-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.api
72 lines (64 loc) · 3.12 KB
/
Dockerfile.api
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
FROM node:20.11.1-bookworm-slim AS base
WORKDIR /usr/src/app
# https://docs.docker.com/build/cache/#use-the-dedicated-run-cache
RUN \
--mount=type=cache,target=/var/cache/apt \
apt-get update && \
apt-get install tini -y
# node is not designed to be pid 1
# we need something else to be the parent process, and also needs to be able to handle and pass all the signals to the node process => Tini or dumb-init
# need to remap the exit code 143 to 0
# docker run --init uses Tini as well, but not sure if they remap the exit signal.
ENTRYPOINT ["/usr/bin/tini", "-v", "-e", "143", "--"]
# TLDR: the ENTRYPOINT specifies a command that will always be executed when the container starts.
# The CMD specifies arguments that will be fed to the ENTRYPOINT
FROM node:20.11.1-bookworm-slim AS temp_prod_node_deps
WORKDIR /usr/src/app
# create a layer for this specific package.json and package-lock.json so we can use the cache for subsequent layers (when no changes in this layer).
COPY package*.json ./
RUN npm ci --only=production
# need to install deps again, this time dev as well, cause we need the nest-cli in order to build the app. but we don't need the nest-cli in our final image.
FROM node:20.11.1-bookworm-slim AS temp_prod_app_build
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm ci --include=dev
# copy over all app src
COPY . .
RUN npm run build:api
FROM base AS prod
# NOTE: The api app is the only app using this docker file but for now will keep the TARGET_APP argument just in case I get any new ideas.
ARG TARGET_APP="api"
ARG DOWNLOADED_TRACKS_PATH
ARG CONVERTED_TRACKS_PATH
WORKDIR /usr/src/app
ENV NODE_ENV=production
# make the necessary dirs and set the permission to use with the node user
RUN mkdir ${DOWNLOADED_TRACKS_PATH} && \
chown -R node:node ${DOWNLOADED_TRACKS_PATH}
RUN mkdir ${CONVERTED_TRACKS_PATH} && \
chown -R node:node ${CONVERTED_TRACKS_PATH}
# Run the app as a non-root user.
USER node
# while copying, change files' ownership to node user as well
COPY --chown=node:node --from=temp_prod_app_build /usr/src/app/dist/apps/${TARGET_APP} /usr/src/app/dist/apps/${TARGET_APP}
COPY --chown=node:node --from=temp_prod_node_deps /usr/src/app/node_modules /usr/src/app/node_modules
# we want to use execform and not shellform - RUN node blah/blah - which spawns a shell.
# seems like no good easy way to pass the TARGET_APP to the CMD in execform, so for now, will be overriding this where needed later.
# https://github.com/moby/moby/issues/5509
CMD ["node", "dist/apps/api/main"]
FROM base AS dev
ARG TARGET_APP="api"
# our base image is lacking procps which is needed for the nest dev-server
RUN apt-get update && \
apt-get install -y procps
# && rm -rf /var/lib/apt/lists/*
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm ci --include=dev
# copy all app src
COPY . .
# seems like I need to make an env of the arg to be able to pass it to the shell.. fine for now. TODO: revisit later
ENV _internal_TARGET_APP=${TARGET_APP}
# need to run it in a shell in order to be able pass the signals to npm - and be able to terminate the process without waiting for the timeout.
USER node
CMD npm run start:${_internal_TARGET_APP}