YasharF
commented
1 year ago prevents secrets and environment variables from being baked into the Dockerfile
The .env.example file is a placeholder. You should not use it for production deployments. dotenv npm module does not use the values if the values are set as part of the environment variables. See the FAQ section at https://www.npmjs.com/package/dotenv
Dockerfile sets NODE_ENV to production
The environment shouldn't be set to production as this is a hackathon project boiler plate.
Feel free to submit a separate PR for the docker version upgrade. Please use an LTS version, test it and keep the PR limited to the version upgrade. Perhaps https://github.com/sahat/hackathon-starter/blob/master/prod-checklist.md could use some info on moving from dev to prod for docker based projects. Feel free to take a stab at it.
Dockerfile
prevents secrets and environment variables from being baked into the Dockerfile
Secrets and other environment variables should not be baked into an image. Instead, run the docker container with the
--env-file=argument. See docker run options --env-file Example:Dockerfile base image uses matching node version
Node version in
package.jsonis 16. This other PR #1217 pins the lts/gallium node version Dockerfile base image now uses the same node versionDockerfile base image uses smaller alpine os
alpine base images are much smaller, which also means deploys are faster.
Dockerfile sets NODE_ENV to production
❗️Breaking Change
Sets the default NODE_ENV to production so that dotenv can conditionally skip loading .env
Conditional requirement of dotenv
dotenv should not be required in production. if using docker, use
--env-file=if using docker-compose, use