spinbox/Dockerfile at main · 312-dev/spinbox · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
FROM node:20-alpine AS base

# --- Dependencies ---
FROM base AS deps
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --omit=dev --ignore-scripts

# --- Builder ---
FROM base AS builder
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
COPY . .
ENV NEXT_TELEMETRY_DISABLED=1
RUN npm run build
# Build standalone worker (polling process)
RUN npm run worker:build

# --- Runner ---
FROM base AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1

RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 nextjs && \
    # PGlite data directory (used when DATABASE_URL is absent, e.g. CI/DAST)
    mkdir -p /app/data && chown nextjs:nodejs /app/data && \
    # Remove npm/npx (not needed at runtime) to eliminate bundled CVEs in minimatch/tar
    npm cache clean --force && rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx

# Copy migration files + migrate script (for release_command)
COPY --from=builder /app/drizzle ./drizzle
COPY --from=builder /app/src/db/migrate.mjs ./src/db/migrate.mjs
COPY --from=deps /app/node_modules ./node_modules

# Copy public assets
COPY --from=builder /app/public ./public

# Copy standalone output (overwrites node_modules with traced subset for app)
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

# Copy worker bundle
COPY --from=builder --chown=nextjs:nodejs /app/worker.js ./worker.js

USER nextjs
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"

CMD ["node", "server.js"]