cs_betty/app
1
0
Fork 0
forked from cartsnitch/app
Code Pull Requests Activity
Files
81bf270ddbcfb838cd757db7f7e1a4619eaf9432
app/Dockerfile
T
cartsnitch-engineer[bot] 3be93961c7 fix: use non-root nginx image for Kubernetes runAsNonRoot compatibility 
Switch from nginx:stable-alpine to nginxinc/nginx-unprivileged:stable-alpine.
The unprivileged image runs as nginx user (UID 101) on port 8080, satisfying
the runAsNonRoot: true security context in Kubernetes.

Fixes: https://github.com/cartsnitch/infra/issues/65

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-22 01:27:20 +00:00

22 lines
526 B
Docker
Raw Blame History

# Stage 1: Build
FROM node:20-alpine AS build
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
RUN npm run build
# Stage 2: Production — uses nginxinc/nginx-unprivileged which runs as non-root (UID 101)
FROM nginxinc/nginx-unprivileged:stable-alpine AS prod
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget -qO- http://localhost:8080/health || exit 1
View Git Blame Copy Permalink