diff options
| author | Amelia Yukii <amelia.yukii@shourai.de> | 2024-03-08 16:13:47 +0000 |
|---|---|---|
| committer | Amelia Yukii <amelia.yukii@shourai.de> | 2024-03-08 16:13:47 +0000 |
| commit | d1f0fc6d5d33f20be839b6a933c75c21120f30d5 (patch) | |
| tree | c43d98378e4f72e9757183f977d6ce00bd310248 | |
| parent | merge: check prohibited words when creating notes (!461) (diff) | |
| parent | Feature/maybe nicer dockerfile (diff) | |
| download | sharkey-d1f0fc6d5d33f20be839b6a933c75c21120f30d5.tar.gz sharkey-d1f0fc6d5d33f20be839b6a933c75c21120f30d5.tar.bz2 sharkey-d1f0fc6d5d33f20be839b6a933c75c21120f30d5.zip | |
merge: Feature/maybe nicer dockerfile (!463)
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/463
Approved-by: Marie <marie@kaifa.ch>
Approved-by: Amelia Yukii <amelia.yukii@shourai.de>
| -rw-r--r-- | Dockerfile | 83 |
1 files changed, 47 insertions, 36 deletions
diff --git a/Dockerfile b/Dockerfile index 8ad4bbbfb1..7e0a778862 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,10 +4,6 @@ ARG NODE_VERSION=20.10.0-alpine3.18 FROM node:${NODE_VERSION} as build -RUN corepack enable - -WORKDIR /sharkey - RUN apk add git linux-headers build-base ENV PYTHONUNBUFFERED=1 @@ -15,55 +11,70 @@ RUN apk add --update python3 && ln -sf python3 /usr/bin/python RUN python3 -m ensurepip RUN pip3 install --no-cache --upgrade pip setuptools -COPY . ./ +RUN corepack enable + +WORKDIR /sharkey + +COPY --link . ./ RUN git submodule update --init --recursive RUN pnpm config set fetch-retries 5 RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i + pnpm i --frozen-lockfile --aggregate-output RUN pnpm build RUN node scripts/trim-deps.mjs RUN mv packages/frontend/assets sharkey-assets +RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ + pnpm prune RUN rm -r node_modules packages/frontend packages/sw RUN --mount=type=cache,target=/root/.local/share/pnpm/store,sharing=locked \ - pnpm i --prod + pnpm i --prod --frozen-lockfile --aggregate-output RUN rm -rf .git FROM node:${NODE_VERSION} -WORKDIR /sharkey +ARG UID="991" +ARG GID="991" -RUN apk add ffmpeg tini +RUN apk add ffmpeg tini jemalloc \ + && corepack enable \ + && addgroup -g "${GID}" sharkey \ + && adduser -D -u "${UID}" -G sharkey -h /sharkey sharkey \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /u+s -exec chmod u-s {} \; \ + && find / -type d -path /sys -prune -o -type d -path /proc -prune -o -type f -perm /g+s -exec chmod g-s {} \; -COPY --from=build /sharkey/built ./built -COPY --from=build /sharkey/node_modules ./node_modules -COPY --from=build /sharkey/packages/backend/built ./packages/backend/built -COPY --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules -COPY --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib -COPY --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules -COPY --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built -COPY --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules -COPY --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built -COPY --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules -COPY --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built -COPY --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules -COPY --from=build /sharkey/fluent-emojis ./fluent-emojis -COPY --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist -COPY --from=build /sharkey/sharkey-assets ./packages/frontend/assets +USER sharkey +WORKDIR /sharkey + +COPY --chown=sharkey:sharkey --from=build /sharkey/node_modules ./node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/node_modules ./packages/backend/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/node_modules ./packages/misskey-js/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/node_modules ./packages/misskey-reversi/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/node_modules ./packages/misskey-bubble-game/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/node_modules ./packages/megalodon/node_modules +COPY --chown=sharkey:sharkey --from=build /sharkey/built ./built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-js/built ./packages/misskey-js/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-reversi/built ./packages/misskey-reversi/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/misskey-bubble-game/built ./packages/misskey-bubble-game/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/backend/built ./packages/backend/built +COPY --chown=sharkey:sharkey --from=build /sharkey/packages/megalodon/lib ./packages/megalodon/lib +COPY --chown=sharkey:sharkey --from=build /sharkey/fluent-emojis ./fluent-emojis +COPY --chown=sharkey:sharkey --from=build /sharkey/tossface-emojis/dist ./tossface-emojis/dist +COPY --chown=sharkey:sharkey --from=build /sharkey/sharkey-assets ./packages/frontend/assets -COPY package.json ./package.json -COPY pnpm-workspace.yaml ./pnpm-workspace.yaml -COPY packages/backend/package.json ./packages/backend/package.json -COPY packages/backend/check_connect.js ./packages/backend/check_connect.js -COPY packages/backend/ormconfig.js ./packages/backend/ormconfig.js -COPY packages/backend/migration ./packages/backend/migration -COPY packages/backend/assets ./packages/backend/assets -COPY packages/megalodon/package.json ./packages/megalodon/package.json -COPY packages/misskey-js/package.json ./packages/misskey-js/package.json -COPY packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json -COPY packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +COPY --chown=sharkey:sharkey package.json ./package.json +COPY --chown=sharkey:sharkey pnpm-workspace.yaml ./pnpm-workspace.yaml +COPY --chown=sharkey:sharkey packages/backend/package.json ./packages/backend/package.json +COPY --chown=sharkey:sharkey packages/backend/check_connect.js ./packages/backend/check_connect.js +COPY --chown=sharkey:sharkey packages/backend/ormconfig.js ./packages/backend/ormconfig.js +COPY --chown=sharkey:sharkey packages/backend/migration ./packages/backend/migration +COPY --chown=sharkey:sharkey packages/backend/assets ./packages/backend/assets +COPY --chown=sharkey:sharkey packages/megalodon/package.json ./packages/megalodon/package.json +COPY --chown=sharkey:sharkey packages/misskey-js/package.json ./packages/misskey-js/package.json +COPY --chown=sharkey:sharkey packages/misskey-reversi/package.json ./packages/misskey-reversi/package.json +COPY --chown=sharkey:sharkey packages/misskey-bubble-game/package.json ./packages/misskey-bubble-game/package.json +ENV LD_PRELOAD=/usr/lib/libjemalloc.so.2 ENV NODE_ENV=production -RUN corepack enable ENTRYPOINT ["/sbin/tini", "--"] CMD ["pnpm", "run", "migrateandstart"] |