dibbs-query-connector/Dockerfile at main · CDCgov/dibbs-query-connector · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
FROM node:24-alpine AS base

FROM base AS installer

RUN apk update && apk upgrade
RUN apk add --no-cache libc6-compat bash curl

WORKDIR /app
COPY . .

# Download AWS RDS global CA bundle for SSL database connections
RUN curl --fail --show-error -L https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem \
    -o /rds-global-bundle.pem

# Install Flyway and remove JRE directory to force flyway to use the openjdk11 version in the runner
ENV FLYWAY_VERSION=10.19.0
RUN curl -L https://repo1.maven.org/maven2/org/flywaydb/flyway-commandline/${FLYWAY_VERSION}/flyway-commandline-${FLYWAY_VERSION}-linux-x64.tar.gz -o flyway.tar.gz \
    && tar -zxvf flyway.tar.gz \
    && mv flyway-${FLYWAY_VERSION} /flyway \
    && ln -s /flyway/flyway /usr/local/bin/flyway \
    && rm flyway.tar.gz \
    && rm -rf /flyway/jre \
    && chmod +x /flyway/flyway \
    && rm -rf /flyway/drivers/databricks-jdbc-*.jar \
              /flyway/drivers/mssql-jdbc-*.jar \
              /flyway/drivers/snowflake-jdbc-*.jar \
              /flyway/drivers/cassandra/ \
              /flyway/drivers/gcp/

# Build the project
ENV NEXT_TELEMETRY_DISABLED=1
RUN npm ci
RUN npm run build

# Final stage for running the app
FROM base AS runner
WORKDIR /app

RUN apk update && apk upgrade && apk add --no-cache bash openjdk17-jre
# Copy RDS CA bundle for SSL database connections
COPY --from=installer /rds-global-bundle.pem /app/certs/rds-global-bundle.pem
# Copy Flyway from the installer stage
COPY --from=installer /flyway /flyway
RUN chmod +x /flyway/flyway
# Create symlink to run Flyway from anywhere in the container
RUN ln -s /flyway/flyway /usr/local/bin/flyway

# Don't run production as root
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs

# Ensure writable directories
RUN mkdir -p /app /data /logs && \
    chown -R nextjs:nodejs /app /data /logs

# Set hostname to localhost
ENV HOSTNAME="0.0.0.0"

# Copy necessary app files
COPY --from=installer /app/next.config.mjs .
COPY --from=installer /app/package.json .
COPY --from=installer /app/flyway/conf/flyway.conf ../flyway/conf/flyway.conf
COPY --from=installer /app/flyway/sql ../flyway/sql
COPY --from=installer /app/src/app/assets ./.next/server/app/assets

# Automatically leverage output traces to reduce image size
COPY --from=installer --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=installer --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=installer --chown=nextjs:nodejs /app/public ./public
COPY --from=installer --chown=nextjs:nodejs /app/start.sh ./start.sh

RUN mkdir -p .next/static public && \
    chown -R nextjs:nodejs .next/static public

USER nextjs


RUN ls -R
# Set environment variables for Flyway and Node.js telemetry
ENV NEXT_TELEMETRY_DISABLED=1

# Set JAVA_HOME to the OpenJDK version installed by apk for Flyway
ENV JAVA_HOME=/usr/lib/jvm/default-jvm
# Add the OpenJDK to the PATH so the java command is available for Flways
ENV PATH=$JAVA_HOME/bin:$PATH

ENTRYPOINT ["/bin/bash"]
CMD ["/app/start.sh"]