knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ccc690c369fde844b1e1cc12891aa52f0598a9be
evidencija-rezija/mailgun-webhook/Dockerfile
Knee Cola ccc690c369 chore: upgrade Node.js versions and improve Docker security 
- Upgrade email-worker from Node 18 to Node 20
- Update distroless images to nodejs20-debian12:nonroot for both services
- Improves security by running containers as nonroot user

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-07 21:12:20 +01:00

67 lines
1.7 KiB
Docker
Raw Blame History

#--------------------------------------------
# Stage: building TypeScript
#--------------------------------------------
FROM node:20 AS build-stage
ENV WORKDIR=/app
WORKDIR /app
COPY ./package*.json ./
# instaliram pakete
RUN npm i && npm cache clean --force
COPY ./tsconfig.json ./
COPY ./src ./src
RUN npm run build
#--------------------------------------------
# Stage: installing production node_modules
#--------------------------------------------
FROM node:20 AS package-stage
WORKDIR /app
COPY ./package*.json ./
# install ONLY production dependencies
RUN npm i --omit=dev && npm cache clean --force
#--------------------------------------------
# Stage: preparing final image
#--------------------------------------------
FROM gcr.io/distroless/nodejs20-debian12:nonroot AS assembly-stage
WORKDIR /app
ARG PORT
ENV PORT=${PORT}
# (optional) App label to be used in Prometheus (Grafana)
ARG PROMETHEUS_APP_LABEL
ENV PROMETHEUS_APP_LABEL=${PROMETHEUS_APP_LABEL}=${PROMETHEUS_APP_LABEL}
# (optional) Prometheus histogram bucket sizes (grafana)
ARG PROMETHEUS_HISTOGRAM_BUCKETS
ENV PROMETHEUS_HISTOGRAM_BUCKETS=${PROMETHEUS_HISTOGRAM_BUCKETS}=${PROMETHEUS_HISTOGRAM_BUCKETS}
# (optional) enables logging to stdout
ARG DEBUG
ENV DEBUG=${DEBUG}
# copying node_modules
COPY --from=package-stage /app/package*.json ./
COPY --from=package-stage /app/node_modules ./node_modules
# copying built files
COPY --from=build-stage /app/build ./server
# running the server under limited "nobody" user
USER nobody:nobody
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s \
CMD ["/nodejs/bin/node", "./server/healthcheck.js"]
# starting the server
CMD ["./server/entry.js"]
Reference in New Issue View Git Blame Copy Permalink