-
-
Notifications
You must be signed in to change notification settings - Fork 285
/
Copy pathDockerfile
44 lines (33 loc) · 1.64 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
FROM node:18-alpine AS base
WORKDIR /app
# ----------------------------------------
# Stage 1: Prepare package.json files
FROM base AS installer
# COPY the whole project to the container
# The following line raises a security hotspot in SonarQube, but it is necessary to copy the whole project to the container
# We can ignore this and deem it as false positive, because this is mainly for local development and testing
# We have manually marked this as safe in SonarQube UI
COPY . .
# Run turbo prune to prune the project down to just package.json files of the project
# This creates a new directory called /out with the following structure:
# /out
# ├── json -> package.json files of the project
# ├── full -> full source code of the project
# └── package-lock.json -> package-lock.json of the project
# We have to specify the package names. Some packages are included as dependencies in others, they will be automatically included
RUN npx [email protected] prune @asyncapi/generator @asyncapi/template-js-websocket-client @asyncapi/generator-components --docker --out-dir /out
# ----------------------------------------
# Stage 2: Install dependencies
FROM base AS final
# Copy package.json files extracted by turbo prune
COPY --from=installer /out/json/ .
COPY --from=installer /out/package-lock.json ./package-lock.json
# Install dependencies only with package.json files to make use of cache
RUN npm ci --ignore-scripts
# Copy the rest of the source code
COPY --from=installer /out/full/ .
# Change ownership of the /app directory to the node user
RUN chown -R node:node /app
# Run the application as a non-root user
USER node
CMD ["npm", "test"]