Skip to content

Commit

Permalink
build: use a base image for Docker builds
Browse files Browse the repository at this point in the history
Split the Docker build into three stages:
1. base image: Node 20 Alpine with the build environment, package files, Yarn and Lerna config.
1. builder image: bootstraps the project and root apps from the base image.
1. runner image: installs only production dependencies and runs the built apps from the `builder` image. This is the image that's deployed to Kubernetes.

Run the Next.js apps as the `node` user, to secure the apps in production.
  • Loading branch information
eatyourgreens committed Dec 5, 2024
1 parent ebfab6f commit 39e0c0e
Showing 1 changed file with 13 additions and 36 deletions.
49 changes: 13 additions & 36 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM node:20-alpine AS builder
FROM node:20-alpine AS base

ARG COMMIT_ID
ENV COMMIT_ID=$COMMIT_ID
Expand All @@ -18,31 +18,27 @@ ENV APP_ENV=$APP_ENV

ENV NEXT_TELEMETRY_DISABLED=1

ARG CONTENTFUL_ACCESS_TOKEN

ARG CONTENTFUL_SPACE_ID

ARG SENTRY_AUTH_TOKEN

RUN mkdir -p /usr/src

WORKDIR /usr/src/

ADD package.json /usr/src/
RUN chown -R node:node .

COPY .yarn /usr/src/.yarn
ONBUILD COPY --chown=node:node package.json yarn.lock lerna.json .yarnrc /usr/src/

ADD .yarnrc /usr/src/
ONBUILD COPY --chown=node:node .yarn /usr/src/.yarn

ADD lerna.json /usr/src/
ONBUILD USER node

COPY ./packages /usr/src/packages
FROM base AS builder

ADD yarn.lock /usr/src/
ARG CONTENTFUL_ACCESS_TOKEN

RUN chown -R node:node .
ARG CONTENTFUL_SPACE_ID

USER node
ARG SENTRY_AUTH_TOKEN

COPY --chown=node:node ./packages /usr/src/packages

RUN --mount=type=cache,id=fem-builder-yarn,uid=1000,gid=1000,target=/home/node/.yarn YARN_CACHE_FOLDER=/home/node/.yarn yarn install --production=false --frozen-lockfile --ignore-scripts
RUN --mount=type=cache,id=fem-builder-yarn,uid=1000,gid=1000,target=/home/node/.yarn YARN_CACHE_FOLDER=/home/node/.yarn yarn workspace @zooniverse/react-components build:es6
Expand All @@ -55,28 +51,9 @@ RUN --mount=type=cache,id=fem-builder-yarn,uid=1000,gid=1000,target=/home/node/.
RUN echo $COMMIT_ID > /usr/src/packages/app-root/public/commit_id.txt
RUN --mount=type=cache,id=fem-builder-yarn,uid=1000,gid=1000,target=/home/node/.yarn YARN_CACHE_FOLDER=/home/node/.yarn yarn workspace @zooniverse/fe-root build

FROM node:20-alpine AS runner

ARG NODE_ENV=production
ENV NODE_ENV=$NODE_ENV

RUN mkdir -p /usr/src

WORKDIR /usr/src/

RUN chown -R node:node .

USER node

COPY --from=builder /usr/src/package.json /usr/src/package.json

COPY --from=builder /usr/src/.yarn /usr/src/.yarn

COPY --from=builder /usr/src/.yarnrc /usr/src/.yarnrc

COPY --from=builder /usr/src/packages ./packages
FROM base AS runner

COPY --from=builder /usr/src/yarn.lock /usr/src/yarn.lock
COPY --from=builder --chown=node:node /usr/src/packages ./packages

RUN --mount=type=cache,id=fem-runner-yarn,uid=1000,gid=1000,target=/home/node/.yarn YARN_CACHE_FOLDER=/home/node/.yarn yarn install --production --frozen-lockfile --ignore-scripts --prefer-offline

Expand Down

0 comments on commit 39e0c0e

Please sign in to comment.