unknownbin/Dockerfile

# --- Base Stage ---
# Use a lightweight and secure Node.js base image
FROM node:20-alpine AS base

# Set the working directory in the container
WORKDIR /usr/src/app

# Copy package files and install dependencies
# This leverages Docker's layer caching
COPY package*.json ./
RUN npm install --only=production


# --- Build Stage ---
# This stage builds the static assets
FROM base AS build

# Install all dependencies (including devDependencies) to run the build script
COPY package*.json ./
RUN npm install

# Copy the rest of the application source code
COPY . .

# Run the build script to minify CSS and JS
RUN npm run build


# --- Production Stage ---
# This is the final, lean image that will be run
FROM base AS production

# Install 'su-exec' which is a lightweight tool for switching users
RUN apk add --no-cache su-exec

# Create a non-root user and group for security
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

# Copy application files from the build stage
COPY --from=build /usr/src/app/node_modules ./node_modules
COPY --from=build /usr/src/app/views ./views
COPY --from=build /usr/src/app/static ./static
COPY --from=build /usr/src/app/lib ./lib
COPY --from=build /usr/src/app/server.js .
COPY --from=build /usr/src/app/config.json .
COPY --from=build /usr/src/app/entrypoint.sh /usr/local/bin/entrypoint.sh

# Ensure the entrypoint script is executable
RUN chmod +x /usr/local/bin/entrypoint.sh

# Create the data directory. The entrypoint will fix its permissions at runtime.
RUN mkdir -p data

# Set the entrypoint to our script
ENTRYPOINT ["entrypoint.sh"]

# Expose the port the app runs on
EXPOSE 8080

# The default command to start the application. This gets passed to the entrypoint.
CMD [ "node", "server.js" ]