From 40a95b5353b6c79fd740d5e007515e8f2daa61d6 Mon Sep 17 00:00:00 2001 From: Marc Mintel Date: Tue, 3 Feb 2026 11:59:44 +0100 Subject: [PATCH] fix: implement Lean Docker strategy with mintel/runtime and remove explicit container_name fields --- .gitea/workflows/pipeline.yml | 13 ++++++++++++- apps/sample-website/Dockerfile | 19 ++----------------- apps/sample-website/docker-compose.yml | 5 +---- packages/infra/docker/Dockerfile.app-template | 15 +-------------- packages/infra/docker/Dockerfile.runtime | 19 +++++++++++++++++++ .../infra/docker/docker-compose.template.yml | 1 - 6 files changed, 35 insertions(+), 37 deletions(-) create mode 100644 packages/infra/docker/Dockerfile.runtime diff --git a/.gitea/workflows/pipeline.yml b/.gitea/workflows/pipeline.yml index 9d9046d..1256fce 100644 --- a/.gitea/workflows/pipeline.yml +++ b/.gitea/workflows/pipeline.yml @@ -97,7 +97,7 @@ jobs: run: | echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin - - name: 🏗️ Build & Push Nextjs Base + - name: 🏗️ Build & Push Nextjs Build-Base env: TAG: ${{ github.ref_name }} run: | @@ -108,6 +108,17 @@ jobs: -f packages/infra/docker/Dockerfile.nextjs \ --push . + - name: 🏗️ Build & Push Production Runtime + env: + TAG: ${{ github.ref_name }} + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + -t registry.infra.mintel.me/mintel/runtime:$TAG \ + -t registry.infra.mintel.me/mintel/runtime:latest \ + -f packages/infra/docker/Dockerfile.runtime \ + --push . + - name: 🏗️ Build & Push Gatekeeper (Product) env: TAG: ${{ github.ref_name }} diff --git a/apps/sample-website/Dockerfile b/apps/sample-website/Dockerfile index 9ebbb21..77e2209 100644 --- a/apps/sample-website/Dockerfile +++ b/apps/sample-website/Dockerfile @@ -20,23 +20,13 @@ ENV DIRECTUS_URL=$DIRECTUS_URL RUN pnpm --filter sample-website build # Production runner image -FROM node:20-alpine AS runner +FROM registry.infra.mintel.me/mintel/runtime:latest AS runner WORKDIR /app -# Install curl for health checks -RUN apk add --no-cache curl - -ENV NODE_ENV=production -ENV NEXT_TELEMETRY_DISABLED=1 - -RUN addgroup --system --gid 1001 nodejs -RUN adduser --system --uid 1001 nextjs - COPY --from=builder /app/apps/sample-website/public ./apps/sample-website/public # Set the correct permission for prerender cache -RUN mkdir -p apps/sample-website/.next -RUN chown nextjs:nodejs apps/sample-website/.next +RUN mkdir -p apps/sample-website/.next && chown nextjs:nodejs apps/sample-website/.next # Copy standalone output and static files from the monorepo path COPY --from=builder --chown=nextjs:nodejs /app/apps/sample-website/.next/standalone ./ @@ -44,10 +34,5 @@ COPY --from=builder --chown=nextjs:nodejs /app/apps/sample-website/.next/static USER nextjs -EXPOSE 3000 - -ENV PORT=3000 -ENV HOSTNAME="0.0.0.0" - # server.js in monorepo standalone is created for each app CMD ["node", "apps/sample-website/server.js"] diff --git a/apps/sample-website/docker-compose.yml b/apps/sample-website/docker-compose.yml index 064b0df..c71b5c7 100644 --- a/apps/sample-website/docker-compose.yml +++ b/apps/sample-website/docker-compose.yml @@ -8,8 +8,7 @@ services: NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${NEXT_PUBLIC_UMAMI_WEBSITE_ID} NEXT_PUBLIC_UMAMI_SCRIPT_URL: ${NEXT_PUBLIC_UMAMI_SCRIPT_URL} NEXT_PUBLIC_TARGET: ${TARGET:-development} - DIRECTUS_URL: ${DIRECTUS_URL:-http://directus:8055} - container_name: sample-website-app + DIRECTUS_URL: ${DIRECTUS_URL:-http://directus:8055} restart: always networks: - infra @@ -24,7 +23,6 @@ services: directus: image: registry.infra.mintel.me/mintel/directus:latest - container_name: sample-website-directus restart: always networks: - infra @@ -55,7 +53,6 @@ services: directus-db: image: postgres:15-alpine - container_name: sample-website-db restart: always networks: - infra diff --git a/packages/infra/docker/Dockerfile.app-template b/packages/infra/docker/Dockerfile.app-template index 2ce85b6..6ebfe1f 100644 --- a/packages/infra/docker/Dockerfile.app-template +++ b/packages/infra/docker/Dockerfile.app-template @@ -20,27 +20,14 @@ ENV DIRECTUS_URL=$DIRECTUS_URL RUN pnpm --filter ${APP_NAME:-app} build # Production runner image -FROM node:20-alpine AS runner +FROM registry.infra.mintel.me/mintel/runtime:latest AS runner WORKDIR /app -# Install curl for health checks -RUN apk add --no-cache curl - -ENV NODE_ENV=production -ENV NEXT_TELEMETRY_DISABLED=1 - -RUN addgroup --system --gid 1001 nodejs -RUN adduser --system --uid 1001 nextjs - # Copy standalone output and static files -# Note: The path depends on the app name COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/public ./apps/${APP_NAME:-app}/public COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/.next/static ./apps/${APP_NAME:-app}/.next/static USER nextjs -EXPOSE 3000 -ENV PORT=3000 -ENV HOSTNAME="0.0.0.0" CMD ["node", "apps/${APP_NAME:-app}/server.js"] diff --git a/packages/infra/docker/Dockerfile.runtime b/packages/infra/docker/Dockerfile.runtime new file mode 100644 index 0000000..09f0ea5 --- /dev/null +++ b/packages/infra/docker/Dockerfile.runtime @@ -0,0 +1,19 @@ +FROM node:20-alpine + +# Install essential production utilities +RUN apk add --no-cache curl libc6-compat + +# Set standard production environment +ENV NODE_ENV=production +ENV NEXT_TELEMETRY_DISABLED=1 +ENV PORT=3000 +ENV HOSTNAME="0.0.0.0" + +WORKDIR /app + +# Create non-root user for security +RUN addgroup --system --gid 1001 nodejs && \ + adduser --system --uid 1001 nextjs + +# Expose the default Next.js port +EXPOSE 3000 diff --git a/packages/infra/docker/docker-compose.template.yml b/packages/infra/docker/docker-compose.template.yml index 47ad495..92d197e 100644 --- a/packages/infra/docker/docker-compose.template.yml +++ b/packages/infra/docker/docker-compose.template.yml @@ -39,7 +39,6 @@ services: gatekeeper: image: registry.infra.mintel.me/mintel/gatekeeper:${IMAGE_TAG:-latest} - container_name: ${PROJECT_NAME}-gatekeeper restart: always networks: - infra