Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 15 Wiki Activity
Files
49327cf9ae5d280a67f751282acebd69af31a542
sofarr/Dockerfile
Gronod 49327cf9ae
Some checks failed
Build and Push Docker Image / build (push) Failing after 42s
Details
CI / Security audit (push) Has been cancelled
Details
fix(docker): switch alpine to node:22-slim for pre-built better-sqlite3 
Alpine uses musl libc; better-sqlite3 has no pre-built musl binaries so
it always compiles from source (installs 300 MB of gcc/g++/python3,
takes 3-5 min). node:22-slim (Debian) has glibc so prebuild-install
downloads a pre-built binary instead — build stays under 1 minute.

Changes:
- Both stages: node:22-alpine -> node:22-slim
- deps stage: remove apk/build-tool installation (not needed)
- runtime stage: remove apk libstdc++ install (present in debian-slim)
- HEALTHCHECK: wget -> node built-in http (wget absent from debian-slim)
- docker-compose.yaml: same healthcheck fix
2026-05-17 07:10:41 +01:00

61 lines
2.6 KiB
Docker
Raw Blame History

# ---------------------------------------------------------------------------
# Stage 1 — deps: install production dependencies only
# ---------------------------------------------------------------------------
# node:22-slim (Debian slim) is used instead of Alpine so that
# better-sqlite3 can use its pre-built glibc binaries rather than
# compiling from source (Alpine uses musl libc — no pre-builds exist).
# This keeps build times fast (~1 min vs ~5 min for source compilation).
FROM node:22-slim AS deps
WORKDIR /app
# Copy manifests and install production deps only (no devDependencies).
# prebuild-install will download the pre-built better-sqlite3 binary for
# linux-x64-glibc, so no C++ toolchain is needed here.
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
# ---------------------------------------------------------------------------
# Stage 2 — runtime image (minimal attack surface)
# ---------------------------------------------------------------------------
FROM node:22-slim AS runtime
LABEL org.opencontainers.image.title="sofarr"
LABEL org.opencontainers.image.description="Personal media download dashboard for *arr services"
LABEL org.opencontainers.image.authors="Gordon Bolton"
LABEL org.opencontainers.image.source="https://git.i3omb.com/Gandalf/sofarr"
LABEL org.opencontainers.image.url="https://docker.i3omb.com"
LABEL org.opencontainers.image.vendor="Gordon Bolton"
LABEL org.opencontainers.image.licenses="MIT"
LABEL custom.hardware.requirement="None - runs on any Docker-supported platform including ARM and x86_64"
# Use the built-in non-root 'node' user (UID 1000) from the official image
# The /app directory is owned by root; data directory is owned by node
WORKDIR /app
# Copy production deps from deps stage (includes pre-built better-sqlite3)
COPY --from=deps /app/node_modules ./node_modules
# Copy application source owned by root (read-only at runtime)
COPY --chown=root:root server/ ./server/
COPY --chown=root:root public/ ./public/
COPY --chown=root:root package.json ./
# Persistent data directory owned by node user (SQLite token store, logs)
RUN mkdir -p /app/data && chown node:node /app/data
ENV NODE_ENV=production
ENV DATA_DIR=/app/data
# Drop to non-root user for all subsequent operations
USER node
EXPOSE 3001
# HEALTHCHECK — Docker will restart the container if this fails 3 times.
# Uses node's built-in http module (no wget/curl needed in slim image).
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD node -e "require('http').get('http://localhost:3001/health',r=>{process.exit(r.statusCode===200?0:1)}).on('error',()=>process.exit(1))"
CMD ["node", "server/index.js"]
Reference in New Issue View Git Blame Copy Permalink