diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 9e46f62..b8627fd 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -3,68 +3,36 @@ ARG NODE_VERSION=20.12.1 ARG PNPM_VERSION=9.0.5 -################################################################################ -# Use node image for base image for all stages. FROM node:${NODE_VERSION}-alpine as base - -# Set working directory for all build stages. WORKDIR /usr/src/app - -# Install pnpm. RUN --mount=type=cache,target=/root/.npm \ npm install -g pnpm@${PNPM_VERSION} -################################################################################ -# Create a stage for installing production dependecies. FROM base as deps - -# Download dependencies as a separate step to take advantage of Docker's caching. -# Leverage a cache mount to /root/.local/share/pnpm/store to speed up subsequent builds. -# Leverage bind mounts to package.json and pnpm-lock.yaml to avoid having to copy them -# into this layer. RUN --mount=type=bind,source=package.json,target=package.json \ --mount=type=bind,source=pnpm-lock.yaml,target=pnpm-lock.yaml \ --mount=type=cache,target=/root/.local/share/pnpm/store \ pnpm install --prod --frozen-lockfile -################################################################################ -# Create a stage for building the application. FROM deps as build - -# Download additional development dependencies before building, as some projects require -# "devDependencies" to be installed to build. If you don't need this, remove this step. RUN --mount=type=bind,source=package.json,target=package.json \ --mount=type=bind,source=pnpm-lock.yaml,target=pnpm-lock.yaml \ --mount=type=cache,target=/root/.local/share/pnpm/store \ pnpm install --frozen-lockfile - -# Copy the rest of the source files into the image. COPY . . -# Run the build script. RUN pnpm run build -################################################################################ -# Create a new stage to run the application with minimal runtime dependencies -# where the necessary files are copied from the build stage. FROM base as final - -# Use production node environment by default. ENV NODE_ENV production -# Run the application as a non-root user. -USER node - -# Copy package.json so that package manager commands can be used. -COPY package.json . - -# Copy the production dependencies from the deps stage and also -# the built application from the build stage into the image. -COPY --from=deps /usr/src/app/node_modules ./node_modules -COPY --from=build /usr/src/app/.next ./.next +# Copy necessary files and directories with correct permissions +COPY --chown=node:node package.json . +COPY --chown=node:node --from=deps /usr/src/app/node_modules ./node_modules +COPY --chown=node:node --from=build /usr/src/app/.next ./.next +COPY --chown=node:node --from=build /usr/src/app/public ./public +# Run the application as a non-root user +USER node -# Expose the port that the application listens on. EXPOSE 3001 - -# Run the application. CMD pnpm start