40 lines
1.1 KiB
Docker
40 lines
1.1 KiB
Docker
# ═══════════════════════════════════════════════
|
|
# مُصادَق — Multi-stage Docker Build
|
|
# ═══════════════════════════════════════════════
|
|
|
|
# ── Stage 1: Builder ──────────────────────────
|
|
FROM node:20-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
COPY package*.json ./
|
|
RUN npm ci
|
|
|
|
COPY . .
|
|
RUN npm run build
|
|
|
|
# ── Stage 2: Production ──────────────────────
|
|
FROM node:20-alpine AS production
|
|
|
|
# Security: non-root user
|
|
RUN addgroup -g 1001 -S musadaq && \
|
|
adduser -S musadaq -u 1001 -G musadaq
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy only production deps
|
|
COPY package*.json ./
|
|
RUN npm ci --only=production && npm cache clean --force
|
|
|
|
# Copy built application
|
|
COPY --from=builder /app/dist ./dist
|
|
|
|
# Create uploads directory
|
|
RUN mkdir -p /app/uploads && chown -R musadaq:musadaq /app
|
|
|
|
USER musadaq
|
|
|
|
EXPOSE 3300
|
|
|
|
CMD ["node", "dist/main"]
|