Migrate

microservices/services/_template_nodejs/Dockerfile

@@ -0,0 +1,114 @@
+# EN: Multi-stage Docker build for production-ready microservice
+# VI: Multi-stage Docker build cho microservice production-ready
+
+# EN: Base stage with security updates
+# VI: Base stage với security updates
+FROM node:25-alpine AS base
+
+# EN: Install security updates and required packages
+# VI: Cài đặt security updates và packages cần thiết
+RUN apk update && apk upgrade && \
+    apk add --no-cache \
+    libc6-compat \
+    dumb-init \
+    su-exec \
+    && rm -rf /var/cache/apk/*
+
+# EN: Create app directory with correct permissions
+# VI: Tạo app directory với permissions đúng
+WORKDIR /app
+RUN chown node:node /app
+USER node
+
+# EN: Dependencies stage - separate for better caching
+# VI: Dependencies stage - tách riêng để cache tốt hơn
+FROM base AS deps
+USER root
+RUN chown node:node /app
+USER node
+
+# EN: Enable corepack for pnpm
+# VI: Enable corepack cho pnpm
+RUN corepack enable pnpm
+
+# EN: Copy package files
+# VI: Copy package files
+COPY --chown=node:node package.json pnpm-lock.yaml* ./
+
+# EN: Install dependencies only (no dev dependencies for smaller image)
+# VI: Install dependencies only (không có dev dependencies để image nhỏ hơn)
+RUN pnpm install --frozen-lockfile --prod=false && pnpm store prune
+
+# EN: Builder stage - compile TypeScript and generate Prisma client
+# VI: Builder stage - compile TypeScript và generate Prisma client
+FROM base AS builder
+USER root
+RUN chown node:node /app
+USER node
+
+# EN: Enable corepack
+# VI: Enable corepack
+RUN corepack enable pnpm
+
+# EN: Copy dependencies from deps stage
+# VI: Copy dependencies từ deps stage
+COPY --from=deps --chown=node:node /app/node_modules ./node_modules
+
+# EN: Copy source code
+# VI: Copy source code
+COPY --chown=node:node . .
+
+# EN: Build application
+# VI: Build application
+RUN pnpm prisma generate && \
+    pnpm build && \
+    pnpm prune --prod
+
+# EN: Production stage - minimal runtime image
+# VI: Production stage - minimal runtime image
+FROM base AS runner
+
+# EN: Install runtime dependencies only
+# VI: Install runtime dependencies only
+USER root
+RUN apk add --no-cache \
+    curl \
+    && rm -rf /var/cache/apk/*
+
+# EN: Create non-root user for security
+# VI: Tạo non-root user cho security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S microservice -u 1001
+
+# EN: Create necessary directories with correct permissions
+# VI: Tạo necessary directories với permissions đúng
+RUN mkdir -p /app/dist /app/node_modules /app/prisma && \
+    chown -R microservice:nodejs /app
+
+# EN: Switch to non-root user
+# VI: Switch sang non-root user
+USER microservice
+
+# EN: Copy built application from builder stage
+# VI: Copy built application từ builder stage
+COPY --from=builder --chown=microservice:nodejs /app/dist ./dist
+COPY --from=builder --chown=microservice:nodejs /app/node_modules ./node_modules
+COPY --from=builder --chown=microservice:nodejs /app/package.json ./
+COPY --from=builder --chown=microservice:nodejs /app/prisma ./prisma
+
+# EN: Add health check
+# VI: Thêm health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:5000/health/live || exit 1
+
+# EN: Expose port
+# VI: Expose port
+EXPOSE 5000
+
+# EN: Use dumb-init to handle signals properly
+# VI: Sử dụng dumb-init để handle signals properly
+ENTRYPOINT ["dumb-init", "--"]
+
+# EN: Start application
+# VI: Start application
+CMD ["node", "dist/main.js"]