-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.auth
More file actions
44 lines (33 loc) · 1.41 KB
/
Copy pathDockerfile.auth
File metadata and controls
44 lines (33 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#Build stage
FROM node:24-alpine AS builder
ARG NPM_TOKEN
WORKDIR /auth-builder
COPY ./.npmrc ./
COPY ./package.json ./package-lock.json ./
COPY ./tsconfig.base.json ./
COPY ./shared ./shared
COPY ./apps/auth ./apps/auth
RUN npm ci && npm run build --workspace=@wxyc/database --workspace=shared/** --workspace=@wxyc/auth-service
#Production stage
FROM node:24-alpine AS prod
ARG NPM_TOKEN
WORKDIR /auth-service
COPY ./.npmrc ./
COPY ./package* ./
COPY ./apps/auth/package* ./apps/auth/
COPY ./shared/database/package* ./shared/database/
COPY ./shared/authentication/package* ./shared/authentication/
RUN npm install --omit=dev && rm -f .npmrc
COPY --from=builder ./auth-builder/apps/auth/dist ./apps/auth/dist
COPY --from=builder ./auth-builder/shared/database/dist ./shared/database/dist
COPY --from=builder ./auth-builder/shared/authentication/dist ./shared/authentication/dist
# Inherit the @wxyc/database 5s default. Auth handlers finish in
# milliseconds (better-auth's queries are JWKS lookups, session reads,
# permission checks). Anything over 5s is an orphan. See
# shared/database/src/client.ts.
ENV DB_APPLICATION_NAME=wxyc-auth
# Pin NODE_ENV=production so AUTH_BYPASS and the /auth/test/* endpoints
# stay closed even if the operator's .env omits NODE_ENV. Defense in depth
# alongside the positive-list guard in auth.middleware.ts (BS#1097).
ENV NODE_ENV=production
CMD ["npm", "start", "--workspace=@wxyc/auth-service"]