fix(dockerfile): optimize build and improve security

- Add blank line before COPY for readability - Add PORT and HOSTNAME env vars in runner stage - Use --chown flag instead of separate chown RUN layer - Copy only src/prisma instead of entire src directory - Use glob pattern for next.config.* files - Move PORT and HOSTNAME before EXPOSE - Add newline at end of file Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
2026-04-06 14:48:14 +08:00
parent fd18a22834
commit 87d234e57f
1 changed files with 12 additions and 15 deletions
--- a/27
+++ b/27
@@ -19,6 +19,7 @@ ENV NEXT_TELEMETRY_DISABLED=1
 ENV NODE_OPTIONS="--max-old-space-size=4096"

 RUN bun install --frozen-lockfile
+
 COPY . .

 RUN cp .env.example .env || true
@@ -26,7 +27,7 @@ RUN cp .env.example .env || true
 ENV PRISMA_CLI_BINARY_TARGETS=debian-openssl-3.0.x
 RUN bunx prisma generate

-# Generate API types
+# Generate API types (opsional)
 RUN bun run gen:api || echo "tidak ada gen api"

 RUN bun run build
@@ -41,6 +42,8 @@ WORKDIR /app
 ENV NODE_ENV=production
 ENV NEXT_TELEMETRY_DISABLED=1
 ENV PRISMA_CLI_BINARY_TARGETS=debian-openssl-3.0.x
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"

 RUN apt-get update && apt-get install -y --no-install-recommends \
    openssl \
@@ -50,22 +53,16 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 RUN groupadd --system --gid 1001 nodejs \
    && useradd --system --uid 1001 --gid nodejs nextjs

-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/.next ./.next
-COPY --from=builder /app/public ./public
-COPY --from=builder /app/package.json ./package.json
-COPY --from=builder /app/prisma ./prisma
-COPY --from=builder /app/src ./src
-COPY --from=builder /app/next.config.js ./next.config.js
-COPY --from=builder /app/tsconfig.json ./tsconfig.json
-
-RUN chown -R nextjs:nodejs /app
+COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
+COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next
+COPY --from=builder --chown=nextjs:nodejs /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json
+COPY --from=builder --chown=nextjs:nodejs /app/prisma ./prisma
+COPY --from=builder --chown=nextjs:nodejs /app/src/prisma ./src/prisma
+COPY --from=builder --chown=nextjs:nodejs /app/next.config.* ./

 USER nextjs

 EXPOSE 3000

-ENV PORT=3000
-ENV HOSTNAME="0.0.0.0"
-
-CMD ["bun", "start"]
+CMD ["bun", "start"]