-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathDockerfile
More file actions
203 lines (161 loc) · 6.62 KB
/
Dockerfile
File metadata and controls
203 lines (161 loc) · 6.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
# syntax=docker/dockerfile:1
# ---- Download Base ----
FROM alpine AS dl
ARG TARGETARCH
WORKDIR /tmp
RUN apk add --no-cache curl unzip
# ---- Prisma CLI ----
FROM node:24.13.0-alpine AS prisma
WORKDIR /tmp
# Install tooling
RUN apk add --no-cache jq
# Setup the environment
COPY .yarnrc.yml .
COPY .yarn/releases .yarn/releases
# Node Dependency Management
COPY package.json .
COPY yarn.lock .
# Get the version of prisma and save it to a file to be used in the next stage
RUN yarn info --json prisma | jq -r '.children.Version' > .prisma-version
# ---- Base ----
FROM node:24.13.0-alpine AS base
# Set Working Directory
WORKDIR /home/node/app
# Setup the environment
COPY .yarnrc.yml .
COPY .yarn/releases .yarn/releases
# Node Dependency Management
COPY package.json .
COPY yarn.lock .
# Files required for compilation
COPY next.config.js .
COPY tsconfig.json .
COPY next-swagger-doc.json .
# ---- Dependencies ----
FROM base AS dependencies_development
# install all node_modules, including 'devDependencies'
RUN \
--mount=type=cache,target=/root/.yarn/cache \
yarn workspaces focus
# Copy the prisma schema to generate the client
COPY prisma ./prisma
# Generate the prisma client
RUN yarn prisma generate
# ---- Build Setup ----
FROM base AS build
# Copy resources required for the build process.
# Caching depends on previous layers, therefore a changed layer will invalidate all following layers.
# Order the layers from least-to-change to frequent-to-change.
COPY sentry.client.config.ts .
COPY sentry.edge.config.ts .
COPY sentry.server.config.ts .
COPY postcss.config.js .
COPY tailwind.config.js .
COPY public ./public
COPY src ./src
# copy node_modules with all build tools included
COPY --from=dependencies_development /home/node/app/prisma ./prisma
COPY --from=dependencies_development /home/node/app/node_modules ./node_modules
# build the server
ENV NEXT_TELEMETRY_DISABLED=1
RUN yarn build
# ---- Download: sentry-cli --
FROM dl AS dl-sentry-cli
# renovate: datasource=github-releases depName=getsentry/sentry-cli
ARG SENTRY_CLI_VERSION="2.43.0"
RUN <<EOT ash
if [ "${TARGETARCH}" = "amd64" ]; then
curl -L --fail https://github.com/getsentry/sentry-cli/releases/download/${SENTRY_CLI_VERSION}/sentry-cli-linux-x64-${SENTRY_CLI_VERSION}.tgz -o sentry-cli.tar.gz
elif [ "${TARGETARCH}" = "arm64" ]; then
curl -L --fail https://github.com/getsentry/sentry-cli/releases/download/${SENTRY_CLI_VERSION}/sentry-cli-linux-arm64-${SENTRY_CLI_VERSION}.tgz -o sentry-cli.tar.gz
elif [ "${TARGETARCH}" = "arm" ] || [ "${TARGETARCH}" = "armv7" ]; then
curl -L --fail https://github.com/getsentry/sentry-cli/releases/download/${SENTRY_CLI_VERSION}/sentry-cli-linux-arm-${SENTRY_CLI_VERSION}.tgz -o sentry-cli.tar.gz
elif [ "${TARGETARCH}" = "386" ] || [ "${TARGETARCH}" = "i386" ] || [ "${TARGETARCH}" = "i686" ]; then
curl -L --fail https://github.com/getsentry/sentry-cli/releases/download/${SENTRY_CLI_VERSION}/sentry-cli-linux-i686-${SENTRY_CLI_VERSION}.tgz -o sentry-cli.tar.gz
else
echo "Unsupported target architecture: ${TARGETARCH}"
exit 1
fi
EOT
# ---- Release ----
# build production ready image
FROM node:24.13.0-alpine AS release
ARG TARGETARCH
LABEL maintainer="opensource@kula.app"
# OCI Annotations (https://github.com/opencontainers/image-spec/blob/main/annotations.md)
LABEL org.opencontainers.image.title="OnLaunch" \
org.opencontainers.image.description="OnLaunch is a service allowing app developers to notify app users about updates, warnings and maintenance." \
org.opencontainers.image.url="http://onlaunch.app" \
org.opencontainers.image.source="https://github.com/kula/OnLaunch" \
org.opencontainers.image.vendor="kula app GmbH" \
org.opencontainers.image.licenses="Apache-2.0"
# Note: org.opencontainers.image.created, org.opencontainers.image.version, and org.opencontainers.image.revision
# are set dynamically during Docker Hub automated builds via hooks/build
# Set tini as entrypoint
RUN apk add --no-cache tini
ENTRYPOINT ["/sbin/tini", "--"]
# Install sentry-cli
COPY --from=dl-sentry-cli /tmp/sentry-cli.tar.gz .
RUN tar -xvzf sentry-cli.tar.gz && \
install -o root -g root -m 0755 package/bin/sentry-cli /usr/local/bin/sentry-cli && \
rm -rf sentry-cli.tar.gz package
# Install Prisma CLI
COPY --from=prisma /tmp/.prisma-version .
RUN yarn global add prisma@$(cat .prisma-version) && \
rm .prisma-version
# Change runtime working directory
WORKDIR /home/node/app/
# Setup the environment
COPY .yarnrc.yml .
COPY .yarn/releases .yarn/releases
# Setup custom runtime
COPY --chown=node:node docker/env.sh ./
RUN chmod +x env.sh
# Custom boot script
COPY docker/entrypoint.sh /usr/local/bin/entrypoint.sh
RUN chmod +x /usr/local/bin/entrypoint.sh
COPY --from=build --chown=node:node /home/node/app/package.json ./package.json
COPY --from=build --chown=node:node /home/node/app/yarn.lock ./yarn.lock
# copy remaining build output
COPY --from=build --chown=node:node /home/node/app/next.config.js ./next.config.js
COPY --from=build --chown=node:node /home/node/app/prisma ./prisma
# Copy the standalone server files directly to the app root
COPY --from=build --chown=node:node /home/node/app/.next/standalone/. ./
# Copy Next.js static assets to the expected location so that _next/static urls are valid
COPY --from=build --chown=node:node /home/node/app/.next/static ./.next/static
# Copy the public folder to the app root
COPY --from=build --chown=node:node /home/node/app/public ./public
# Inject Sentry Source Maps
RUN sentry-cli sourcemaps inject .next
# Upload sourcemaps to Sentry (matched via debug IDs, no release needed at build time)
# GIT_SHA is used as a cache buster so this layer re-runs on each new commit
# (secrets are not part of the Docker cache key)
ARG GIT_SHA
RUN --mount=type=secret,id=sentry_auth_token \
if [ -f /run/secrets/sentry_auth_token ]; then \
echo "Uploading sourcemaps to Sentry..." && \
SENTRY_AUTH_TOKEN=$(cat /run/secrets/sentry_auth_token) \
sentry-cli sourcemaps upload \
--org kula-app \
--project onlaunch \
.next; \
else \
echo "Skipping sourcemap upload (no SENTRY_AUTH_TOKEN secret provided)"; \
fi
# Select a non-root user to run the application
USER node
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV NEXT_SHARP_PATH=/home/node/app/node_modules/sharp
ENV PORT=3000
EXPOSE 3000
# Setup Health Check
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1
# Smoke Tests
RUN set -x && \
node --version && \
sentry-cli --version && \
prisma --version
# Set the default command to run the entrypoint script
CMD ["/usr/local/bin/entrypoint.sh"]