Add Dockerfile and automation to build and publish a docker image

2026-05-26 15:16:14 +00:00 · 2026-05-06 00:02:53 +02:00
parent fdc0f50a97
commit 40df8112bd
9 changed files with 609 additions and 3 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -0,0 +1,24 @@
+# Stage 1: Compile the React/TypeScript bundle
+FROM node:20-alpine AS react-builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# Stage 2: Package static assets & Caddy binary on Distroless Static
+FROM gcr.io/distroless/static-debian12
+USER nonroot:nonroot
+WORKDIR /app
+
+# Copy static Caddy binary from the official Caddy image
+COPY --from=caddy:2.7.6-alpine /usr/bin/caddy /usr/bin/caddy
+
+# Copy Caddy server config with nonroot ownership
+COPY --chown=nonroot:nonroot docker/Caddyfile ./
+
+# Copy React build outputs with nonroot ownership to support strict read-only filesystem deployments
+COPY --chown=nonroot:nonroot --from=react-builder /app/dist ./public
+
+EXPOSE 8080
+ENTRYPOINT ["/usr/bin/caddy", "run", "--config", "./Caddyfile", "--adapter", "caddyfile"]