fix(2.0-services): 优化所有Dockerfile使用--chown避免chown -R

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

backend/services/auth-service/Dockerfile

@@ -6,43 +6,50 @@
 FROM node:20-alpine AS builder
 WORKDIR /app
 
-RUN apk add --no-cache python3 make g++
+COPY package*.json ./
-
+COPY tsconfig*.json ./
-COPY package.json package-lock.json ./
-RUN npm ci
-
 COPY prisma ./prisma/
-RUN npx prisma generate
 
-COPY . .
+RUN npm ci
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
+
+COPY src ./src
 RUN npm run build
 
 # 阶段2: 生产运行
 FROM node:20-alpine AS runner
-WORKDIR /app
 
-ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && \
-ENV TZ=Asia/Shanghai
+    adduser --system --uid 1001 -G nodejs nestjs
 
 RUN apk add --no-cache curl tzdata
 
-RUN addgroup --system --gid 1001 nodejs && \
+RUN mkdir -p /app && chown nestjs:nodejs /app
-    adduser --system --uid 1001 nestjs
+WORKDIR /app
 
-COPY package.json package-lock.json ./
+USER nestjs
+
+COPY --chown=nestjs:nodejs package*.json ./
 RUN npm ci --only=production && npm cache clean --force
 
-COPY prisma ./prisma/
+COPY --chown=nestjs:nodejs prisma ./prisma/
-RUN npx prisma generate
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
 
-COPY --from=builder /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
 
-RUN chown -R nestjs:nodejs /app
+RUN echo '#!/bin/sh\n\
-USER nestjs
+set -e\n\
+echo "Running database migrations..."\n\
+npx prisma migrate deploy\n\
+echo "Starting application..."\n\
+exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
+
+ENV NODE_ENV=production
+ENV TZ=Asia/Shanghai
 
 EXPOSE 3024
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
     CMD curl -f http://localhost:3024/api/v2/health || exit 1
 
-CMD ["node", "dist/main.js"]
+CMD ["/app/start.sh"]

backend/services/contribution-service/Dockerfile

@@ -6,43 +6,50 @@
 FROM node:20-alpine AS builder
 WORKDIR /app
 
-RUN apk add --no-cache python3 make g++
+COPY package*.json ./
-
+COPY tsconfig*.json ./
-COPY package.json package-lock.json ./
-RUN npm ci
-
 COPY prisma ./prisma/
-RUN npx prisma generate
 
-COPY . .
+RUN npm ci
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
+
+COPY src ./src
 RUN npm run build
 
 # 阶段2: 生产运行
 FROM node:20-alpine AS runner
-WORKDIR /app
 
-ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && \
-ENV TZ=Asia/Shanghai
+    adduser --system --uid 1001 -G nodejs nestjs
 
 RUN apk add --no-cache curl tzdata
 
-RUN addgroup --system --gid 1001 nodejs && \
+RUN mkdir -p /app && chown nestjs:nodejs /app
-    adduser --system --uid 1001 nestjs
+WORKDIR /app
 
-COPY package.json package-lock.json ./
+USER nestjs
+
+COPY --chown=nestjs:nodejs package*.json ./
 RUN npm ci --only=production && npm cache clean --force
 
-COPY prisma ./prisma/
+COPY --chown=nestjs:nodejs prisma ./prisma/
-RUN npx prisma generate
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
 
-COPY --from=builder /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
 
-RUN chown -R nestjs:nodejs /app
+RUN echo '#!/bin/sh\n\
-USER nestjs
+set -e\n\
+echo "Running database migrations..."\n\
+npx prisma migrate deploy\n\
+echo "Starting application..."\n\
+exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
+
+ENV NODE_ENV=production
+ENV TZ=Asia/Shanghai
 
 EXPOSE 3020
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
     CMD curl -f http://localhost:3020/health || exit 1
 
-CMD ["node", "dist/main.js"]
+CMD ["/app/start.sh"]

backend/services/mining-service/Dockerfile

@@ -6,43 +6,50 @@
 FROM node:20-alpine AS builder
 WORKDIR /app
 
-RUN apk add --no-cache python3 make g++
+COPY package*.json ./
-
+COPY tsconfig*.json ./
-COPY package.json package-lock.json ./
-RUN npm ci
-
 COPY prisma ./prisma/
-RUN npx prisma generate
 
-COPY . .
+RUN npm ci
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
+
+COPY src ./src
 RUN npm run build
 
 # 阶段2: 生产运行
 FROM node:20-alpine AS runner
-WORKDIR /app
 
-ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && \
-ENV TZ=Asia/Shanghai
+    adduser --system --uid 1001 -G nodejs nestjs
 
 RUN apk add --no-cache curl tzdata
 
-RUN addgroup --system --gid 1001 nodejs && \
+RUN mkdir -p /app && chown nestjs:nodejs /app
-    adduser --system --uid 1001 nestjs
+WORKDIR /app
 
-COPY package.json package-lock.json ./
+USER nestjs
+
+COPY --chown=nestjs:nodejs package*.json ./
 RUN npm ci --only=production && npm cache clean --force
 
-COPY prisma ./prisma/
+COPY --chown=nestjs:nodejs prisma ./prisma/
-RUN npx prisma generate
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
 
-COPY --from=builder /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
 
-RUN chown -R nestjs:nodejs /app
+RUN echo '#!/bin/sh\n\
-USER nestjs
+set -e\n\
+echo "Running database migrations..."\n\
+npx prisma migrate deploy\n\
+echo "Starting application..."\n\
+exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
+
+ENV NODE_ENV=production
+ENV TZ=Asia/Shanghai
 
 EXPOSE 3021
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
     CMD curl -f http://localhost:3021/health || exit 1
 
-CMD ["node", "dist/main.js"]
+CMD ["/app/start.sh"]

backend/services/mining-wallet-service/Dockerfile

@@ -2,47 +2,54 @@
 # Mining Wallet Service - Dockerfile
 # =============================================================================
 
-# Stage 1: Build
+# 阶段1: 构建
 FROM node:20-alpine AS builder
 WORKDIR /app
 
-RUN apk add --no-cache python3 make g++
+COPY package*.json ./
-
+COPY tsconfig*.json ./
-COPY package.json package-lock.json ./
-RUN npm ci
-
 COPY prisma ./prisma/
-RUN npx prisma generate
 
-COPY . .
+RUN npm ci
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
+
+COPY src ./src
 RUN npm run build
 
-# Stage 2: Production
+# 阶段2: 生产运行
 FROM node:20-alpine AS runner
-WORKDIR /app
 
-ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && \
-ENV TZ=Asia/Shanghai
+    adduser --system --uid 1001 -G nodejs nestjs
 
 RUN apk add --no-cache curl tzdata
 
-RUN addgroup --system --gid 1001 nodejs && \
+RUN mkdir -p /app && chown nestjs:nodejs /app
-    adduser --system --uid 1001 nestjs
+WORKDIR /app
 
-COPY package.json package-lock.json ./
+USER nestjs
+
+COPY --chown=nestjs:nodejs package*.json ./
 RUN npm ci --only=production && npm cache clean --force
 
-COPY prisma ./prisma/
+COPY --chown=nestjs:nodejs prisma ./prisma/
-RUN npx prisma generate
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
 
-COPY --from=builder /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
 
-RUN chown -R nestjs:nodejs /app
+RUN echo '#!/bin/sh\n\
-USER nestjs
+set -e\n\
+echo "Running database migrations..."\n\
+npx prisma migrate deploy\n\
+echo "Starting application..."\n\
+exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
+
+ENV NODE_ENV=production
+ENV TZ=Asia/Shanghai
 
 EXPOSE 3025
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
     CMD curl -f http://localhost:3025/health || exit 1
 
-CMD ["node", "dist/main.js"]
+CMD ["/app/start.sh"]

backend/services/trading-service/Dockerfile

@@ -6,43 +6,50 @@
 FROM node:20-alpine AS builder
 WORKDIR /app
 
-RUN apk add --no-cache python3 make g++
+COPY package*.json ./
-
+COPY tsconfig*.json ./
-COPY package.json package-lock.json ./
-RUN npm ci
-
 COPY prisma ./prisma/
-RUN npx prisma generate
 
-COPY . .
+RUN npm ci
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
+
+COPY src ./src
 RUN npm run build
 
 # 阶段2: 生产运行
 FROM node:20-alpine AS runner
-WORKDIR /app
 
-ENV NODE_ENV=production
+RUN addgroup --system --gid 1001 nodejs && \
-ENV TZ=Asia/Shanghai
+    adduser --system --uid 1001 -G nodejs nestjs
 
 RUN apk add --no-cache curl tzdata
 
-RUN addgroup --system --gid 1001 nodejs && \
+RUN mkdir -p /app && chown nestjs:nodejs /app
-    adduser --system --uid 1001 nestjs
+WORKDIR /app
 
-COPY package.json package-lock.json ./
+USER nestjs
+
+COPY --chown=nestjs:nodejs package*.json ./
 RUN npm ci --only=production && npm cache clean --force
 
-COPY prisma ./prisma/
+COPY --chown=nestjs:nodejs prisma ./prisma/
-RUN npx prisma generate
+RUN DATABASE_URL="postgresql://user:pass@localhost:5432/db" npx prisma generate
 
-COPY --from=builder /app/dist ./dist
+COPY --chown=nestjs:nodejs --from=builder /app/dist ./dist
 
-RUN chown -R nestjs:nodejs /app
+RUN echo '#!/bin/sh\n\
-USER nestjs
+set -e\n\
+echo "Running database migrations..."\n\
+npx prisma migrate deploy\n\
+echo "Starting application..."\n\
+exec node dist/main.js\n' > /app/start.sh && chmod +x /app/start.sh
+
+ENV NODE_ENV=production
+ENV TZ=Asia/Shanghai
 
 EXPOSE 3022
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
     CMD curl -f http://localhost:3022/health || exit 1
 
-CMD ["node", "dist/main.js"]
+CMD ["/app/start.sh"]