-
Notifications
You must be signed in to change notification settings - Fork 0
/
nextjs.Dockerfile
94 lines (78 loc) · 3.66 KB
/
nextjs.Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# The VERSION arg is used to specify the version of Node.js to use. You can change
# this at build time by passing the --build-arg flag to the docker build command.
ARG VERSION=lts
FROM node:${VERSION}-slim AS base
# Enables pnpm and yarn
RUN corepack enable
# Install Bun if a lockfile is present
WORKDIR /app
COPY bun.lockb* ./
RUN if [ -f bun.lockb ]; then npm install -g bun; fi
# Install the necessary dependencies for the application. This is done in a separate
# stage so that the dependencies are cached and not re-installed on every build.
FROM base AS build-deps
WORKDIR /app
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* bun.lockb* ./
# Set the NPM_MIRROR build argument to use a custom npm registry mirror.
ARG NPM_MIRROR=
RUN if [ ! -z "${NPM_MIRROR}" ]; then npm config set registry ${NPM_MIRROR}; fi
RUN if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
elif [ -f package-lock.json ]; then npm ci; \
elif [ -f pnpm-lock.yaml ]; then pnpm i --frozen-lockfile; \
elif [ -f bun.lockb ]; then bun install; \
else echo "Lockfile not found." && exit 1; \
fi
# Runtime dependencies are installed in a separate stage so that development
# dependencies are not included in the final image. This reduces the size of the
# final image.
FROM base AS runtime-deps
WORKDIR /app
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* bun.lockb* ./
ARG NPM_MIRROR=
RUN if [ ! -z "${NPM_MIRROR}" ]; then npm config set registry ${NPM_MIRROR}; fi
RUN if [ -f yarn.lock ]; then yarn --frozen-lockfile --production; \
elif [ -f package-lock.json ]; then npm ci --only=production; \
elif [ -f pnpm-lock.yaml ]; then pnpm i --frozen-lockfile --prod; \
elif [ -f bun.lockb ]; then bun install --production; \
else echo "Lockfile not found." && exit 1; \
fi
# This is the final stage of the build process. It copies the application code
# and builds the application.
FROM base AS builder
ENV NODE_ENV=production
WORKDIR /app
COPY . .
RUN rm -rf node_modules
COPY --from=build-deps /app/node_modules ./node_modules
RUN if [ -f yarn.lock ]; then yarn run build; \
elif [ -f package-lock.json ]; then npm run build; \
elif [ -f bun.lockb ]; then bun run build; \
elif [ -f pnpm-lock.yaml ]; then pnpm run build; \
elif [ -f bun.lockb ]; then bun run build; \
else echo "Lockfile not found." && exit 1; \
fi
# This stage creates the final image that will be used in production. It copies
# the application code and the runtime dependencies from the previous stages.
# Then it sets the user to run the application and the command to start the
# application.
FROM base AS runtime
WORKDIR /app
# Install wget to allow health checks on the container. Then clean up the apt cache to reduce the image size.
# e.g. `wget -nv -t1 --spider 'http://localhost:8080/health' || exit 1`
RUN apt-get update && apt-get install -y --no-install-recommends wget ca-certificates && apt-get clean && rm -f /var/lib/apt/lists/*_*
RUN update-ca-certificates 2>/dev/null || true
RUN addgroup --system nonroot && adduser --system --ingroup nonroot nonroot
RUN chown -R nonroot:nonroot /app
# Copy the application code and the runtime dependencies from the previous stage.
COPY --from=builder --chown=nonroot:nonroot /app/next.config.* ./
COPY --from=builder --chown=nonroot:nonroot /app/public ./public
COPY --from=builder --chown=nonroot:nonroot /app/.next ./.next
COPY --from=runtime-deps --chown=nonroot:nonroot /app/node_modules ./node_modules
USER nonroot:nonroot
# Set the port that the application will run on
ENV PORT=8080
# Expose the port that the application will run on
EXPOSE ${PORT}
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED 1
CMD ["node_modules/.bin/next", "start", "-H", "0.0.0.0"]