cadence-workflow · borja-rivera · Jul 16, 2025 · Jul 17, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -41,31 +41,28 @@ RUN npm run build
 RUN npm run build-standalone
 RUN npm run post-build-standalone
 
-# Production image, copy all the files and run next
-FROM base AS runner
+# Production image as distroless, copy all the files and run next
+FROM gcr.io/distroless/nodejs18:nonroot AS runner
 WORKDIR /app
 
 ENV NODE_ENV production
 # Uncomment the following line in case you want to disable telemetry during runtime.
 ENV NEXT_TELEMETRY_DISABLED 1
 
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
 
 COPY --from=builder /app/public ./public
 
 
-# Set the correct permission for prerender cache
-RUN mkdir .next
-RUN chown nextjs:nodejs .next
 
 # Automatically leverage output traces to reduce image size
 # https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder --chown=nextjs:nodejs /app/src/__generated__/ ./src/__generated__/ 
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder /app/src/__generated__/ ./src/__generated__ 
+COPY --from=builder /app/.next/standalone ./
+COPY --from=builder /app/.next/static ./.next/static
 
-USER nextjs
+ENV CADENCE_WEB_PORT=8088
+ENV CADENCE_WEB_HOSTNAME=0.0.0.0
 
+EXPOSE 8088
 
-CMD  ["sh","-c", "CADENCE_WEB_PORT=${CADENCE_WEB_PORT:-8088} CADENCE_WEB_HOSTNAME=${CADENCE_WEB_HOSTNAME:-0.0.0.0} exec node server.js"]
+CMD ["server.js"]