Kantin-Petit
56e948c976
Table assets sur node:sqlite (Node 24, zéro dep native) : CRUD, listByStatus, incrementExec, setRiskTier anti-escalade, expireProvisional (cron PROVISOIRE→BLOQUÉ). 6 tests. Bump Node 24 (sqlite stable), Dockerfile 24.13 + copie tsconfig.build.json. 0 vuln. Palier de risque : reversible (persistance d'état, aucune mutation d'infra). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
24 lines
880 B
Docker
24 lines
880 B
Docker
# CHLOVA backend — image multi-stage, base épinglée (jamais :latest).
|
|
# TODO épingler le digest (node:24.13-bookworm-slim@sha256:...) avant déploiement réel.
|
|
|
|
FROM node:24.13-bookworm-slim AS build
|
|
WORKDIR /app
|
|
COPY package.json package-lock.json* ./
|
|
RUN npm ci
|
|
COPY tsconfig.json tsconfig.build.json ./
|
|
COPY src ./src
|
|
RUN npm run build
|
|
|
|
FROM node:24.13-bookworm-slim AS runtime
|
|
ENV NODE_ENV=production
|
|
WORKDIR /app
|
|
COPY package.json package-lock.json* ./
|
|
RUN npm ci --omit=dev && npm cache clean --force
|
|
COPY --from=build /app/dist ./dist
|
|
# Données runtime (SQLite, P2+). L'utilisateur node ne tourne pas en root.
|
|
RUN mkdir -p /app/data && chown -R node:node /app
|
|
USER node
|
|
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
|
|
CMD node -e "fetch('http://127.0.0.1:8080/health').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"
|
|
CMD ["node", "dist/index.js"]
|