DEV Community

Kevan Y
Kevan Y

Posted on

Release 2.9

My Work

Apply Dockerfile best practices from Snyk recommendations #1668
List of Dockerfile worked:

In overall it was pretty straightforward once one of the PR got reviewed, and I can use it as a template.

One of the process steps

References
Image description

  • For the image version we need to use an image to a specific version(Not using alpine version for package installation since M1 required more tools to work)
 - FROM node:lts as base
 + FROM node:16 as base
Enter fullscreen mode Exit fullscreen mode
  • Setup multi staging
 + FROM node:16 as base
 + FROM base as dependencies
 + FROM node:16-alpine3.15 as deploy
Enter fullscreen mode Exit fullscreen mode

Base stage is for installing the tool needed for package installation.
Dependencies stage is for installing node_modules.
Deploy stage is where we copy sources code from the build context and node_modules from Dependencies and run our services.

  • Run node app as node user
+ COPY --chown=node:node . .
+ USER node
Enter fullscreen mode Exit fullscreen mode

This allows Node user to have permission to read our sources code.

  • Add a healthcheck
+ ENV PORT
+ HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+   CMD wget --no-verbose --tries=1 --spider localhost:${DEPENDENCY_DISCOVERY_PORT}/healthcheck || exit 1
Enter fullscreen mode Exit fullscreen mode

This is the change I made, one thing @humphd noticed building the application with a node-alpine image, on ARM architecture, it's required to use a bigger node image to be able to build it. See PR 3336

Discussion (0)