knee-cola/evidencija-rezija
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e2cfacda87e4da2f341bbe35defa6e9000686fd4
evidencija-rezija/Dockerfile
Knee Cola dedc030384 Replace Alpine with distroless image for production stage 
Switch from node:24-alpine to gcr.io/distroless/nodejs20-debian12:nonroot
for enhanced security and reduced attack surface. Distroless images contain
only runtime dependencies without shell, package managers, or other utilities.

Changes:
- Use distroless nodejs20-debian12:nonroot base image
- Remove manual user creation (use built-in nonroot user)
- Remove RUN commands for directory creation (incompatible with distroless)
- Update file ownership to nonroot:nonroot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-17 14:06:31 +01:00

54 lines
1.6 KiB
Docker
Raw Blame History

# This file is inspired by https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
FROM node:24-alpine AS base
#-----------------------------------------
# STAGE 1: Build the Next.js project
#-----------------------------------------
FROM base AS builder
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add --no-cache libc6-compat
WORKDIR /app
# package.json and package-lock.json
COPY ./package.json ./package-lock.json ./
# installing dependencies
RUN npm i && npm cache clean --force
# copy all the soruce code
COPY . .
# building app
RUN npm run build
#-----------------------------------------
# STAGE 3: Run the Next.js server
#-----------------------------------------
FROM gcr.io/distroless/nodejs20-debian12:nonroot AS production
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/public/* /app/public/
# this file is required for the pdfjs-dist package
COPY --from=builder /app/node_modules/pdfjs-dist/build/pdf.worker.min.mjs /app/public/pdf.worker.min.mjs
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nonroot:nonroot /app/.next/standalone ./
COPY --from=builder --chown=nonroot:nonroot /app/.next/static ./.next/static
USER nonroot
EXPOSE 3000
ENV PORT=3000
# server.js is created by next build from the standalone output
# https://nextjs.org/docs/pages/api-reference/next-config-js/output
CMD ["node", "server.js"]
Reference in New Issue View Git Blame Copy Permalink