[feat] update node.js guide to use dhi image example also

Author: kristiyan-velkov

content/guides/nodejs/containerize.md

@@ -312,6 +312,161 @@ These updates help ensure your app is easy to deploy, fast to load, and producti
 
 ### Step 2: Configure the Dockerfile file
 
+Before creating a Dockerfile, you need to choose a base image. You can either use the [Node.js Official Image](https://hub.docker.com/_/node) or a Docker Hardened Image (DHI) from the [Hardened Image catalog](https://hub.docker.com/hardened-images/catalog).
+
+Choosing DHI offers the advantage of a production-ready image that is lightweight and secure. For more information, see [Docker Hardened Images](https://docs.docker.com/dhi/).
+
+{{< tabs >}}
+{{< tab name="Using Docker Hardened Images" >}}
+Docker Hardened Images (DHIs) are available for Node.js on [Docker Hub](https://hub.docker.com/hardened-images/catalog/dhi/node). Unlike using the Docker Official Image, you must first mirror the Node.js image into your organization and then use it as your base image. Follow the instructions in the [DHI quickstart](/dhi/get-started/) to create a mirrored repository for Node.js.
+
+Mirrored repositories must start with `dhi-`, for example: `FROM <your-namespace>/dhi-node:<tag>`. In the following Dockerfile, the `FROM` instruction uses `<your-namespace>/dhi-node:22` as the base image.
+
+```dockerfile
+# ========================================
+# Optimized Multi-Stage Dockerfile
+# Node.js TypeScript Application (Using DHI)
+# ========================================
+
+FROM <your-namespace>/dhi-node:22 AS base
+
+# Set working directory
+WORKDIR /app
+
+# Create non-root user for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001 -G nodejs && \
+    chown -R nodejs:nodejs /app
+
+# ========================================
+# Dependencies Stage
+# ========================================
+FROM base AS deps
+
+# Copy package files
+COPY package*.json ./
+
+# Install production dependencies
+RUN --mount=type=cache,target=/root/.npm,sharing=locked \
+    npm ci --omit=dev && \
+    npm cache clean --force
+
+# Set proper ownership
+RUN chown -R nodejs:nodejs /app
+
+# ========================================
+# Build Dependencies Stage
+# ========================================
+FROM base AS build-deps
+
+# Copy package files
+COPY package*.json ./
+
+# Install all dependencies with build optimizations
+RUN --mount=type=cache,target=/root/.npm,sharing=locked \
+    npm ci --no-audit --no-fund && \
+    npm cache clean --force
+
+# Create necessary directories and set permissions
+RUN mkdir -p /app/node_modules/.vite && \
+    chown -R nodejs:nodejs /app
+
+# ========================================
+# Build Stage
+# ========================================
+FROM build-deps AS build
+
+# Copy only necessary files for building (respects .dockerignore)
+COPY --chown=nodejs:nodejs . .
+
+# Build the application
+RUN npm run build
+
+# Set proper ownership
+RUN chown -R nodejs:nodejs /app
+
+# ========================================
+# Development Stage
+# ========================================
+FROM build-deps AS development
+
+# Set environment
+ENV NODE_ENV=development \
+    NPM_CONFIG_LOGLEVEL=warn
+
+# Copy source files
+COPY . .
+
+# Ensure all directories have proper permissions
+RUN mkdir -p /app/node_modules/.vite && \
+    chown -R nodejs:nodejs /app && \
+    chmod -R 755 /app
+
+# Switch to non-root user
+USER nodejs
+
+# Expose ports
+EXPOSE 3000 5173 9229
+
+# Start development server
+CMD ["npm", "run", "dev:docker"]
+
+# ========================================
+# Production Stage
+# ========================================
+ARG NODE_VERSION=22.21.0-alpine3.21
+FROM node:${NODE_VERSION} AS production
+
+# Set working directory
+WORKDIR /app
+
+# Create non-root user for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nodejs -u 1001 -G nodejs && \
+    chown -R nodejs:nodejs /app
+
+# Set optimized environment variables
+ENV NODE_ENV=production \
+    NODE_OPTIONS="--max-old-space-size=256 --no-warnings" \
+    NPM_CONFIG_LOGLEVEL=silent
+
+# Copy production dependencies from deps stage
+COPY --from=deps --chown=nodejs:nodejs /app/node_modules ./node_modules
+COPY --from=deps --chown=nodejs:nodejs /app/package*.json ./
+# Copy built application from build stage
+COPY --from=build --chown=nodejs:nodejs /app/dist ./dist
+
+# Switch to non-root user for security
+USER nodejs
+
+# Expose port
+EXPOSE 3000
+
+# Start production server
+CMD ["node", "dist/server.js"]
+
+# ========================================
+# Test Stage
+# ========================================
+FROM build-deps AS test
+
+# Set environment
+ENV NODE_ENV=test \
+    CI=true
+
+# Copy source files
+COPY --chown=nodejs:nodejs . .
+
+# Switch to non-root user
+USER nodejs
+
+# Run tests with coverage
+CMD ["npm", "run", "test:coverage"]
+```
+
+{{< /tab >}}
+{{< tab name="Using the official Docker image" >}}
+
 Now you need to create a production-ready multi-stage Dockerfile. Replace the generated Dockerfile with the following optimized configuration:
 
 ```dockerfile
@@ -456,6 +611,9 @@ USER nodejs
 # Run tests with coverage
 CMD ["npm", "run", "test:coverage"]
 ```
+{{< /tab >}}
+
+{{< /tabs >}}
 
 Key features of this ultra-optimized Dockerfile: