apps/api/Dockerfile at main · danieldaum.net/kaneo

danieldaum.net / kaneo

fork atom

kaneo (minimalist kanban) fork to experiment adding a tangled integration github.com/usekaneo/kaneo

fork atom

kaneo / apps / api / Dockerfile

at main 77 lines 2.6 kB view raw

wrap content

Andrej Acevski chore: update healtcheck 5mo ago

0764f8ab

 1# Build stage
 2FROM --platform=$BUILDPLATFORM node:20-alpine AS builder
 3
 4# Install build dependencies in a single layer
 5RUN apk add --no-cache python3 make g++ && \
 6  corepack enable && \
 7  corepack prepare pnpm@10.7.0 --activate
 8
 9WORKDIR /app
10
11# Copy only package files first for better caching
12COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
13COPY packages/typescript-config/package.json ./packages/typescript-config/
14COPY packages/email/package.json ./packages/email/
15COPY packages/libs/package.json ./packages/libs/
16COPY apps/api/package.json ./apps/api/
17
18# Install dependencies
19RUN pnpm install --frozen-lockfile
20
21# Copy source files
22COPY packages/typescript-config ./packages/typescript-config
23COPY packages/email ./packages/email
24COPY packages/libs ./packages/libs
25COPY apps/api ./apps/api
26
27# Build email package first
28WORKDIR /app/packages/email
29RUN pnpm run build
30
31# Fix TypeScript config and build API
32WORKDIR /app/apps/api
33RUN sed -i 's/"extends": "@kaneo\/typescript-config\/base.json"/"extends": "..\/..\/packages\/typescript-config\/base.json"/g' /app/apps/api/tsconfig.json && \
34  pnpm run build
35
36# Production stage - use specific version tag without SHA256
37FROM node:20.12-alpine AS runtime
38
39# Set up user in a single layer
40RUN addgroup -g 1001 appuser && \
41  adduser -u 1001 -G appuser -D appuser && \
42  mkdir -p /app/apps/api/data && \
43  chown -R appuser:appuser /app
44
45WORKDIR /app
46
47# Copy package files for production install
48COPY --from=builder /app/package.json /app/pnpm-lock.yaml /app/pnpm-workspace.yaml ./
49COPY --from=builder /app/apps/api/package.json ./apps/api/
50COPY --from=builder /app/packages/typescript-config/package.json ./packages/typescript-config/
51COPY --from=builder /app/packages/libs/package.json ./packages/libs/
52COPY --from=builder /app/packages/email/package.json ./packages/email/
53
54# Install production dependencies only
55RUN sed -i 's/"prepare": "husky"/"prepare": ""/g' package.json && \
56  corepack enable && \
57  corepack prepare pnpm@10.7.0 --activate && \
58  HUSKY=0 NODE_ENV=production pnpm install --prod --frozen-lockfile --no-optional
59
60# Copy built files
61COPY --from=builder /app/apps/api/dist ./apps/api/dist
62COPY --from=builder /app/apps/api/drizzle ./apps/api/drizzle
63COPY --from=builder /app/packages/email ./packages/email
64
65# Set environment variables
66ENV NODE_ENV=production
67
68# Switch to non-root user
69USER appuser
70WORKDIR /app/apps/api
71EXPOSE 1337
72
73# Add health check
74HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
75  CMD wget --no-verbose --tries=1 --spider http://localhost:1337/api/health || exit 1
76
77CMD ["node", "--enable-source-maps", "dist/index.js"]