-
-
Notifications
You must be signed in to change notification settings - Fork 38
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update to use non-root user and assign appropriate permissions
- Loading branch information
1 parent
60a0f5c
commit b07844b
Showing
1 changed file
with
15 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,31 @@ | ||
FROM node:alpine AS build | ||
FROM node:latest AS build | ||
|
||
WORKDIR /usr/src/bot | ||
|
||
RUN apk add --update alpine-sdk libtool autoconf automake python3 | ||
RUN apt-get update && apt-get install -y build-essential libtool autoconf automake python3 | ||
|
||
COPY package.json ./ | ||
|
||
COPY yarn.lock ./ | ||
|
||
ENV NODE_ENV production | ||
|
||
RUN yarn global add node-gyp | ||
|
||
RUN yarn install | ||
RUN yarn install --production | ||
|
||
FROM node:21.7.2-bookworm-slim | ||
|
||
ENV NODE_ENV production | ||
|
||
RUN apt-get update && apt-get install -y dumb-init | ||
|
||
FROM node:alpine | ||
USER node | ||
|
||
WORKDIR /usr/src/bot | ||
|
||
COPY --from=build /usr/src/bot/node_modules ./node_modules | ||
COPY --chown=node:node --from=build /usr/src/bot/node_modules ./node_modules | ||
|
||
COPY . ./ | ||
COPY --chown=node:node . ./ | ||
|
||
CMD ["node", "bot.js"] | ||
CMD ["dumb-init", "node", "bot.js"] |