Bart/9router
1
0
Fork 0
mirror of https://github.com/decolua/9router.git synced 2026-05-08 12:01:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: harden Dockerfile and workflow security

Browse Source
This commit is contained in:
Doan Minh Tu
2026-03-11 06:49:10 +07:00
parent aa2b83e1f6
commit 91c1bc848e
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -5,6 +5,7 @@ COPY package*.json ./
RUN if [ -f package-lock.json ]; then npm ci --no-audit --no-fund; else npm install --no-audit --no-fund; fi
COPY . ./
ENV NEXT_TELEMETRY_DISABLED=1
RUN npm run build
FROM node:20-alpine AS runner
@@ -15,15 +16,18 @@ LABEL org.opencontainers.image.title="9router"
ENV NODE_ENV=production
ENV PORT=20128
ENV HOSTNAME=0.0.0.0
ENV NEXT_TELEMETRY_DISABLED=1
# Runtime writable location for localDb when DATA_DIR is configured to /app/data
RUN mkdir -p /app/data
RUN mkdir -p /app/data && chown node:node /app/data
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/static ./.next/static
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/open-sse ./open-sse
USER node
EXPOSE 20128
CMD ["node", "server.js"]