Port dev dockerfiles into stages

Author: sidpalas

.gitignore

@@ -1,4 +1,5 @@
 **/node_modules
+**/.npm
 *.un~
 *.json~
 

05-example-web-application/api-node/.dockerignore

@@ -1 +1,2 @@
-node_modules
+node_modules
+.npm

05-example-web-application/client-react/.dockerignore

@@ -1 +1,2 @@
-node_modules
+node_modules
+.npm

06-building-container-images/api-golang/Dockerfile.8

@@ -0,0 +1,72 @@
+# Pin specific version for stability
+# Use separate stage for building image
+# Use debian for easier build utilities
+FROM golang:1.19-bullseye AS base-builder
+
+# Add non root user
+RUN useradd -u 1001 nonroot
+
+WORKDIR /app 
+
+# Copy only files required to install dependencies (better layer caching)
+COPY go.mod go.sum ./
+
+# Use cache mount to speed up install of existing dependencies
+RUN --mount=type=cache,target=/go/pkg/mod \
+  --mount=type=cache,target=/root/.cache/go-build \
+  go mod download
+
+# Dev stage with additional dev dependencies installed
+FROM base-builder AS dev
+
+# Install air for hot reload & delve for debugging
+RUN go install github.com/cosmtrek/air@latest && \
+  go install github.com/go-delve/delve/cmd/dlv@latest
+
+COPY . .
+
+CMD ["air", "-c", ".air.toml"]
+
+# Production builder stage to produce the static binaries
+FROM base-builder AS production-builder
+
+COPY . .
+
+# Compile healthcheck
+RUN go build \
+  -ldflags="-linkmode external -extldflags -static" \
+  -tags netgo \
+  -o healthcheck \
+  ./healthcheck/healthcheck.go
+
+# Compile application during build rather than at runtime
+# Add flags to statically link binary
+RUN go build \
+  -ldflags="-linkmode external -extldflags -static" \
+  -tags netgo \
+  -o api-golang
+
+# Use separate stage for deployable image
+FROM scratch AS production
+
+# Set gin mode
+ENV GIN_MODE=release
+
+WORKDIR /
+
+# Copy the passwd file
+COPY --from=production-builder /etc/passwd /etc/passwd
+
+# Copy the healthcheck binary from the build stage
+COPY --from=production-builder /app/healthcheck/healthcheck healthcheck
+
+# Copy the app binary from the build stage
+COPY --from=production-builder /app/api-golang api-golang
+
+# Use nonroot user
+USER nonroot
+
+# Indicate expected port
+EXPOSE 8080
+
+CMD ["/api-golang"]

06-building-container-images/api-node/Dockerfile.9

@@ -0,0 +1,51 @@
+# Pin specific version for stability
+# Use alpine for reduced image size
+FROM node:19.6-alpine AS base
+
+# Set NODE_ENV
+ENV NODE_ENV production
+
+# Specify working directory other than /
+WORKDIR /usr/src/app
+
+# Copy only files required to install
+# dependencies (better layer caching)
+COPY package*.json ./
+
+# Development stage to include dev + production dependencies
+FROM base AS dev
+
+# Install all dependencies (including development ones)
+# For the dev image
+RUN --mount=type=cache,target=/usr/src/app/.npm \
+  npm set cache /usr/src/app/.npm && \
+  npm install
+
+COPY . .
+
+CMD [ "npm", "run", "dev" ]
+
+# Production stage optimzed for deployment
+FROM base AS production
+
+# Install only production dependencies
+# Use cache mount to speed up install of existing dependencies
+RUN --mount=type=cache,target=/usr/src/app/.npm \
+  npm set cache /usr/src/app/.npm && \
+  npm ci --only=production
+
+# Use non-root user
+# Use --chown on COPY commands to set file permissions
+USER node
+
+# Copy the healthcheck script
+COPY --chown=node:node ./healthcheck/ .
+
+# Copy remaining source code AFTER installing dependencies. 
+# Again, copy only the necessary files
+COPY --chown=node:node ./src/ .
+
+# Indicate expected port
+EXPOSE 3000
+
+CMD [ "node", "index.js" ]

08-running-containers/Makefile

@@ -84,7 +84,7 @@ docker-run-all:
 	docker run -d \
 		--name client-react-nginx \
 		--network my-network \
-		-p 5174:80 \
+		-p 80:8080 \
 		--restart unless-stopped \
 		--link=api-node \
 		--link=api-golang \

08-running-containers/docker-compose.yml

@@ -3,7 +3,7 @@ services:
     image: client-react-vite
     build:
       context: ../05-example-web-application/client-react/
-      dockerfile: ../../06-building-container-images/client-react/Dockerfile.4
+      dockerfile: ../../06-building-container-images/client-react/Dockerfile.3
     init: true
     volumes:
       - ${PWD}/client-react/vite.config.js:/usr/src/app/vite.config.js
@@ -26,7 +26,7 @@ services:
     image: api-node
     build:
       context: ../05-example-web-application/api-node/
-      dockerfile: ../../06-building-container-images/api-node/Dockerfile.8
+      dockerfile: ../../06-building-container-images/api-node/Dockerfile.7
     init: true
     depends_on:
       - db

11-development-workflow/api-golang/Dockerfile.dev

@@ -3,6 +3,8 @@ services:
     build:
       context: ../05-example-web-application/client-react/
       dockerfile: ../../06-building-container-images/client-react/Dockerfile.3
+    networks:
+      - frontend
     ports:
       - 5173:5173
     volumes:
@@ -18,7 +20,7 @@ services:
   api-node:
     build:
       context: ../05-example-web-application/api-node/
-      dockerfile: ../../11-development-workflow/api-node/Dockerfile.dev
+      dockerfile: ../../06-building-container-images/api-node/Dockerfile.9
       target: dev
     volumes:
       - type: bind
@@ -31,13 +33,17 @@ services:
       - db
     environment:
       - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    networks:
+      - frontend
+      - backend
     ports:
       - "3000:3000"
     restart: unless-stopped
   api-golang:
     build:
       context: ../05-example-web-application/api-golang/
-      dockerfile: ../../11-development-workflow/api-golang/Dockerfile.dev
+      dockerfile: ../../06-building-container-images/api-golang/Dockerfile.8
+      target: dev
     volumes:
       - type: bind
         source: ../05-example-web-application/api-golang/
@@ -47,6 +53,9 @@ services:
       - db
     environment:
       - DATABASE_URL=postgres://postgres:foobarbaz@db:5432/postgres
+    networks:
+      - frontend
+      - backend
     ports:
       - "8080:8080"
     restart: unless-stopped
@@ -56,7 +65,12 @@ services:
       - pgdata:/var/lib/postgresql/data
     environment:
       - POSTGRES_PASSWORD=foobarbaz
+    networks:
+      - backend
     ports:
       - 5432:5432
 volumes:
-  pgdata:
+  pgdata:
+networks:
+  frontend:
+  backend: