fix: Optimize dockerfile

Author: spcka

Diff for: .dockerignore

@@ -43,7 +43,8 @@ tput
 
 
 
-
+docs
+build.sh
 
 
 

Diff for: Dockerfile

@@ -1,29 +1,106 @@
-# 使用 Node.js 18 作为基础镜像
-FROM node:18
+# 阶段1：基础镜像准备
+FROM node:18-alpine AS base
+
+ARG USE_CN_MIRROR
 
 # 设置工作目录
 WORKDIR /app
 
-# 复制项目文件
+# 配置国内镜像源（如果需要）
+RUN \
+    if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
+        npm config set registry https://registry.npmmirror.com/; \
+    fi
+
+# 安装必要的系统依赖（例如CA证书）
+RUN apk add --no-cache ca-certificates
+
+# 创建distroless目录，准备复制必要的运行时文件
+RUN mkdir -p /distroless/bin /distroless/lib /distroless/etc/ssl/certs /distroless/etc
+
+# 复制Node.js可执行文件
+RUN cp /usr/local/bin/node /distroless/bin/
+
+# 复制Node.js运行时依赖的库文件
+RUN ldd /usr/local/bin/node | awk '{print $3}' | grep -v '^$' | xargs -I '{}' cp '{}' /distroless/lib/
+
+# 复制动态链接器
+RUN cp /lib/ld-musl-$(uname -m).so.1 /distroless/lib/
+
+# 复制CA证书
+RUN cp -r /etc/ssl/certs /distroless/etc/ssl/
+
+# 创建非root用户
+RUN addgroup -g 1001 appgroup && \
+    adduser -D -u 1001 -G appgroup appuser
+
+# 复制用户和组信息
+RUN cp /etc/passwd /distroless/etc/passwd && \
+    cp /etc/group /distroless/etc/group
+
+
+
+# 阶段2：构建应用程序
+FROM base AS builder
+
+ARG USE_CN_MIRROR
+
+WORKDIR /app
+
+# 复制依赖文件
 COPY package.json yarn.lock ./
 
-# 安装依赖
-RUN yarn install
+# 确保在构建阶段NODE_ENV不为production
+ENV NODE_ENV=development
 
-# 复制其余项目文件
+# 配置国内镜像源并安装依赖
+RUN \
+    if [ "${USE_CN_MIRROR:-false}" = "true" ]; then \
+        npm config set registry https://registry.npmmirror.com/; \
+    fi && \
+    yarn install
+
+# 复制项目源代码
 COPY . .
 
-# 构建前端项目（Vue.js 项目）
+# 构建应用程序
 RUN yarn build
 
-# 创建数据目录
-RUN mkdir -p /app/data
+# 重新设置NODE_ENV为production
+ENV NODE_ENV=production
+
+# 删除devDependencies，减小最终镜像大小
+RUN yarn install --production --ignore-scripts --prefer-offline
+
+# 修改文件权限，使appuser拥有所有权
+RUN chown -R appuser:appgroup /app
+
+
 
-# 将数据目录设置为卷，以便使用 -v 映射
-VOLUME /app/data
+# 阶段3：构建最终的生产镜像
+FROM scratch
 
-# 暴露端口（如果您的应用在 13000 端口运行）
+# 复制distroless文件
+COPY --from=base /distroless /
+
+# 复制应用程序文件
+COPY --from=builder /app /app
+
+# 设置环境变量
+ENV NODE_ENV=production
+ENV HOSTNAME="0.0.0.0"
+ENV PORT=13000
+ENV NODE_OPTIONS="--dns-result-order=ipv4first --use-openssl-ca"
+
+# 设置工作目录
+WORKDIR /app
+
+# 暴露端口
 EXPOSE 13000
 
-# 启动应用
-CMD ["node", "server.js"]
+# 使用非root用户
+USER appuser
+
+# 启动命令
+ENTRYPOINT ["/bin/node"]
+CMD ["server.js"]

Diff for: package.json

@@ -7,19 +7,17 @@
     "dev": "vite",
     "build": "vite build",
     "preview": "vite preview",
-    "start": "node server.js"
+    "start": "node server.js",
+    "docker:install": "yarn install --production --frozen-lockfile && yarn build"
   },
   "dependencies": {
     "@ant-design/icons-vue": "^7.0.1",
-    "@vercel/kv": "^3.0.0",
-    "@vercel/node": "^3.2.24",
     "@vueuse/core": "^11.2.0",
     "ant-design-vue": "^4.0.0-rc.6",
     "axios": "^1.7.7",
     "dotenv": "^16.4.5",
     "echarts": "^5.5.1",
     "express": "^4.21.1",
-    "path": "^0.12.7",
     "vue": "^3.5.12",
     "vue-i18n": "^9.14.1",
     "vue-router": "^4.4.5"
@@ -31,5 +29,9 @@
     "unplugin-vue-components": "^0.27.4",
     "vite": "^5.4.10",
     "vite-plugin-style-import": "^2.0.0"
+  },
+  "optionalDependencies": {
+    "@vercel/kv": "^3.0.0",
+    "@vercel/node": "^3.2.24"
   }
 }