpm-lock.yaml ./ RUN node -e "const fs = require('fs'); const pkg = JSON.parse(fs.readFileSync('package.json', 'utf8')); pkg.pnpm = pkg.pnpm || {}; pkg.pnpm.overrides = { ...(pkg.pnpm.overrides || {}), 'basic-ftp': '5.3.0', 'path-to-regexp': '8.4.0', 'qs': '6.14.2' }; fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');" \ && corepack enable \ && corepack prepare pnpm@10.33.2 --activate \ && pnpm install --no-frozen-lockfile --prod \ && pnpm store prune FROM node:20.19.5-bookworm-slim ENV NODE_ENV=production RUN savedAptMark="$(apt-mark showmanual)" \ && apt-get update \ && apt-get upgrade -y \ && apt-get install -y --no-install-recommends \ ca-certificates \ fonts-liberation \ gnupg \ wget \ xvfb \ && wget -qO- https://dl.google.com/linux/linux_signing_key.pub \ | gpg --dearmor -o /usr/share/keyrings/google-linux-signing-keyring.gpg \ && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] https://dl.google.com/linux/chrome/deb/ stable main" \ > /etc/apt/sources.list.d/google-chrome.list \ && apt-get update \ && apt-get install -y --no-install-recommends google-chrome-stable \ && [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark \ && apt-mark manual ca-certificates fonts-liberation google-chrome-stable xvfb \ && rm -f /etc/apt/sources.list.d/google-chrome.list /usr/share/keyrings/google-linux-signing-keyring.gpg \ && rm -rf /var/lib/apt/lists/* RUN useradd --create-home --home-dir /app --shell /bin/sh appuser WORKDIR /app COPY docker-entrypoint.sh /usr/local/bin/ RUN chmod 755 /usr/local/bin/docker-entrypoint.sh COPY --from=deps --chown=appuser:appuser /app/node_modules ./node_modules COPY --chown=appuser:appuser package.json ./ COPY --chown=appuser:appuser . . RUN rm -rf /usr/local/lib/node_modules/npm \ && rm -f /usr/local/bin/npm /usr/local/bin/npx /usr/local/bin/corepack USER appuser EXPOSE 10000 CMD ["/usr/local/bin/docker-entrypoint.sh"]