Secure storage and distribution of cryptographic keys in ATProto applications
djara.dev
1# Dockerfile for ATP Keyserver
2# Based on Bun's official Docker guide: https://bun.com/docs/guides/ecosystem/docker
3
4# Stage 1: Base image
5FROM oven/bun:1 AS base
6WORKDIR /app
7
8# Stage 2: Install dependencies
9FROM base AS install
10
11# Install all dependencies (including dev)
12RUN mkdir -p /temp/dev
13COPY packages/server/package.json bun.lock /temp/dev/
14RUN cd /temp/dev && bun install
15
16# Stage 3: Prerelease (optional test/build stage)
17# FROM base AS prerelease
18# COPY --from=install /temp/dev/node_modules node_modules
19# COPY packages/server/ .
20
21# # Set production environment for any build processes
22# ENV NODE_ENV=production
23
24# # Note: No build step needed - Bun runs TypeScript directly
25# # If you add tests in the future, run them here:
26# RUN bun test
27
28# Stage 4: Release (final production image)
29FROM base AS release
30
31# Copy production dependencies
32COPY --from=install /temp/dev/node_modules node_modules
33
34# Copy application source
35COPY packages/server/ .
36
37# Set production environment
38ENV NODE_ENV=production
39
40# Volume for persistent database storage
41VOLUME ["/app/data"]
42
43# Create data directory for database (before switching to bun user)
44RUN mkdir -p /app/data && chown bun:bun /app/data
45
46# Run as non-root user for security
47USER bun
48
49# Expose the default port (configurable via PORT env var)
50EXPOSE 4000/tcp
51
52# Health check
53HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
54 CMD bun -e "fetch('http://localhost:4000/').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))"
55
56# Start the server
57ENTRYPOINT ["bun", "run", "main.ts"]