-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathDockerfile
More file actions
69 lines (50 loc) · 2.02 KB
/
Copy pathDockerfile
File metadata and controls
69 lines (50 loc) · 2.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
FROM node:24-alpine AS base
# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add --no-cache libc6-compat
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
ENV ASSET_PREFIX=https://storage.yandexcloud.net/gravity-landing-static
ENV NODE_ENV=production
ENV IS_CONTAINER_BUILD=true
RUN npm run build
RUN apk add --no-cache aws-cli
ENV AWS_DEFAULT_REGION=ru-central1
ENV AWS_EC2_METADATA_DISABLED=true
ENV AWS_REQUEST_CHECKSUM_CALCULATION=when_required
ENV AWS_RESPONSE_CHECKSUM_VALIDATION=when_required
RUN --mount=type=secret,id=s3_access_key_id \
--mount=type=secret,id=s3_secret_access_key \
export AWS_ACCESS_KEY_ID=$(cat /run/secrets/s3_access_key_id) && \
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/s3_secret_access_key) && \
aws s3 sync .next/static s3://gravity-landing-static/_next/static/ \
--endpoint-url=https://storage.yandexcloud.net/ \
--cache-control "public, max-age=31536000, immutable" && \
unset AWS_ACCESS_KEY_ID && \
unset AWS_SECRET_ACCESS_KEY
FROM node:24-slim AS runner
WORKDIR /app
ENV NODE_ENV=production
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static/media ./.next/static/media
COPY --from=builder /app/scripts ./scripts
COPY --from=builder /app/src/content/local-docs ./src/content/local-docs
COPY --from=builder /app/public ./public
ENV TRANSFORMERS_CACHE_DIR=/app/.model-cache
RUN node scripts/download-model.mjs
RUN apt-get update && apt-get install -y --no-install-recommends curl bash ca-certificates && rm -rf /var/lib/apt/lists/*
RUN groupadd -g 1001 app && \
useradd -u 1001 -g app -m appuser && \
chown -R appuser:app /app && \
chmod +x /app/scripts/start.sh
USER appuser
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
CMD ["/app/scripts/start.sh"]