From 552d364a3abac04345fd167f0311f4b560670d7b Mon Sep 17 00:00:00 2001 From: rick Date: Thu, 14 Nov 2024 22:54:30 +0800 Subject: [PATCH] Refactor : fix dockerfile --- Dockerfile | 89 +++++++++++++++++----------------------------------- package.json | 13 ++++---- 2 files changed, 35 insertions(+), 67 deletions(-) diff --git a/Dockerfile b/Dockerfile index d6996dc..1faf3ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,64 +1,25 @@ # 阶段1:基础镜像准备 FROM node:18-alpine AS base -ARG USE_CN_MIRROR - # 设置工作目录 WORKDIR /app -# 配置国内镜像源(如果需要) -RUN \ - if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \ - npm config set registry https://registry.npmmirror.com/; \ - fi +# 配置国内镜像源 +RUN npm config set registry https://registry.npmmirror.com/ -# 安装必要的系统依赖(例如CA证书) +# 安装必要的系统依赖(例如 CA 证书) RUN apk add --no-cache ca-certificates -# 创建distroless目录,准备复制必要的运行时文件 -RUN mkdir -p /distroless/bin /distroless/lib /distroless/etc/ssl/certs /distroless/etc - -# 复制Node.js可执行文件 -RUN cp /usr/local/bin/node /distroless/bin/ - -# 复制Node.js运行时依赖的库文件 -RUN ldd /usr/local/bin/node | awk '{print $3}' | grep -v '^$' | xargs -I '{}' cp '{}' /distroless/lib/ - -# 复制动态链接器 -RUN cp /lib/ld-musl-$(uname -m).so.1 /distroless/lib/ - -# 复制CA证书 -RUN cp -r /etc/ssl/certs /distroless/etc/ssl/ - -# 创建非root用户 -RUN addgroup -g 1001 appgroup && \ - adduser -D -u 1001 -G appgroup appuser - -# 复制用户和组信息 -RUN cp /etc/passwd /distroless/etc/passwd && \ - cp /etc/group /distroless/etc/group - - - # 阶段2:构建应用程序 FROM base AS builder -ARG USE_CN_MIRROR - WORKDIR /app # 复制依赖文件 COPY package.json yarn.lock ./ -# 确保在构建阶段NODE_ENV不为production -ENV NODE_ENV=development - -# 配置国内镜像源并安装依赖 -RUN \ - if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \ - npm config set registry https://registry.npmmirror.com/; \ - fi && \ - yarn install +# 安装所有依赖,包括开发依赖 +RUN yarn install # 复制项目源代码 COPY . . @@ -66,25 +27,37 @@ COPY . . # 构建应用程序 RUN yarn build -# 重新设置NODE_ENV为production +# 删除 node_modules 目录 +RUN rm -rf node_modules + +# 设置 NODE_ENV 为 production ENV NODE_ENV=production -# 删除devDependencies,减小最终镜像大小 +# 安装生产依赖 RUN yarn install --production --ignore-scripts --prefer-offline -# 修改文件权限,使appuser拥有所有权 -RUN chown -R appuser:appgroup /app - - +# 清理 yarn 缓存 +RUN yarn cache clean --all # 阶段3:构建最终的生产镜像 -FROM scratch +FROM node:18-alpine + +# 设置工作目录 +WORKDIR /app -# 复制distroless文件 -COPY --from=base /distroless / +# 创建非 root 用户 +RUN addgroup -g 1001 appgroup && \ + adduser -D -u 1001 -G appgroup appuser # 复制应用程序文件 -COPY --from=builder /app /app +COPY --from=builder /app/server.js /app/server.js +COPY --from=builder /app/dist /app/dist +COPY --from=builder /app/api /app/api +COPY --from=builder /app/node_modules /app/node_modules +COPY --from=builder /app/package.json /app/package.json + +# 修改文件权限,使 appuser 拥有所有权 +RUN chown -R appuser:appgroup /app # 设置环境变量 ENV NODE_ENV=production @@ -92,15 +65,11 @@ ENV HOSTNAME="0.0.0.0" ENV PORT=13000 ENV NODE_OPTIONS="--dns-result-order=ipv4first --use-openssl-ca" -# 设置工作目录 -WORKDIR /app - # 暴露端口 EXPOSE 13000 -# 使用非root用户 +# 使用非 root 用户 USER appuser # 启动命令 -ENTRYPOINT ["/bin/node"] -CMD ["server.js"] +CMD ["node", "server.js"] diff --git a/package.json b/package.json index dd70da5..9aef940 100644 --- a/package.json +++ b/package.json @@ -11,18 +11,17 @@ "docker:install": "yarn install --production --frozen-lockfile && yarn build" }, "dependencies": { + "dotenv": "^16.4.5", + "express": "^4.21.1" + }, + "devDependencies": { "@ant-design/icons-vue": "^7.0.1", "@vueuse/core": "^11.2.0", "ant-design-vue": "^4.2.6", - "axios": "^1.7.7", - "dotenv": "^16.4.5", - "echarts": "^5.5.1", - "express": "^4.21.1", "vue": "^3.5.12", "vue-i18n": "^9.14.1", - "vue-router": "^4.4.5" - }, - "devDependencies": { + "vue-router": "^4.4.5", + "echarts": "^5.5.1", "@vitejs/plugin-vue": "^5.1.4", "less": "^4.2.0", "less-loader": "^12.2.0",