# ================================ # Build Stage # ================================ FROM node:20-alpine AS builder WORKDIR /app # Install dependencies for native modules RUN apk add --no-cache python3 make g++ # Copy package files COPY package*.json ./ # Install ALL dependencies (including devDependencies for build) RUN npm ci && npm cache clean --force # Copy source code COPY . . # Build the application RUN npm run build # Remove devDependencies after build RUN npm prune --production # ================================ # Production Stage # ================================ FROM node:20-alpine AS production WORKDIR /app # Add labels LABEL maintainer="Government of Goa" LABEL description="Goa GEL Backend - Blockchain Document Verification Platform" LABEL version="1.0.0" # Install runtime dependencies RUN apk add --no-cache \ postgresql-client \ bash \ wget # Create non-root user for security RUN addgroup -g 1001 -S nodejs && \ adduser -S nestjs -u 1001 # Copy built application from builder COPY --from=builder --chown=nestjs:nodejs /app/dist ./dist COPY --from=builder --chown=nestjs:nodejs /app/node_modules ./node_modules COPY --from=builder --chown=nestjs:nodejs /app/package*.json ./ # Copy compiled database migrations and seeds from dist (only .js files, no .d.ts or .map) COPY --from=builder --chown=nestjs:nodejs /app/dist/database/migrations ./src/database/migrations COPY --from=builder --chown=nestjs:nodejs /app/dist/database/seeds ./src/database/seeds COPY --from=builder --chown=nestjs:nodejs /app/dist/database/knexfile.js ./src/database/knexfile.js # Remove TypeScript declaration files that can confuse Knex RUN find ./src/database -name "*.d.ts" -delete && \ find ./src/database -name "*.js.map" -delete # Copy initialization scripts (shell and JS) COPY --chown=nestjs:nodejs scripts ./scripts RUN chmod +x scripts/*.sh 2>/dev/null || true # Create data directory for initialization flags RUN mkdir -p /app/data && chown nestjs:nodejs /app/data # Set environment variables ENV NODE_ENV=production ENV PORT=3001 # Expose port EXPOSE 3001 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ CMD wget --no-verbose --tries=1 --spider http://localhost:3001/api/v1/health || exit 1 # Use entrypoint script for initialization ENTRYPOINT ["/app/scripts/docker-entrypoint.sh"]