-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
69 lines (50 loc) · 2.12 KB
/
Copy pathDockerfile
File metadata and controls
69 lines (50 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# ──────────────────────────────────────────────
# Stage 1: Build
# ──────────────────────────────────────────────
FROM node:22-alpine AS builder
WORKDIR /app
# Install build tools needed for native addons (e.g. bufferutil/utf-8-validate
# from ws/@fastify/websocket) on alpine + non-amd64 arches where no prebuilt
# binary exists and node-gyp must compile from source.
RUN apk add --no-cache python3 make g++
# Copy package files
COPY package.json package-lock.json* ./
COPY prisma ./prisma/
# Install all dependencies (including dev)
RUN npm ci
# Generate Prisma client
RUN npx prisma generate
# Copy source
COPY tsconfig.json ./
COPY src ./src/
# Build TypeScript
RUN npm run build
# Prune dev dependencies
RUN npm prune --production
# ──────────────────────────────────────────────
# Stage 2: Production
# ──────────────────────────────────────────────
FROM node:22-alpine AS production
# Add non-root user
RUN addgroup -g 1001 -S teleflow && \
adduser -S teleflow -u 1001 -G teleflow
# Install runtime deps only (for native modules)
RUN apk add --no-cache tini
WORKDIR /app
# Copy built files
COPY --from=builder --chown=teleflow:teleflow /app/dist ./dist/
COPY --from=builder --chown=teleflow:teleflow /app/node_modules ./node_modules/
COPY --from=builder --chown=teleflow:teleflow /app/package.json ./
COPY --from=builder --chown=teleflow:teleflow /app/prisma ./prisma/
# Create data directory for SQLite
RUN mkdir -p /app/data && chown teleflow:teleflow /app/data
ENV NODE_ENV=production
ENV DATABASE_URL=file:/app/data/teleflow.db
# Expose port
EXPOSE 3000
# Switch to non-root user
USER teleflow
# Use tini for proper signal handling
ENTRYPOINT ["/sbin/tini", "--"]
# Run migrations then start
CMD ["sh", "-c", "npx prisma db push --skip-generate && node dist/index.js"]