admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
944d6262e7ddb4c443223897b5cd93dd6e9b5d64
goodgo-platform/apps/api/Dockerfile
Ho Ngoc Hai 767afb56d5 fix(docker): harden production deployment config for all services 
- Add resource limits (memory/CPU) and reservations for all services
- Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs
- Add missing prod services: loki, promtail, pg-backup from dev compose
- Fix API healthcheck to include catch() for proper exit codes
- Add json-file logging driver with rotation limits across all services
- Remove exposed PostgreSQL port in prod (internal only)
- Add shm_size for PostgreSQL shared memory
- Add non-root user (appuser) to AI services Dockerfile
- Add --chown=node:node to COPY directives in API/Web Dockerfiles
- Harden .dockerignore: exclude IDE files, OS files, docker-compose files
- Fix Redis URL to include password authentication
- Add JWT_REFRESH_SECRET to API environment
- Add Grafana dependency on Loki for log datasource

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-08 13:44:44 +07:00

49 lines
1.7 KiB
Docker
Raw Blame History

# ---- Base ----
FROM node:22-slim AS base
RUN corepack enable && corepack prepare pnpm@10.27.0 --activate
WORKDIR /app
# ---- Dependencies ----
FROM base AS deps
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json turbo.json ./
COPY apps/api/package.json apps/api/
COPY libs/mcp-servers/package.json libs/mcp-servers/
COPY prisma/ prisma/
RUN pnpm install --frozen-lockfile --filter @goodgo/api...
# ---- Build ----
FROM base AS build
COPY --from=deps /app/node_modules ./node_modules
COPY --from=deps /app/apps/api/node_modules ./apps/api/node_modules
COPY --from=deps /app/libs/mcp-servers/node_modules ./libs/mcp-servers/node_modules
COPY tsconfig.base.json ./
COPY prisma/ prisma/
COPY libs/mcp-servers/ libs/mcp-servers/
COPY apps/api/ apps/api/
RUN pnpm --filter @goodgo/mcp-servers build 2>/dev/null || true
RUN cd apps/api && npx nest build
RUN npx prisma generate
# ---- Production ----
FROM node:22-slim AS production
RUN apt-get update && apt-get install -y --no-install-recommends dumb-init && rm -rf /var/lib/apt/lists/*
WORKDIR /app
ENV NODE_ENV=production
COPY --from=build --chown=node:node /app/apps/api/dist ./dist
COPY --from=build --chown=node:node /app/node_modules ./node_modules
COPY --from=build --chown=node:node /app/apps/api/node_modules ./apps/api/node_modules
COPY --from=build --chown=node:node /app/prisma ./prisma
COPY --from=build --chown=node:node /app/apps/api/package.json ./package.json
EXPOSE 3001
HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
CMD node -e "fetch('http://localhost:3001/health').then(r => { if (!r.ok) throw 1 }).catch(() => process.exit(1))"
USER node
ENTRYPOINT ["dumb-init", "--"]
CMD ["node", "dist/main"]
Reference in New Issue View Git Blame Copy Permalink