1414
1515# Use a multi-stage docker build to limit production dependencies.
1616
17- # Use the official lightweight Node.js 14 image.
18- # https://hub.docker.com/_/node
19- FROM node:18.20.5-slim AS BUILD
17+ # Stage 0: Node.js Base Image
18+ FROM marketplace.gcr.io/google/debian12:latest AS NODE_BASE
19+
20+ # Install Node.js v18 and npm.
21+ RUN apt-get update && \
22+ apt-get install -y curl && \
23+ curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
24+ apt-get install -y nodejs && \
25+ rm -rf /var/lib/apt/lists/*
26+
27+ # Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
28+ RUN rm -rf /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
29+
30+ # Stage 1: Build
31+ FROM NODE_BASE AS BUILD
2032
2133# Create and change to the app directory.
2234WORKDIR /usr/src/app
@@ -31,29 +43,28 @@ RUN npm ci
3143
3244# Now copy all the code so we can compile
3345COPY . ./
34-
3546RUN npm run compile
3647
37- FROM node:18.20.5-slim
38-
39- # Remove unnecessary cross-spawn from npm to resolve CVE-2024-21538
40- RUN rm -r /usr/local/lib/node_modules/npm/node_modules/cross-spawn/
48+ # Stage 2: Production
49+ FROM NODE_BASE
4150
4251# Install git binary and remove unnecessary cache files to keep the
4352# image size small.
44-
45- RUN apt update \
46- && apt install -y git-core \
47- && apt-get update -y \
48- && rm -rf /var/cache/apt/*
53+ RUN apt-get update && \
54+ apt-get install -y git-core && \
55+ rm -rf /var/lib/apt/lists/* /var/cache/apt/*
4956
5057# Create and change to the app directory.
5158WORKDIR /usr/src/app
5259
60+ # Copy only necessary production files from the build stage.
5361COPY package*.json ./
54- COPY --from=BUILD /usr/src/app/build build
62+ COPY --from=BUILD /usr/src/app/build build/
63+
64+ # Install only production dependencies.
5565RUN npm ci --only=production
5666
67+ # Set environment variable for production.
5768ENV NODE_ENV "production"
5869
5970# Run the web service on container startup.
0 commit comments