Domestique

# Build stage FROM node:25-alpine AS builder WORKDIR /app # Copy package files COPY package.json package-lock.json* ./ # Install all dependencies (including dev) # Use npm install to generate lock file, or npm ci if lock file exists RUN npm install # Copy source files COPY tsconfig.json ./ COPY src/ ./src/ # Build TypeScript RUN npm run build # Test stage FROM builder AS test # Copy test files COPY vitest.config.ts ./ COPY tests/ ./tests/ # Run tests CMD ["npm", "run", "test"] # Production stage FROM node:25-alpine AS production # Create non-root user for security RUN addgroup -g 1001 -S nodejs && \ adduser -S nodejs -u 1001 WORKDIR /app # Copy package files COPY package.json package-lock.json* ./ # Install production dependencies only RUN npm install --omit=dev && npm cache clean --force # Copy built files from builder COPY --from=builder /app/dist ./dist # Set ownership to non-root user RUN chown -R nodejs:nodejs /app # Switch to non-root user USER nodejs # Expose port EXPOSE 3000 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1 # Start server CMD ["node", "dist/index.js"]