diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..6b8710a711 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +.git diff --git a/.github/Dockerfile-node b/.github/Dockerfile-node index 059a34b518..b34d1e13b8 100644 --- a/.github/Dockerfile-node +++ b/.github/Dockerfile-node @@ -4,25 +4,32 @@ FROM node:18-alpine AS builder ARG WORKSPACE_NAME ENV WORKSPACE_NAME=$WORKSPACE_NAME -RUN apk add --no-cache libc6-compat -RUN apk update +RUN apk add --update --upgrade --no-cache \ + libc6-compat WORKDIR /app + RUN yarn global add turbo + COPY . . -RUN turbo prune --scope=${WORKSPACE_NAME} --docker -RUN yarn cache clean + +RUN turbo prune --scope=${WORKSPACE_NAME} --docker && \ + yarn cache clean # Add lockfile and package.json's of isolated subworkspace FROM node:18-alpine AS installer -RUN apk add --no-cache libc6-compat git -RUN apk update + +RUN apk add --uppgrade --update --no-cache \ + libc6-compat \ + git + WORKDIR /app # First install the dependencies (as they change less often) COPY .gitignore .gitignore COPY --from=builder /app/out/json/ . COPY --from=builder /app/out/yarn.lock ./yarn.lock + RUN yarn install --frozen-lockfile # Build the project @@ -39,23 +46,21 @@ ARG WORKSPACE_NAME ENV WORKSPACE_NAME=$WORKSPACE_NAME # https://turbo.build/repo/docs/core-concepts/monorepos/filtering#include-dependencies-of-matched-workspaces -RUN yarn turbo run build --filter=${WORKSPACE_NAME}... - -RUN yarn cache clean +RUN yarn turbo run build --filter=${WORKSPACE_NAME}... && \ + yarn cache clean FROM node:18-alpine AS runner -RUN apk update && \ - apk upgrade && \ - apk add ca-certificates libc6-compat && \ +RUN apk add --no-cache --update --upgrade \ + ca-certificates \ + libc6-compat && \ ln -s /lib/libc.musl-x86_64.so.1 /lib/ld-linux-x86-64.so.2 WORKDIR /app # Don't run production as root -RUN addgroup --system --gid 1001 nodejs -RUN adduser --system --uid 1001 nodejsuser -USER nodejsuser +USER node:node + COPY --from=installer /app/ . # TODO (rhinodavid): We could add enhancements here to only