Dev_Tech_Learnings/18_DockerFileWritting at main · Rounak00/Dev_Tech_Learnings · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# =========================================
# Dockerfile Cheat Sheet (Complete – SDE-1)
# =========================================


# ---------- BASE IMAGE ----------
# FROM sets the base image for your application
# Everything runs on top of this image
FROM node:20-alpine


# ---------- BUILD ARGUMENT ----------
# ARG is used at BUILD TIME only
# Can be passed using: docker build --build-arg NODE_ENV=dev .
ARG NODE_ENV=production


# ---------- ENVIRONMENT VARIABLES ----------
# ENV is available at RUNTIME inside container
ENV NODE_ENV=${NODE_ENV}
ENV PORT=3000


# ---------- WORKING DIRECTORY ----------
# Sets the working directory inside container
# If not exists, Docker creates it
# All COPY, RUN, CMD work relative to this
WORKDIR /app


# ---------- COPY (Dependency Files First) ----------
# Copy only dependency files
# Helps Docker layer caching
COPY package.json package-lock.json ./


# ---------- RUN (Build-time command) ----------
# Executes during image build
# Each RUN creates a new image layer
RUN npm install


# ---------- COPY (Application Code) ----------
# Copies entire project from build context
# First '.' → host build context
# Second '.' → WORKDIR (/app)
COPY . .


# ---------- USER (Security Best Practice) ----------
# Avoid running app as root (optional for SDE-1)
# RUN addgroup -S app && adduser -S app -G app
# USER app


# ---------- EXPOSE ----------
# Documents the port the app listens on
# Does NOT actually open the port
EXPOSE 3000


# ---------- HEALTHCHECK ----------
# Lets Docker know how to check if app is healthy
# Optional but good to know
HEALTHCHECK --interval=30s --timeout=5s \
  CMD curl -f http://localhost:3000/ || exit 1


# ---------- ENTRYPOINT ----------
# Defines the main executable
# Usually fixed and not overridden
# ENTRYPOINT ["node"]


# ---------- CMD ----------
# Default command when container starts
# Can be overridden at runtime
CMD ["npm", "start"]


# =========================================
# KEY CONCEPT NOTES (Interview Gold)
# =========================================
# RUN        → build time
# CMD        → runtime
# ENTRYPOINT → fixed executable
# ARG        → build time only
# ENV        → runtime environment
# COPY       → host → container
# WORKDIR   → current directory inside container
# EXPOSE    → documentation only
# =========================================


# --------------------------------------------Mulristage build-------------------------------------------------------------
    # =========================================
# MULTI-STAGE DOCKERFILE (Node.js Example)
# =========================================


# ---------- STAGE 1: BUILD STAGE ----------
# This stage is used ONLY to build the app
# It can be large and heavy (dev dependencies allowed)

FROM node:20 AS builder
# AS builder → names this stage "builder"

# Set working directory inside container
WORKDIR /app

# Copy dependency files first for caching
COPY package.json package-lock.json ./

# Install ALL dependencies (including dev)
RUN npm install

# Copy application source code
COPY . .

# Build the application (e.g. React / TS / Next build)
RUN npm run build


# ---------- STAGE 2: PRODUCTION STAGE ----------
# This stage is the FINAL image
# Should be small, secure, production-ready

FROM node:20-alpine
# Smaller base image for production

# Set working directory
WORKDIR /app

# Copy only the built output from builder stage
# --from=builder → copy files from stage 1
COPY --from=builder /app/dist ./dist

# Copy only required files
COPY package.json package-lock.json ./

# Install ONLY production dependencies
RUN npm install --production

# Expose application port
EXPOSE 3000

# Start the app
CMD ["node", "dist/index.js"]


# =========================================
# WHY MULTI-STAGE?
# - Build tools stay in builder image
# - Final image is smaller & secure
# - Faster deployments
# =========================================

# Why we need Multi-Stage Docker builds (exactly) Core idea (1 line 🔥)
# Multi-stage builds separate build-time work from runtime needs, so the final image contains only what is required to run the app.


# Advices
# 1. dockerignore file is also there that docker cant see
# 2. volume mostly good to use in compose file