851dd4f265
- Backend (Go): Use scratch image (~5MB), add build cache for modules - Backoffice (NestJS): Add pnpm cache, alpine image, fix Prisma client copy - BFF (Python): Add multi-stage with virtualenv, pip cache, optimized env vars - All: Add non-root users for security
44 lines
1.2 KiB
Docker
44 lines
1.2 KiB
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# ===== STAGE 1: Base =====
|
|
FROM node:22-alpine AS base
|
|
RUN corepack enable && corepack prepare pnpm@latest --activate
|
|
WORKDIR /app
|
|
|
|
# ===== STAGE 2: Dependencies =====
|
|
FROM base AS deps
|
|
COPY package.json pnpm-lock.yaml ./
|
|
|
|
# Cache do pnpm store para builds mais rápidas
|
|
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
|
|
pnpm install --frozen-lockfile
|
|
|
|
# ===== STAGE 3: Build =====
|
|
FROM deps AS build
|
|
COPY . .
|
|
RUN pnpm prisma:generate && pnpm build
|
|
|
|
# ===== STAGE 4: Production =====
|
|
FROM node:22-alpine AS production
|
|
|
|
# Cria usuário não-root
|
|
RUN addgroup --system --gid 1001 nodejs && \
|
|
adduser --system --uid 1001 nestjs
|
|
|
|
WORKDIR /app
|
|
|
|
# Copia apenas o necessário para produção
|
|
COPY --from=build --chown=nestjs:nodejs /app/dist ./dist
|
|
COPY --from=build --chown=nestjs:nodejs /app/prisma ./prisma
|
|
COPY --from=build --chown=nestjs:nodejs /app/node_modules/.prisma ./node_modules/.prisma
|
|
COPY --from=build --chown=nestjs:nodejs /app/node_modules/@prisma ./node_modules/@prisma
|
|
COPY --from=deps --chown=nestjs:nodejs /app/node_modules ./node_modules
|
|
COPY --chown=nestjs:nodejs package.json ./
|
|
|
|
ENV NODE_ENV=production
|
|
|
|
USER nestjs
|
|
|
|
EXPOSE 3000
|
|
|
|
CMD ["node", "dist/main.js"]
|