Gandalf/sofarr
1
0
Fork 0
Code Issues 1 Pull Requests Actions 1 Packages Projects Releases 23 Wiki Activity
Files
78e954ece19917dd2487d7a24f11f2bb38c3d321
sofarr/Dockerfile
T
gronod 78e954ece1
Build and Push Docker Image / build (push) Failing after 16s
Details
Licence Check / Licence compatibility and copyright header verification (push) Failing after 35s
Details
CI / Security audit (push) Successful in 57s
Details
CI / Tests & coverage (push) Successful in 1m10s
Details
Step 9: Wire Vite build into Dockerfile + final cleanup 
- Finalise client/vite.config.js (production-ready vanilla config)
- Add client-build stage to Dockerfile before runtime stage
- Delete public/app.js (replaced by Vite build output)
- All 571 tests passing
- All 9 deliverables from refactor plan complete
2026-05-20 23:39:20 +01:00

72 lines
3.0 KiB
Docker
Raw Blame History

# ---------------------------------------------------------------------------
# Stage 1 — deps: install production dependencies only
# ---------------------------------------------------------------------------
FROM node:22-alpine AS deps
WORKDIR /app
# All dependencies are pure JavaScript — no native addons, no build tools.
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
# ---------------------------------------------------------------------------
# Stage 1.5 — client-build: build frontend with Vite
# ---------------------------------------------------------------------------
FROM node:22-alpine AS client-build
WORKDIR /app/client
COPY client/package.json client/package-lock.json ./
RUN npm ci
COPY client/ ./
RUN npm run build
# ---------------------------------------------------------------------------
# Stage 2 — runtime image (minimal attack surface)
# ---------------------------------------------------------------------------
FROM node:22-alpine AS runtime
LABEL org.opencontainers.image.title="sofarr"
LABEL org.opencontainers.image.description="Personal media download dashboard for *arr services"
LABEL org.opencontainers.image.authors="Gordon Bolton"
LABEL org.opencontainers.image.source="https://git.i3omb.com/Gandalf/sofarr"
LABEL org.opencontainers.image.url="https://docker.i3omb.com"
LABEL org.opencontainers.image.vendor="Gordon Bolton"
LABEL org.opencontainers.image.licenses="MIT"
LABEL custom.hardware.requirement="None - runs on any Docker-supported platform including ARM and x86_64"
# Use the built-in non-root 'node' user (UID 1000) from the official image
# The /app directory is owned by root; data directory is owned by node
WORKDIR /app
# Copy production deps from deps stage
COPY --from=deps /app/node_modules ./node_modules
# Copy application source owned by root (read-only at runtime)
COPY --chown=root:root server/ ./server/
COPY --chown=root:root public/ ./public/
COPY --from=client-build --chown=root:root /app/public/app.js ./public/app.js
COPY --chown=root:root package.json ./
# Bundled snakeoil certificate for out-of-the-box TLS (self-signed, localhost only).
# Mount your own cert/key over /app/certs/ or set TLS_CERT/TLS_KEY env vars.
COPY --chown=root:root certs/ ./certs/
# Persistent data directory owned by node user (token store, logs)
RUN mkdir -p /app/data && chown node:node /app/data
ENV NODE_ENV=production
ENV DATA_DIR=/app/data
# Drop to non-root user for all subsequent operations
USER node
EXPOSE 3001
# HEALTHCHECK — Docker will restart the container if this fails 3 times.
# Respects TLS_ENABLED at runtime: uses https (with --no-check-certificate
# to handle self-signed/snakeoil certs) when TLS is on, plain http when off.
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD /bin/sh -c '[ "${TLS_ENABLED:-true}" = "false" ] && wget -qO- http://localhost:${PORT:-3001}/health || wget -qO- --no-check-certificate https://localhost:${PORT:-3001}/health'
CMD ["node", "server/index.js"]
Reference in New Issue View Git Blame Copy Permalink