Set the base image
Use the official Node.js container image in 𝘢𝘭𝘱𝘪𝘯𝘦 variant
Advantages of using minimal base images:
➡️ reduced attack surface thanks to fewer unnecessary packages and security vulnerabilities,
➡️ improved performance thanks to efficient disk space, memory and network utilization.
Set the working directory
Set the working directory which defines the target location inside the container for all the subsequent instructions.
Copy and install depedencies
COPY package*.json /app
RUN npm install
Use 𝘯𝘱𝘮 to install dependencies. By separating the dependencies from application source code you can take advantage of container layer caching. As long as you do not change the versions of libraries used by your application, the cached version of previously built layers will be reused, which will significantly shorten the build time.
Copy the application code
COPY --chown=node:node app.js /app
Copy the source code of your application to the working directory configured in the second step.
Run as non-privileged user
Ensure that processes running in your container will be executed in non-privileged mode. Since a non-privileged user called 𝘯𝘰𝘥𝘦 is already registered in the base Node.js image, just use it.
Set the entry command
CMD ["node", "app.js"]
Finally, specify which application should be executed when the container starts.
FROM node:20-alpine WORKDIR /app COPY package*.json /app RUN npm install COPY --chown=node:node app.js /app USER node CMD ["node", "app.js"]