How to Deploy Deno to Docker Without Writing a Dockerfile
You can containerize any Deno application without writing a Dockerfile using migetpacks. It auto-detects your Deno version from deno.json, caches dependencies with deno install, detects your entry point automatically, and produces an optimized production image. One command, zero configuration.
Why Is Writing a Dockerfile for Deno So Complicated?
A production-ready Deno Dockerfile requires:
- Proper
DENO_DIRconfiguration for caching - Running
deno cacheto pre-compile dependencies - Determining the correct entry point
- Setting appropriate permissions (
--allow-net,--allow-env, etc.) - Layer ordering for dependency caching
- Choosing the right Deno version
Deno's built-in security model with permissions makes run commands verbose if you don't know the patterns.
How Do I Containerize a Deno App Without a Dockerfile?
Open your terminal, navigate to your Deno project, and run:
cd ~/projects/my-deno-api
docker run --rm \
-v "$PWD":/workspace/source \
-v /var/run/docker.sock:/var/run/docker.sock \
-e OUTPUT_IMAGE=my-deno-api:latest \
miget/migetpacks:latest
That's it. migetpacks will:
- Detect Deno from
deno.json,deno.jsonc, ordeno.lock - Read version from
.deno-versionordeno.json - Run
deno installfor dependency caching - Run
deno cacheto pre-compile the entry point - Output a production image with proper permissions
How Does migetpacks Detect Deno?
migetpacks detects Deno when any of these files are present:
deno.jsondeno.jsoncdeno.lock
Deno detection takes priority over Node.js. If both deno.json and package.json exist, migetpacks will detect Deno.
How Is the Deno Version Detected?
| Priority | Source | Example |
|---|---|---|
| 1 | DENO_VERSION env var | DENO_VERSION=2.0 |
| 2 | .deno-version file | 2.6.1 |
| 3 | .dvmrc file | 2.6.1 |
| 4 | version field in deno.json | "2.6.1" |
| 5 | Default | Latest stable |
How Is the Entry Point Detected?
The entry point is automatically detected in this order:
starttask indeno.json(extracts the.ts/.jsfile from the command)- Common file patterns:
main.ts,mod.ts,server.ts,app.ts,index.ts,index.js,main.js,src/main.ts,src/mod.ts - Falls back to
main.ts
What Does the Generated Dockerfile Look Like?
FROM denoland/deno:2.6.1 AS builder
WORKDIR /build
ENV DENO_DIR=/build/.deno-cache
COPY deno.json deno.lock* ./
RUN deno install
COPY . .
RUN deno cache main.ts
# Runtime stage
FROM denoland/deno:2.6.1
WORKDIR /app
COPY --from=builder /build /app
ENV DENO_DIR=/app/.deno-cache
You never write or maintain this file - migetpacks handles it automatically.
What Run Command Is Used?
The default run command:
deno run --allow-net --allow-read --allow-env {entrypoint}
Override with RUN_COMMAND or a Procfile:
web: deno run --allow-all server.ts
How Do I Build with Custom Permissions?
Specify a custom run command with your required permissions:
docker run --rm \
-v "$PWD":/workspace/source \
-v /var/run/docker.sock:/var/run/docker.sock \
-e OUTPUT_IMAGE=my-deno:latest \
-e RUN_COMMAND="deno run --allow-all server.ts" \
miget/migetpacks:latest
How Do I Build Secure Distroless Images?
Enable Docker Hardened Images for minimal containers:
docker run --rm \
-v "$PWD":/workspace/source \
-v /var/run/docker.sock:/var/run/docker.sock \
-e OUTPUT_IMAGE=my-app:latest \
-e USE_DHI=true \
miget/migetpacks:latest
DHI images for Deno are available starting from version 2.6.4. The runtime runs as the deno user (non-root) and is distroless with no shell.
Next Steps
- Full Deno documentation - version detection, permissions, DHI
- Deploy on Miget - unlimited apps, one price
- Star on GitHub - migetpacks is open source
- Related guides: Node.js, Bun