feat: harden containers and ci

2025-10-16 22:56:33 -05:00
parent c51604fdb7
commit 8ca2756d7b
14 changed files with 293 additions and 17 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,15 +1,29 @@
-FROM node:18-alpine
+# syntax=docker/dockerfile:1.4

+FROM node:18-alpine AS base
 WORKDIR /app
-
 COPY package*.json ./
+
+FROM base AS dev
+ENV NODE_ENV=development
 RUN npm ci
-
 COPY . .
-
-ENV HOST=0.0.0.0 \
-    PORT=3001
-
-EXPOSE 3001
-
+RUN chmod +x docker-entrypoint.sh scripts/wait-for-db.js
+ENTRYPOINT ["./docker-entrypoint.sh"]
 CMD ["npm", "run", "dev"]
+
+FROM base AS prod-deps
+ENV NODE_ENV=production
+RUN npm ci --omit=dev
+
+FROM node:18-alpine AS prod
+WORKDIR /app
+ENV NODE_ENV=production \
+    HOST=0.0.0.0 \
+    PORT=3001
+COPY --from=prod-deps /app/node_modules ./node_modules
+COPY . .
+RUN chmod +x docker-entrypoint.sh scripts/wait-for-db.js
+EXPOSE 3001
+ENTRYPOINT ["./docker-entrypoint.sh"]
+CMD ["node", "src/index.js"]