Dockerfile.alpine

# syntax=docker.io/docker/dockerfile-upstream:1.13.0

# Copyright (C) 2024 - present, Juergen Zimmermann, Hochschule Karlsruhe
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.

# Aufruf:   docker build --tag juergenzimmermann/buch:2025.4.1-alpine -f Dockerfile.alpine .
#               ggf. --progress=plain
#               ggf. --no-cache
#           Get-Content Dockerfile.alpine | docker run --rm --interactive hadolint/hadolint:2.12.1-beta-debian
#               Linux:   cat Dockerfile.alpine | docker run --rm --interactive hadolint/hadolint:2.12.1-beta-debian
#           docker network ls

# https://docs.docker.com/engine/reference/builder/#syntax
# https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md
# https://hub.docker.com/r/docker/dockerfile
# https://docs.docker.com/build/building/multi-stage
# https://github.com/textbook/starter-kit/blob/main/Dockerfile
# https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker
# https://cheatsheetseries.owasp.org/cheatsheets/NodeJS_Docker_Cheat_Sheet.html

ARG NODE_VERSION=23.6.1

# ---------------------------------------------------------------------------------------
# S t a g e   d i s t
# ---------------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-alpine3.21 AS dist

# ggf. Python fuer Argon2
ENV PYTHONUNBUFFERED=1

RUN <<EOF
# https://explainshell.com/explain?cmd=set+-eux
set -eux
# apk = Alpine Package Keeper
# https://wiki.alpinelinux.org/wiki/Alpine_Package_Keeper
# https://docs.alpinelinux.org/user-handbook/0.1a/Working/apk.html
apk update
apk upgrade

# https://dl-cdn.alpinelinux.org/alpine/v3.21/main/x86_64
# https://dl-cdn.alpinelinux.org/alpine/v3.21/community/x86_64
# https://pkgs.alpinelinux.org/package/v3.21/main/x86_64/python3
# https://pkgs.alpinelinux.org/package/v3.21/community/x86_64/py3-pip
# https://pkgs.alpinelinux.org/package/v3.21/main/x86_64/make
# https://pkgs.alpinelinux.org/package/v3.21/main/x86_64/gcc
# https://pkgs.alpinelinux.org/package/v3.21/main/x86_64/g++
# https://pkgs.alpinelinux.org/package/v3.21/main/x86_64/build-base
apk add --update --no-cache python3=3.12.8-r1 py3-pip=24.3.1-r0 make=4.4.1-r2 gcc=14.2.0-r4 g++=14.2.0-r4 build-base=0.5-r3
ln -sf python3 /usr/bin/python

npm i -g --no-audit --no-fund npm
EOF

# USER node

WORKDIR /home/node

# https://docs.docker.com/engine/reference/builder/#run---mounttypebind
RUN --mount=type=bind,source=package.json,target=package.json \
  --mount=type=bind,source=package-lock.json,target=package-lock.json \
  --mount=type=bind,source=nest-cli.json,target=nest-cli.json \
  --mount=type=bind,source=tsconfig.json,target=tsconfig.json \
  --mount=type=bind,source=tsconfig.build.json,target=tsconfig.build.json \
  --mount=type=bind,source=src,target=src \
  --mount=type=cache,target=/root/.npm <<EOF
set -eux
# ci (= clean install) mit package-lock.json
npm ci --no-audit --no-fund
npm run build
EOF

# ------------------------------------------------------------------------------
# S t a g e   d e p e n d e n c i e s
# ------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-alpine3.21 AS dependencies

RUN <<EOF
set -eux
apk update
apk upgrade
apk add --update --no-cache python3=3.12.8-r1 py3-pip=24.3.1-r0 make=4.4.1-r2 gcc=14.2.0-r4 g++=14.2.0-r4 build-base=0.5-r3
ln -sf python3 /usr/bin/python
npm i -g --no-audit --no-fund npm
EOF

USER node

WORKDIR /home/node

RUN --mount=type=bind,source=package.json,target=package.json \
  --mount=type=bind,source=package-lock.json,target=package-lock.json \
  --mount=type=cache,target=/root/.npm <<EOF
set -eux
# ci (= clean install) mit package-lock.json
# --omit=dev: ohne devDependencies
npm ci --no-audit --no-fund --omit=dev --omit=peer
EOF

# ------------------------------------------------------------------------------
# S t a g e   f i n a l
# ------------------------------------------------------------------------------
FROM node:${NODE_VERSION}-alpine3.21 AS final

# Anzeige bei "docker inspect ..."
# https://specs.opencontainers.org/image-spec/annotations
# https://spdx.org/licenses
# MAINTAINER ist deprecated https://docs.docker.com/engine/reference/builder/#maintainer-deprecated
LABEL org.opencontainers.image.title="buch" \
  org.opencontainers.image.description="Appserver buch mit Basis-Image Alpine" \
  org.opencontainers.image.version="2025.4.1-bookworm" \
  org.opencontainers.image.licenses="GPL-3.0-or-later" \
  org.opencontainers.image.authors="Juergen.Zimmermann@h-ka.de"

RUN <<EOF
set -eux
apk update
apk upgrade
apk cache clean
rm -rf /tmp/*
EOF

WORKDIR /opt/app

USER node

# ADD hat mehr Funktionalitaet als COPY, z.B. auch Download von externen Dateien
COPY --chown=node:node package.json .env ./
COPY --from=dependencies --chown=node:node /home/node/node_modules ./node_modules
COPY --from=dist --chown=node:node /home/node/dist ./dist
COPY --chown=node:node src/config/resources ./dist/config/resources

EXPOSE 3000

# Bei CMD statt ENTRYPOINT kann das Kommando bei "docker run ..." ueberschrieben werden
# "Array Syntax" damit auch <Strg>C funktioniert
ENTRYPOINT ["/usr/local/bin/node", "dist/main.js"]