You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since the loopback scaffolding automatically generates a Dockerfile, I've noticed a lot of developers in our organisation assume that this Dockerfile is ready out-of-the-box for production deployments.
Is the generated Dockerfile meant for local developer use? In this case, I think it might be good to mention this somewhere (maybe in the Dockerfile itself) and that it needs some adjustments to be production ready.
Alternatively, I would suggest these changes:
The Dockerfile uses npm install, which is great for local development, but I think it should be npm ci for deployments. npm ci --only=production would be even better, but that won't work without additional changes, because of my next point.
The built Dockerfile includes devDependencies. If I build it as-is (e.g. docker build .), the image size is 393MB because it includes all of the original TypeScript, the transpiled JavaScript, dependencies, and devDependencies. Changing npm install to npm ci --only=production won't work in a single-stage build because those devDependencies are needed to transpile the TypeScript. By using a multi-stage build, this allows only including the needed files, which reduces the image size to 277MB, and should have a positive impact on storage, deployment times, application startup times, etc.
The Dockerfile does the build at runtime, so every time the application is run, it calls npm start, which calls prestart, which calls rebuild, which calls build (and so on). The build should be done when the container is built, so when the container is run, all it has to do is run the code.
I'm not an expert, but here's a Dockerfile that uses a mutli-stage build to fix all of the above issues:
# Check out https://hub.docker.com/_/node to select a new base imageFROM docker.io/library/node:18-slim as builder
# Set to a non-root built-in user `node`USER node
# Create app directory (with user `node`)RUN mkdir -p /home/node/app
WORKDIR /home/node/app
# Install app dependencies# A wildcard is used to ensure both package.json AND package-lock.json are copied# where available (npm@5+)COPY --chown=node package*.json ./
RUN npm ci
# Bundle app source codeCOPY --chown=node . .
RUN npm run build
FROM docker.io/library/node:18-slim
USER node
RUN mkdir -p /home/node/app
WORKDIR /home/node/app
COPY --chown=node --from=builder /home/node/app/dist dist
COPY --chown=node --from=builder /home/node/app/package*.json ./
RUN npm ci --only=production
# Bind to all network interfaces so that it can be mapped to the host OSENV HOST=0.0.0.0 PORT=3000
EXPOSE ${PORT}
CMD [ "node", "." ]
Logs
No response
Additional information
No response
Reproduction
Generate a new application
CD to the directory
Build the Dockerfile and observe the size
Change npm install to npm ci --only=production in Dockerfile
Build an image using the Dockerfile and observe that the build fails
The text was updated successfully, but these errors were encountered:
@bmaupin, thanks for your suggestion. Would it work better to use npm install --production then?
I think my original wording in the issue description was a bit misleading so I tried to update it. The short version is that npm ci --only=production is ideal for the final built image but will only work with some additional changes to the Dockerfile.
As far as I understand, npm install should only be used for local development. When building the application for deployment (especially for production), npm ci should be used. It ensures that the dependencies are installed cleanly and will also result in reproducible builds; this isn't the case with npm install because it may update packages in package-lock.json unless package versions are explicitly pinned.
In addition, modifying the existing Dockerfile (I think this is it? and replacing npm install with npm install --production will break the build, because the devDependencies are required for the npm run build command to work.
I had to solve this with a multi-stage build in my example above, where the first stage uses npm ci to install all dependencies (including devDependencies) and run the build, then in the second stage, the built JavaScript files are copied and npm ci --only=production is run to exclude devDependencies from the final container image.
I was working with a Loopback 4 application today and I noticed another issue with the generated Dockerfile: it does a build every time the container image is run. This of course is slower, and it also presents more potential points of failure at runtime.
The Dockerfile I proposed already remediates this, but I added an extra note about this in the issue description.
Describe the bug
Since the loopback scaffolding automatically generates a
Dockerfile
, I've noticed a lot of developers in our organisation assume that this Dockerfile is ready out-of-the-box for production deployments.Is the generated
Dockerfile
meant for local developer use? In this case, I think it might be good to mention this somewhere (maybe in the Dockerfile itself) and that it needs some adjustments to be production ready.Alternatively, I would suggest these changes:
npm install
, which is great for local development, but I think it should benpm ci
for deployments.npm ci --only=production
would be even better, but that won't work without additional changes, because of my next point.docker build .
), the image size is 393MB because it includes all of the original TypeScript, the transpiled JavaScript, dependencies, and devDependencies. Changingnpm install
tonpm ci --only=production
won't work in a single-stage build because those devDependencies are needed to transpile the TypeScript. By using a multi-stage build, this allows only including the needed files, which reduces the image size to 277MB, and should have a positive impact on storage, deployment times, application startup times, etc.npm start
, which callsprestart
, which callsrebuild
, which callsbuild
(and so on). The build should be done when the container is built, so when the container is run, all it has to do is run the code.I'm not an expert, but here's a Dockerfile that uses a mutli-stage build to fix all of the above issues:
Logs
No response
Additional information
No response
Reproduction
npm install
tonpm ci --only=production
in DockerfileThe text was updated successfully, but these errors were encountered: