Brendon Heinst
6b2187de2a
- Remove secrets from Dockerfile build args, pass as runtime env vars only - Add non-root user to Docker container - Add SKU format validation to prevent S3 key injection - Sanitize error responses in sanity-lookup route - Fix zod import to use @medusajs/framework/zod - Clean up .env.template defaults and .dockerignore
35 lines
771 B
Docker
35 lines
771 B
Docker
FROM node:20-alpine AS builder
|
|
WORKDIR /app
|
|
|
|
# Only build-time vars needed for admin dashboard compilation
|
|
ARG STORE_CORS
|
|
ARG ADMIN_CORS
|
|
ARG AUTH_CORS
|
|
ARG MEDUSA_BACKEND_URL
|
|
|
|
ENV STORE_CORS=$STORE_CORS
|
|
ENV ADMIN_CORS=$ADMIN_CORS
|
|
ENV AUTH_CORS=$AUTH_CORS
|
|
ENV MEDUSA_BACKEND_URL=$MEDUSA_BACKEND_URL
|
|
|
|
COPY package.json package-lock.json ./
|
|
RUN npm ci --legacy-peer-deps
|
|
COPY . .
|
|
RUN npm run build
|
|
|
|
FROM node:20-alpine
|
|
WORKDIR /app/server
|
|
|
|
RUN addgroup -S medusa && adduser -S medusa -G medusa
|
|
|
|
COPY --from=builder --chown=medusa:medusa /app/.medusa/server .
|
|
RUN npm install --legacy-peer-deps
|
|
|
|
COPY --chown=medusa:medusa start.sh .
|
|
COPY --chown=medusa:medusa trptk-pricing.json .
|
|
RUN chmod +x start.sh
|
|
|
|
USER medusa
|
|
ENV NODE_ENV=production
|
|
EXPOSE 9000
|
|
CMD ["sh", "start.sh"]
|