-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathDockerfile.optimized
More file actions
89 lines (71 loc) · 2.92 KB
/
Dockerfile.optimized
File metadata and controls
89 lines (71 loc) · 2.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#############################
# Optimized Multi-stage Docker build for SCIMTool
# Target: Reduce image size from 1GB+ to <300MB
#############################
#############################
# Stage 1: Build web frontend (React + Vite)
#############################
FROM node:18-alpine AS web-build
WORKDIR /web
# Copy package files first for better layer caching
COPY web/package*.json ./
# Install dependencies (need all deps for build)
RUN npm ci --no-audit --no-fund && \
npm cache clean --force
# Copy source and build, clean in same layer
COPY web/ ./
RUN npm run build && \
rm -rf node_modules src public *.json *.config.* *.md .eslint* vite.config.ts
#############################
# Stage 2: Build API (NestJS) with aggressive optimization
#############################
FROM node:18-alpine AS api-build
WORKDIR /app
# Install build essentials in single layer
RUN apk add --no-cache openssl
# Copy package files for better caching
COPY api/package*.json ./
# Install, build, and clean in optimized layers
RUN npm ci --no-audit --no-fund --no-optional
COPY api/ ./
COPY --from=web-build /web/dist ./public
# Build everything and clean up in single layer to minimize size
RUN npx prisma generate && \
npx tsc -p tsconfig.build.json && \
rm -rf src test *.ts tsconfig*.json *.md .eslint* jest.config.js && \
npm prune --production && \
npm cache clean --force && \
rm -rf /root/.npm /tmp/*
#############################
# Stage 3: Minimal runtime using distroless-like approach
#############################
FROM node:18-alpine AS runtime
WORKDIR /app
# Install minimal runtime dependencies and clean up
RUN apk add --no-cache openssl && \
rm -rf /var/cache/apk/* /tmp/* && \
addgroup -g 1001 -S nodejs && \
adduser -S scim -u 1001
# Production environment variables
ENV NODE_ENV=production \
PORT=80 \
DATABASE_URL="file:./data.db" \
NODE_OPTIONS="--max_old_space_size=512"
# Copy only production artifacts (minimal footprint)
COPY --from=api-build --chown=scim:nodejs /app/node_modules ./node_modules
COPY --from=api-build --chown=scim:nodejs /app/dist ./dist
COPY --from=api-build --chown=scim:nodejs /app/public ./public
COPY --from=api-build --chown=scim:nodejs /app/prisma ./prisma
COPY --from=api-build --chown=scim:nodejs /app/package.json ./package.json
# Remove any remaining unnecessary files
RUN find ./node_modules -name "*.md" -delete && \
find ./node_modules -name "*.txt" -delete && \
find ./node_modules -name "test" -type d -exec rm -rf {} + 2>/dev/null || true && \
find ./node_modules -name "tests" -type d -exec rm -rf {} + 2>/dev/null || true && \
find ./node_modules -name "*.map" -delete 2>/dev/null || true
USER scim
EXPOSE 80
# Minimal health check
HEALTHCHECK --interval=60s --timeout=3s --start-period=10s --retries=2 \
CMD node -e "process.exit(require('http').get('http://127.0.0.1:80/health',r=>r.statusCode===200?0:1).on('error',()=>1))"
CMD ["node", "dist/main.js"]