Atridad Lahiji
9739f0a4f2
Some checks failed
Docker Deploy / build-and-push (push) Has been cancelled
168 lines
4.7 KiB
Docker
168 lines
4.7 KiB
Docker
# Multi-stage build optimized for maximum build speed
|
|
# This version uses a Chrome-enabled base for fastest rebuilds
|
|
|
|
# Stage 1: Chrome base (cached once, reused forever)
|
|
FROM node:18-slim AS chrome-base
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
wget gnupg ca-certificates \
|
|
&& wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/googlechrome-linux-keyring.gpg \
|
|
&& echo "deb [arch=amd64 signed-by=/usr/share/keyrings/googlechrome-linux-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
|
|
&& apt-get update && apt-get install -y --no-install-recommends \
|
|
google-chrome-stable \
|
|
fonts-liberation libasound2 libatk-bridge2.0-0 libatk1.0-0 \
|
|
libcairo2 libcups2 libdbus-1-3 libdrm2 libgtk-3-0 libnspr4 \
|
|
libnss3 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 \
|
|
libxss1 libxtst6 lsb-release xdg-utils \
|
|
&& rm -rf /var/lib/apt/lists/* && apt-get clean
|
|
|
|
# Stage 2: Dependencies (cached when package.json unchanged)
|
|
FROM chrome-base AS deps
|
|
WORKDIR /app
|
|
RUN npm i -g pnpm
|
|
COPY package.json pnpm-lock.yaml ./
|
|
RUN pnpm install --frozen-lockfile
|
|
|
|
# Stage 3: Builder (only rebuilds when source changes)
|
|
FROM deps AS builder
|
|
COPY . .
|
|
RUN pnpm run build
|
|
|
|
# Stage 4: Production dependencies (cached separately)
|
|
FROM chrome-base AS prod-deps
|
|
WORKDIR /app
|
|
RUN npm i -g pnpm
|
|
COPY package.json pnpm-lock.yaml ./
|
|
RUN pnpm install --prod --frozen-lockfile && pnpm store prune
|
|
|
|
# Stage 5: Runtime (fastest layer, only copies artifacts)
|
|
FROM chrome-base AS runtime
|
|
WORKDIR /app
|
|
|
|
# Create user (cached)
|
|
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
|
|
&& mkdir -p /home/pptruser/Downloads \
|
|
&& chown -R pptruser:pptruser /home/pptruser
|
|
|
|
# Copy artifacts (only changes when build changes)
|
|
COPY --from=builder /app/dist ./dist
|
|
COPY --from=prod-deps /app/node_modules ./node_modules
|
|
COPY --from=prod-deps /app/package.json ./package.json
|
|
|
|
# Set ownership and environment
|
|
RUN chown -R pptruser:pptruser /app
|
|
ENV HOST=0.0.0.0 \
|
|
PORT=4321 \
|
|
PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
|
|
PUPPETEER_EXECUTABLE_PATH=/usr/bin/google-chrome-stable \
|
|
NODE_ENV=production
|
|
|
|
USER pptruser
|
|
EXPOSE 4321
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD node -e "const http = require('http'); const options = { host: 'localhost', port: 4321, timeout: 2000 }; const req = http.request(options, (res) => { process.exit(res.statusCode === 200 ? 0 : 1); }); req.on('error', () => process.exit(1)); req.end();"
|
|
|
|
CMD ["node", "./dist/server/entry.mjs"]
|
|
|
|
FROM node:18-slim AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Install pnpm
|
|
RUN npm i -g pnpm
|
|
|
|
# Copy package files
|
|
COPY package.json pnpm-lock.yaml ./
|
|
|
|
# Install dependencies
|
|
RUN pnpm install
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the application
|
|
RUN pnpm run build
|
|
|
|
FROM node:lts AS runtime
|
|
WORKDIR /app
|
|
|
|
# Install pnpm
|
|
RUN npm i -g pnpm
|
|
|
|
# Install Chrome dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
wget \
|
|
gnupg \
|
|
ca-certificates \
|
|
fonts-liberation \
|
|
libasound2 \
|
|
libatk-bridge2.0-0 \
|
|
libatk1.0-0 \
|
|
libc6 \
|
|
libcairo-gobject2 \
|
|
libcairo2 \
|
|
libcups2 \
|
|
libdbus-1-3 \
|
|
libexpat1 \
|
|
libfontconfig1 \
|
|
libgbm1 \
|
|
libgcc1 \
|
|
libglib2.0-0 \
|
|
libgtk-3-0 \
|
|
libnspr4 \
|
|
libnss3 \
|
|
libpango-1.0-0 \
|
|
libpangocairo-1.0-0 \
|
|
libstdc++6 \
|
|
libx11-6 \
|
|
libx11-xcb1 \
|
|
libxcb1 \
|
|
libxcomposite1 \
|
|
libxcursor1 \
|
|
libxdamage1 \
|
|
libxext6 \
|
|
libxfixes3 \
|
|
libxi6 \
|
|
libxrandr2 \
|
|
libxrender1 \
|
|
libxss1 \
|
|
libxtst6 \
|
|
lsb-release \
|
|
xdg-utils \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install Chrome
|
|
RUN wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - \
|
|
&& echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
|
|
&& apt-get update \
|
|
&& apt-get install -y google-chrome-stable \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy built application
|
|
COPY --from=builder /app/dist ./dist
|
|
COPY package.json pnpm-lock.yaml ./
|
|
|
|
# Install production dependencies
|
|
RUN pnpm install --prod
|
|
|
|
# Create a non-root user for security
|
|
RUN groupadd -r pptruser && useradd -r -g pptruser -G audio,video pptruser \
|
|
&& mkdir -p /home/pptruser/Downloads \
|
|
&& chown -R pptruser:pptruser /home/pptruser \
|
|
&& chown -R pptruser:pptruser /app
|
|
|
|
# Set environment variables
|
|
ENV HOST=0.0.0.0
|
|
ENV PORT=4321
|
|
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true
|
|
ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/google-chrome-stable
|
|
|
|
# Expose port
|
|
EXPOSE 4321
|
|
|
|
# Switch to non-root user
|
|
USER pptruser
|
|
|
|
# Start the application
|
|
CMD ["node", "./dist/server/entry.mjs"]
|