build: optimize Dockerfiles for production and pin dependencies

Implement multi-stage build and static server for frontend Run containers as non-root user and set production environment Pin all package dependencies to exact versions
2026-05-03 15:35:00 +08:00
parent 7aa80430d9
commit 590bd6a0ae
7 changed files with 165 additions and 57 deletions
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -1,11 +1,17 @@
 FROM node:22-alpine

+WORKDIR /app
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY backend/package.json ./backend/package.json
+COPY frontend/package.json ./frontend/package.json
+RUN corepack enable && corepack prepare pnpm@10.33.2 --activate && pnpm install --frozen-lockfile --filter @pokopia/backend...
+COPY backend ./backend
+COPY data ./data
+COPY system-wordings.ts ./system-wordings.ts
+RUN mkdir -p /app/uploads && chown -R node:node /app
+
+ENV NODE_ENV=production
 WORKDIR /app/backend
-COPY backend/package.json ./
-RUN corepack enable && pnpm install
-COPY backend/. .
-COPY data /app/data
-COPY package.json /app/package.json
-COPY system-wordings.ts /app/system-wordings.ts
+USER node
 EXPOSE 3001
 CMD ["pnpm", "run", "start"]