build: optimize Dockerfiles for production and pin dependencies

Implement multi-stage build and static server for frontend Run containers as non-root user and set production environment Pin all package dependencies to exact versions
2026-05-03 15:35:00 +08:00
parent 7aa80430d9
commit 590bd6a0ae
7 changed files with 165 additions and 57 deletions
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -1,10 +1,28 @@
+FROM node:22-alpine AS build
+
+WORKDIR /app
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY backend/package.json ./backend/package.json
+COPY frontend/package.json ./frontend/package.json
+RUN corepack enable && corepack prepare pnpm@10.33.2 --activate && pnpm install --frozen-lockfile --filter @pokopia/frontend...
+COPY frontend ./frontend
+COPY system-wordings.ts ./system-wordings.ts
+
+ARG VITE_API_BASE_URL=http://localhost:3001
+ARG VITE_SITE_URL=https://pokopiawiki.tootaio.com
+ENV VITE_API_BASE_URL=$VITE_API_BASE_URL
+ENV VITE_SITE_URL=$VITE_SITE_URL
+RUN pnpm --filter @pokopia/frontend build
+
 FROM node:22-alpine

-WORKDIR /app/frontend
-COPY frontend/package.json ./
-RUN corepack enable && pnpm install
-COPY frontend/. .
-COPY package.json /app/package.json
-COPY system-wordings.ts /app/system-wordings.ts
+ENV NODE_ENV=production
+ENV PORT=20015
+
+WORKDIR /app
+COPY --from=build /app/frontend/dist ./dist
+COPY frontend/static-server.mjs ./static-server.mjs
+
+USER node
 EXPOSE 20015
-CMD ["pnpm", "run", "dev"]
+CMD ["node", "static-server.mjs"]