new version

Dockerfile

@@ -0,0 +1,83 @@
+# syntax=docker/dockerfile:1.7
+# ─────────────────────────────────────────────────────────────────────────────
+#  Production Dockerfile for CryptoWallet API
+#  Multi-stage: deps → build → prod-deps → runtime
+#  Runtime: non-root user, tini (signal handling), wget (healthcheck)
+# ─────────────────────────────────────────────────────────────────────────────
+
+ARG NODE_VERSION=20.19-alpine
+ARG PNPM_VERSION=10.28.2
+
+# ─────────────────────────────────────────────────────────────────────────────
+# Base: node + pnpm
+# ─────────────────────────────────────────────────────────────────────────────
+FROM node:${NODE_VERSION} AS base
+ARG PNPM_VERSION
+RUN corepack enable && corepack prepare pnpm@${PNPM_VERSION} --activate
+WORKDIR /app
+ENV NODE_ENV=production \
+    CI=true \
+    HUSKY=0
+
+# ─────────────────────────────────────────────────────────────────────────────
+# deps: install ALL deps (incl. dev) for TypeScript build
+# ─────────────────────────────────────────────────────────────────────────────
+FROM base AS deps
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
+COPY apps/api/package.json apps/api/
+RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
+    pnpm install --frozen-lockfile --prod=false
+
+# ─────────────────────────────────────────────────────────────────────────────
+# build: compile TypeScript → dist/
+# ─────────────────────────────────────────────────────────────────────────────
+FROM base AS build
+COPY --from=deps /app/node_modules ./node_modules
+COPY --from=deps /app/apps/api/node_modules ./apps/api/node_modules
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
+COPY apps/api ./apps/api
+RUN cd apps/api && pnpm build
+
+# ─────────────────────────────────────────────────────────────────────────────
+# prod-deps: only production dependencies (smaller image)
+# ─────────────────────────────────────────────────────────────────────────────
+FROM base AS prod-deps
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
+COPY apps/api/package.json apps/api/
+RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
+    pnpm install --frozen-lockfile --prod
+
+# ─────────────────────────────────────────────────────────────────────────────
+# runtime: minimal production image
+# ─────────────────────────────────────────────────────────────────────────────
+FROM node:${NODE_VERSION} AS runtime
+
+# tini for proper PID 1 / signal handling
+# wget for healthcheck
+RUN apk add --no-cache tini wget && \
+    addgroup -S -g 1001 app && \
+    adduser -S -u 1001 -G app app
+
+WORKDIR /app/apps/api
+
+# Copy production dependencies
+COPY --from=prod-deps --chown=app:app /app/node_modules /app/node_modules
+COPY --from=prod-deps --chown=app:app /app/apps/api/node_modules ./node_modules
+
+# Copy compiled code + static assets
+COPY --from=build --chown=app:app /app/apps/api/dist ./dist
+COPY --from=build --chown=app:app /app/apps/api/swagger.json ./swagger.json
+COPY --from=build --chown=app:app /app/apps/api/package.json ./package.json
+
+USER app
+
+ENV NODE_ENV=production \
+    API_PORT=3001
+
+EXPOSE 3001
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
+    CMD wget -qO- http://localhost:3001/api/health || exit 1
+
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["node", "dist/index.js"]