fase(22): docker production setup

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-08 06:08:18 -04:00
parent 30f293fbf8
commit ddb4f66036
6 changed files with 139 additions and 32 deletions
--- a/28
+++ b/28
@@ -13,10 +13,9 @@ RUN npm run build
 # ---- Production stage ----
 FROM node:20-alpine

-WORKDIR /app
-
-# System dependencies required by Playwright / Chromium and healthcheck
+# tini as init process + chromium for Playwright + curl for healthcheck
 RUN apk add --no-cache \
+    tini \
    chromium \
    nss \
    freetype \
@@ -29,18 +28,27 @@ RUN apk add --no-cache \
 # Tell Playwright to use the system Chromium instead of downloading its own
 ENV PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1
 ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser
+ENV NODE_ENV=production
+
+# Non-root user
+RUN addgroup -S abe && adduser -S abe -G abe
+
+WORKDIR /app

 COPY package*.json ./
-RUN npm ci --omit=dev
+RUN npm ci --omit=dev && chown -R abe:abe /app

-COPY --from=builder /app/dist ./dist
+COPY --from=builder --chown=abe:abe /app/dist ./dist

-# Runtime directories for reports and logs
-RUN mkdir -p reports logs
+# Runtime directories for data, reports and logs
+RUN mkdir -p data reports logs && chown -R abe:abe data reports logs
+
+USER abe

 EXPOSE 3001

-HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:3001/health || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
+  CMD curl -f http://localhost:3001/health/live || exit 1

-CMD ["node", "dist/server/index.js"]
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["node", "dist/main.js"]