From be6abd303418b1f7323911156093e25266977e80 Mon Sep 17 00:00:00 2001 From: hailin Date: Sun, 7 Dec 2025 01:17:55 -0800 Subject: [PATCH] fix(blockchain-service): standardize Dockerfile with other services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Use node:20-slim instead of alpine for OpenSSL compatibility - Add startup script with prisma migrate/push - Increase healthcheck start-period to 60s - Add non-root user for security 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .../services/blockchain-service/Dockerfile | 69 +++++++++++++------ 1 file changed, 49 insertions(+), 20 deletions(-) diff --git a/backend/services/blockchain-service/Dockerfile b/backend/services/blockchain-service/Dockerfile index a60837c1..e8d5ac47 100644 --- a/backend/services/blockchain-service/Dockerfile +++ b/backend/services/blockchain-service/Dockerfile @@ -1,54 +1,83 @@ -# Build stage +# ============================================================================= +# Blockchain Service Dockerfile +# ============================================================================= + +# Build stage - use Alpine for smaller build context FROM node:20-alpine AS builder WORKDIR /app # Copy package files COPY package*.json ./ +COPY tsconfig*.json ./ +COPY nest-cli.json ./ + +# Copy Prisma schema COPY prisma ./prisma/ # Install dependencies RUN npm ci -# Generate Prisma client -RUN npx prisma generate +# Generate Prisma client (dummy DATABASE_URL for build time only) +RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate # Copy source code -COPY . . +COPY src ./src -# Build +# Build TypeScript RUN npm run build -# Production stage -FROM node:20-alpine AS production +# Verify build output exists +RUN ls -la dist/ && test -f dist/main.js + +# Production stage - use Debian slim for OpenSSL compatibility +FROM node:20-slim WORKDIR /app -# Install OpenSSL for Prisma and curl for healthcheck -RUN apk add --no-cache openssl curl - -# Copy package files -COPY package*.json ./ -COPY prisma ./prisma/ +# Install OpenSSL and curl for health checks +RUN apt-get update && apt-get install -y --no-install-recommends \ + openssl \ + curl \ + && rm -rf /var/lib/apt/lists/* # Install production dependencies only +COPY package*.json ./ RUN npm ci --only=production -# Generate Prisma client -RUN npx prisma generate +# Copy Prisma schema and generate client +COPY prisma ./prisma/ +RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate -# Copy built application +# Copy built files COPY --from=builder /app/dist ./dist -# Set environment +# Create startup script that runs migrations before starting the app +RUN echo '#!/bin/sh\n\ +set -e\n\ +echo "Running database migrations..."\n\ +npx prisma migrate deploy || npx prisma db push --accept-data-loss\n\ +echo "Starting application..."\n\ +exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh + +# Create non-root user +RUN groupadd -g 1001 nodejs && \ + useradd -u 1001 -g nodejs nestjs + +# Change ownership of app directory +RUN chown -R nestjs:nodejs /app + +# Switch to non-root user +USER nestjs + ENV NODE_ENV=production # Expose port EXPOSE 3012 # Health check -HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ +HEALTHCHECK --interval=30s --timeout=3s --start-period=60s --retries=3 \ CMD curl -f http://localhost:3012/api/v1/health || exit 1 -# Start application with database migration -CMD ["sh", "-c", "npx prisma db push --skip-generate && node dist/main.js"] +# Start service with migration +CMD ["/app/start.sh"]