fix(mining-admin-service): 优化Dockerfile使用--chown避免chown -R
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
0467e17032
commit
81f8422758
|
|
@ -6,55 +6,63 @@
|
|||
FROM node:20-alpine AS builder
|
||||
WORKDIR /app
|
||||
|
||||
# 安装必要的构建工具
|
||||
RUN apk add --no-cache python3 make g++
|
||||
|
||||
# 复制依赖文件
|
||||
COPY package.json package-lock.json ./
|
||||
|
||||
# 安装所有依赖(包括 devDependencies)
|
||||
RUN npm ci
|
||||
COPY package*.json ./
|
||||
COPY tsconfig*.json ./
|
||||
|
||||
# 复制 Prisma schema
|
||||
COPY prisma ./prisma/
|
||||
|
||||
# 安装所有依赖
|
||||
RUN npm ci
|
||||
|
||||
# 生成 Prisma Client
|
||||
RUN npx prisma generate
|
||||
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
|
||||
|
||||
# 复制源代码
|
||||
COPY . .
|
||||
COPY src ./src
|
||||
|
||||
# 构建应用
|
||||
RUN npm run build
|
||||
|
||||
# 阶段2: 生产运行
|
||||
FROM node:20-alpine AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV=production
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
# 安装必要的运行时依赖
|
||||
RUN apk add --no-cache curl tzdata
|
||||
|
||||
# 创建非 root 用户
|
||||
RUN addgroup --system --gid 1001 nodejs && \
|
||||
adduser --system --uid 1001 nestjs
|
||||
adduser --system --uid 1001 -G nodejs nestjs
|
||||
|
||||
# 安装运行时依赖
|
||||
RUN apk add --no-cache curl tzdata
|
||||
|
||||
# 创建 app 目录并设置所有权
|
||||
RUN mkdir -p /app && chown nestjs:nodejs /app
|
||||
WORKDIR /app
|
||||
|
||||
# 切换到非 root 用户
|
||||
USER nestjs
|
||||
|
||||
# 复制依赖文件并安装生产依赖
|
||||
COPY package.json package-lock.json ./
|
||||
COPY --chown=nestjs:nodejs package*.json ./
|
||||
RUN npm ci --only=production && npm cache clean --force
|
||||
|
||||
# 复制 Prisma schema 并生成 client
|
||||
COPY prisma ./prisma/
|
||||
RUN npx prisma generate
|
||||
COPY --chown=nestjs:nodejs prisma ./prisma/
|
||||
RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
|
||||
|
||||
# 复制构建产物
|
||||
COPY --from=builder /app/dist ./dist
|
||||
COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
|
||||
|
||||
# 设置权限
|
||||
RUN chown -R nestjs:nodejs /app
|
||||
USER nestjs
|
||||
# 创建启动脚本
|
||||
RUN echo '#!/bin/sh\n\
|
||||
set -e\n\
|
||||
echo "Running database migrations..."\n\
|
||||
npx prisma migrate deploy\n\
|
||||
echo "Starting application..."\n\
|
||||
exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
|
||||
|
||||
ENV NODE_ENV=production
|
||||
ENV TZ=Asia/Shanghai
|
||||
|
||||
# 暴露端口
|
||||
EXPOSE 3023
|
||||
|
|
@ -64,4 +72,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
|
|||
CMD curl -f http://localhost:3023/health || exit 1
|
||||
|
||||
# 启动应用
|
||||
CMD ["node", "dist/main.js"]
|
||||
CMD ["/app/start.sh"]
|
||||
|
|
|
|||
Loading…
Reference in New Issue