| # Multi-stage Docker build for size optimization |
| FROM node:alpine AS builder |
| |
| # Set the working directory |
| WORKDIR /app |
| |
| # Copy package files first (for better layer caching) |
| COPY package*.json ./ |
| |
| # Install dependencies (production only) |
| RUN npm ci --only=production |
| |
| # Production stage |
| FROM node:alpine AS production |
| |
| # metadata |
| LABEL maintainer="Marc Kupietz <kupietz@ids-mannheim.de>" |
| |
| # Install minimal runtime dependencies |
| RUN apk add --no-cache --update \ |
| shadow \ |
| && rm -rf /var/cache/apk/* |
| |
| # Add non-root user |
| RUN groupadd -r appuser && useradd -r -g appuser appuser |
| |
| # Set the working directory |
| WORKDIR /app |
| |
| # Copy node_modules from builder |
| COPY --from=builder --chown=appuser:appuser /app/node_modules /app/node_modules |
| |
| # Copy application source |
| COPY --chown=appuser:appuser package.json /app/ |
| COPY --chown=appuser:appuser src /app/src |
| |
| # Copy entry point |
| COPY --chown=appuser:appuser docker-entrypoint.sh /docker-entrypoint.sh |
| RUN chmod +x /docker-entrypoint.sh |
| |
| # Switch to non-root user |
| USER appuser |
| |
| # Define the entry point |
| ENTRYPOINT ["/docker-entrypoint.sh"] |