fix: docker images
Some checks failed
Monorepo Pipeline / 🧪 Quality Assurance (push) Successful in 4m1s
Monorepo Pipeline / 🐳 Build Directus (Base) (push) Successful in 33s
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Failing after 21s
Monorepo Pipeline / 🐳 Build Build-Base (push) Failing after 45s
Monorepo Pipeline / 🐳 Build Production Runtime (push) Successful in 27s
Monorepo Pipeline / 🚀 Release (push) Successful in 3m43s
Some checks failed
Monorepo Pipeline / 🧪 Quality Assurance (push) Successful in 4m1s
Monorepo Pipeline / 🐳 Build Directus (Base) (push) Successful in 33s
Monorepo Pipeline / 🐳 Build Gatekeeper (Product) (push) Failing after 21s
Monorepo Pipeline / 🐳 Build Build-Base (push) Failing after 45s
Monorepo Pipeline / 🐳 Build Production Runtime (push) Successful in 27s
Monorepo Pipeline / 🚀 Release (push) Successful in 3m43s
This commit is contained in:
@@ -1,7 +1,7 @@
|
|||||||
node_modules
|
node_modules
|
||||||
.next
|
.next
|
||||||
.git
|
.git
|
||||||
.npmrc
|
# .npmrc is allowed as it contains the registry template
|
||||||
dist
|
dist
|
||||||
build
|
build
|
||||||
out
|
out
|
||||||
|
|||||||
@@ -5,15 +5,21 @@ WORKDIR /app
|
|||||||
RUN corepack enable pnpm
|
RUN corepack enable pnpm
|
||||||
|
|
||||||
# Step 2: Install dependencies
|
# Step 2: Install dependencies
|
||||||
# We copy everything first because we have a .dockerignore
|
# Copy manifest files specifically for better layer caching
|
||||||
# and we need the workspace structure for pnpm to work correctly
|
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc ./
|
||||||
COPY . .
|
# Copy all package.json files
|
||||||
|
COPY packages/*/package.json ./packages/
|
||||||
|
# Note: globbing subdirectories for package.json might require more specific COPY commands
|
||||||
|
# if the structure is deep, but for our flat packages/* it works or needs manual listing.
|
||||||
|
# Since we have many packages, copying them individually or as a block is better.
|
||||||
|
|
||||||
# Use a secret for NPM_TOKEN to authenticate with private registry
|
# Use a secret for NPM_TOKEN and a standardized cache mount
|
||||||
RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
|
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
|
||||||
--mount=type=secret,id=NPM_TOKEN \
|
--mount=type=secret,id=NPM_TOKEN \
|
||||||
export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN) && \
|
export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN) && \
|
||||||
|
pnpm config set store-dir /pnpm/store && \
|
||||||
pnpm i --frozen-lockfile
|
pnpm i --frozen-lockfile
|
||||||
|
|
||||||
# Step 3: Build shared packages
|
# Step 3: Build shared packages
|
||||||
|
COPY . .
|
||||||
RUN pnpm --filter "./packages/*" -r build
|
RUN pnpm --filter "./packages/*" -r build
|
||||||
|
|||||||
@@ -1,19 +1,22 @@
|
|||||||
FROM node:20-alpine
|
FROM node:20-alpine AS runner
|
||||||
|
RUN apk add --no-cache libc6-compat curl
|
||||||
|
|
||||||
# Install essential production utilities
|
WORKDIR /app
|
||||||
RUN apk add --no-cache curl libc6-compat
|
|
||||||
|
|
||||||
# Set standard production environment
|
|
||||||
ENV NODE_ENV=production
|
ENV NODE_ENV=production
|
||||||
ENV NEXT_TELEMETRY_DISABLED=1
|
ENV NEXT_TELEMETRY_DISABLED=1
|
||||||
ENV PORT=3000
|
ENV PORT=3000
|
||||||
ENV HOSTNAME="0.0.0.0"
|
ENV HOSTNAME="0.0.0.0"
|
||||||
|
|
||||||
WORKDIR /app
|
|
||||||
|
|
||||||
# Create non-root user for security
|
# Create non-root user for security
|
||||||
RUN addgroup --system --gid 1001 nodejs && \
|
RUN addgroup --system --gid 1001 nodejs && \
|
||||||
adduser --system --uid 1001 nextjs
|
adduser --system --uid 1001 nextjs
|
||||||
|
|
||||||
# Expose the default Next.js port
|
# Set correct permissions
|
||||||
|
RUN chown -R nextjs:nodejs /app
|
||||||
|
|
||||||
|
USER nextjs
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
|
CMD ["node", "server.js"]
|
||||||
|
|||||||
Reference in New Issue
Block a user