-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
104 lines (78 loc) · 2.73 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# Use generic base image with Nix installed
FROM nixos/nix:2.20.5 AS base-env
# Configure Nix
RUN echo "extra-experimental-features = nix-command flakes" >> /etc/nix/nix.conf
# Set working directory to something other than root
WORKDIR /env/
# Copy Nix files
COPY flake.lock *.nix ./
# Copy env script
COPY scripts/env.sh scripts/env.sh
FROM base-env AS build-env
# Build build shell closure and activation script
RUN \
# Mount cached store paths
--mount=type=cache,target=/nix-store-cache/ \
# Mount Nix evaluation cache
--mount=type=cache,target=/root/.cache/nix/ \
./scripts/env.sh build build/ /nix-store-cache/
FROM base-env AS runtime-env
# Build runtime shell closure and activation script
RUN \
# Mount cached store paths
--mount=type=cache,target=/nix-store-cache/ \
# Mount Nix evaluation cache
--mount=type=cache,target=/root/.cache/nix/ \
./scripts/env.sh runtime build/ /nix-store-cache/
# Ubuntu is probably the safest choice for a runtime container right now
FROM ubuntu:23.10 as build
# Use bash as default shell
SHELL ["/bin/bash", "-c"]
# Copy build shell closure and activation script
COPY --from=build-env /env/build/closure/ /nix/store/
COPY --from=build-env /env/build/activate /env/activate
# Set working directory to something other than root
WORKDIR /build/
# Setup entrypoint for RUN commands
COPY scripts/shell.sh scripts/shell.sh
SHELL ["/build/scripts/shell.sh"]
# Copy package files
COPY package.json package-lock.json ./
# Install dependencies
# hadolint ignore=SC2239
RUN npm ci
# Copy everything else
COPY ./ ./
# Build and keep only runtime dependencies
# hadolint ignore=SC2239
RUN npm run build && npm prune --production
# Ubuntu is probably the safest choice
FROM ubuntu:23.10 AS runtime
# Use bash as default shell
SHELL ["/bin/bash", "-c"]
# Copy runtime shell closure and activation script
COPY --from=runtime-env /env/build/closure/ /nix/store/
COPY --from=runtime-env /env/build/activate /env/activate
# Set working directory to something other than root
WORKDIR /app/
# Create app user
RUN useradd --create-home app
# Setup entrypoint for RUN commands
COPY scripts/shell.sh scripts/shell.sh
SHELL ["/app/scripts/shell.sh"]
# Copy app files from build
COPY --from=build /build/build/ build/
# Copy dependencies from build
COPY --from=build /build/node_modules/ node_modules/
# Copy public files
COPY --from=build /build/public/ public/
# Copy package files
COPY --from=build /build/package.json /build/package-lock.json ./
# Copy Next.js config
COPY --from=build /build/next.config.mjs ./
# Setup main entrypoint
COPY scripts/entrypoint.sh scripts/entrypoint.sh
ENTRYPOINT ["/app/scripts/entrypoint.sh", "npm", "run", "--", "run"]
CMD []
# Setup ownership
RUN chown --recursive app: ./