-
Notifications
You must be signed in to change notification settings - Fork 0
/
containerfile
122 lines (99 loc) · 4.98 KB
/
containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Containerfile for building the Future SIR frontend application.
#
# This file is designed to optimize Docker's layer caching and reduce image size
# for production deployments. Think carefully before you edit this file.
#
# Build arguments with default values for build metadata:
# - BUILD_DATE: The date the build was created (default: "1970-01-01T00:00:00.000Z").
# - BUILD_ID: The unique identifier for the build (default: "000000").
# - BUILD_REVISION: The source control revision hash (default: "00000000").
# - BUILD_VERSION: The version of the application being built (default: "0.0.0").
# Example build and run commands:
# $ docker build . --tag future-sir --file containerfile \
# --build-arg BUILD_DATE="$(date -u +%Y-%m-%dT%H:%M:%SZ)" \
# --build-arg BUILD_ID="000001" \
# --build-arg BUILD_REVISION="$(git rev-parse --short=8 HEAD)" \
# --build-arg BUILD_VERSION="1.0.0"
#
# $ docker run --init --interactive --tty --rm --network host \
# --env-file .env --name future-sir future-sir
#
# ---------------------------------------------------------------------------- #
# Stage: Base image
# The base image provides the foundation for all subsequent stages.
# It uses a slim nodejs image optimized for production, based on Debian Bookworm.
FROM docker.io/library/node:22.11.0-bookworm-slim AS base
ARG BUILD_DATE="1970-01-01T00:00:00.000Z"
ARG BUILD_ID="000000"
ARG BUILD_REVISION="00000000"
ARG BUILD_VERSION="0.0.0"
ARG IMAGE_AUTHORS="Digital Technology Solutions"
ARG IMAGE_DESCRIPTION="Future SIR -- Frontend Application"
ARG IMAGE_TITLE="Future SIR frontend"
ARG IMAGE_URL="https://github.com/DTS-STN/future-sir/"
ARG IMAGE_VENDOR="Employment and Social Development Canada"
ENV BUILD_DATE=${BUILD_DATE}
ENV BUILD_ID=${BUILD_ID}
ENV BUILD_REVISION=${BUILD_REVISION}
ENV BUILD_VERSION=${BUILD_VERSION}
ENV OTEL_SERVICE_NAME=${IMAGE_TITLE}
ENV OTEL_SERVICE_VERSION=${BUILD_VERSION}
# Add labels for OCI compliance, describing the build details and image metadata
# see: https://github.com/opencontainers/image-spec/blob/main/annotations.md
LABEL org.opencontainers.image.authors=${IMAGE_AUTHORS}
LABEL org.opencontainers.image.created=${BUILD_DATE}
LABEL org.opencontainers.image.description=${IMAGE_DESCRIPTION}
LABEL org.opencontainers.image.revision=${BUILD_REVISION}
LABEL org.opencontainers.image.title=${IMAGE_TITLE}
LABEL org.opencontainers.image.url=${IMAGE_URL}
LABEL org.opencontainers.image.vendor=${IMAGE_VENDOR}
LABEL org.opencontainers.image.version=${BUILD_VERSION}
ENV NODE_ENV production
# ---------------------------------------------------------------------------- #
# Stage: Dependencies
# This stage installs all project dependencies, including development packages.
# These dependencies are used for building and testing the application in subsequent stages.
FROM base as deps
WORKDIR /home/node
COPY --chown=node:node package.json package-lock.json ./
USER node
RUN npm clean-install --include dev
# ---------------------------------------------------------------------------- #
# Stage: Runtime Dependencies
# This stage removes development dependencies, keeping only the runtime dependencies.
# This minimizes the final image size and reduces the attack surface for production environments.
FROM base as runtime-deps
WORKDIR /home/node
COPY --from=deps --chown=node:node /home/node/node_modules/ ./node_modules/
COPY --chown=node:node package.json package-lock.json ./
USER node
RUN npm prune --omit dev
# ---------------------------------------------------------------------------- #
# Stage: Build
# This stage compiles the application, generating production-ready build artifacts.
# It includes metadata for build traceability and installs additional tools as needed.
FROM base as build
WORKDIR /home/node
COPY --from=deps --chown=node:node /home/node/node_modules/ ./node_modules/
COPY --from=deps --chown=node:node /home/node/package.json ./package.json
COPY --from=deps --chown=node:node /home/node/package-lock.json ./package-lock.json
COPY --chown=node:node ./app/ ./app/
COPY --chown=node:node ./public/ ./public/
COPY --chown=node:node ./postcss.config.mjs ./postcss.config.mjs
COPY --chown=node:node ./react-router.config.ts ./react-router.config.ts
COPY --chown=node:node ./tailwind.config.ts ./tailwind.config.ts
COPY --chown=node:node ./tsconfig.json ./tsconfig.json
COPY --chown=node:node ./vite.config.ts ./vite.config.ts
COPY --chown=node:node ./vite.server.config.ts ./vite.server.config.ts
USER node
RUN npm run build
# ---------------------------------------------------------------------------- #
# Stage: Final Production Image
# The final image is optimized for running the application in production.
# It contains only the runtime dependencies and compiled application code.
FROM base as final
WORKDIR /home/node
COPY --from=runtime-deps --chown=node:node /home/node/node_modules/ ./node_modules/
COPY --from=build --chown=node:node /home/node/build/ ./build/
USER node
CMD ["node", "--import", "./build/server/opentelemetry.js", "./build/server/server.js"]