My Work
Apply Dockerfile best practices from Snyk recommendations #1668
List of Dockerfile worked:
- https://github.com/Seneca-CDOT/telescope/pull/3231
- https://github.com/Seneca-CDOT/telescope/pull/3256
- https://github.com/Seneca-CDOT/telescope/pull/3236
- https://github.com/Seneca-CDOT/telescope/pull/3235
- https://github.com/Seneca-CDOT/telescope/pull/3255
- https://github.com/Seneca-CDOT/telescope/pull/3238
- https://github.com/Seneca-CDOT/telescope/pull/3307 (In progress, fixing failing e2e test)
- https://github.com/Seneca-CDOT/telescope/pull/3239
- https://github.com/Seneca-CDOT/telescope/pull/3309
In overall it was pretty straightforward once one of the PR got reviewed, and I can use it as a template.
One of the process steps
- For the image version we need to use an image to a specific version(Not using alpine version for package installation since M1 required more tools to work)
- FROM node:lts as base
+ FROM node:16 as base
- Setup multi staging
+ FROM node:16 as base
+ FROM base as dependencies
+ FROM node:16-alpine3.15 as deploy
Base stage is for installing the tool needed for package installation.
Dependencies stage is for installing node_modules.
Deploy stage is where we copy sources code from the build context and node_modules from Dependencies and run our services.
- Run node app as node user
+ COPY --chown=node:node . .
+ USER node
This allows Node user to have permission to read our sources code.
- Add a healthcheck
+ ENV PORT
+ HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+ CMD wget --no-verbose --tries=1 --spider localhost:${DEPENDENCY_DISCOVERY_PORT}/healthcheck || exit 1
This is the change I made, one thing @humphd noticed building the application with a node-alpine image, on ARM architecture, it's required to use a bigger node image to be able to build it. See PR 3336
Top comments (0)