49 lines
1.3 KiB
Docker
49 lines
1.3 KiB
Docker
FROM node:20-alpine AS build
|
|
|
|
ENV NODE_ENV=production
|
|
|
|
RUN apk add --no-cache python3 make g++
|
|
RUN corepack enable
|
|
|
|
WORKDIR /app
|
|
|
|
COPY package.json pnpm-lock.yaml ./
|
|
RUN corepack prepare pnpm@10.28.0 --activate \
|
|
&& pnpm install --frozen-lockfile --prod \
|
|
&& pnpm store prune
|
|
|
|
COPY . .
|
|
|
|
FROM node:20-alpine
|
|
|
|
ENV NODE_ENV=production
|
|
ENV CHROME_PATH=/usr/bin/chromium-browser
|
|
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
|
|
|
|
RUN apk add --no-cache chromium nss freetype harfbuzz ttf-freefont
|
|
|
|
# Remove npm/corepack to shrink attack surface and avoid bundled CVEs.
|
|
RUN rm -rf /usr/local/lib/node_modules/npm \
|
|
/usr/local/bin/npm \
|
|
/usr/local/bin/npx \
|
|
/usr/local/lib/node_modules/corepack \
|
|
/usr/local/bin/corepack
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=build /app/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
|
|
RUN chmod 755 /usr/local/bin/docker-entrypoint.sh
|
|
|
|
COPY --from=build --chown=node:node /app/package.json /app/package.json
|
|
COPY --from=build --chown=node:node /app/index.js /app/index.js
|
|
COPY --from=build --chown=node:node /app/endpoints /app/endpoints
|
|
COPY --from=build --chown=node:node /app/node_modules /app/node_modules
|
|
|
|
RUN mkdir -p /app/cache && chown -R node:node /app
|
|
|
|
USER node
|
|
|
|
EXPOSE 10000
|
|
|
|
CMD ["/usr/local/bin/docker-entrypoint.sh"]
|