You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
209 lines
6.3 KiB
209 lines
6.3 KiB
# TimeSafari Docker Build
|
|
# Author: Matthew Raymer
|
|
# Description: Multi-stage Docker build for TimeSafari web application
|
|
#
|
|
# Build Process:
|
|
# 1. Base stage: Node.js with build dependencies
|
|
# 2. Builder stage: Compile web assets with Vite
|
|
# 3. Production stage: Nginx server with optimized assets
|
|
#
|
|
# Security Features:
|
|
# - Non-root user execution
|
|
# - Minimal attack surface with Alpine Linux
|
|
# - Multi-stage build to reduce image size
|
|
# - No build dependencies in final image
|
|
#
|
|
# Usage:
|
|
# Production: docker build -t timesafari:latest .
|
|
# Staging: docker build --build-arg BUILD_MODE=staging -t timesafari:staging .
|
|
# Development: docker build --build-arg BUILD_MODE=development -t timesafari:dev .
|
|
#
|
|
# Build Arguments:
|
|
# BUILD_MODE: development, staging, or production (default: production)
|
|
# NODE_ENV: node environment (default: production)
|
|
# VITE_PLATFORM: vite platform (default: web)
|
|
# VITE_PWA_ENABLED: enable PWA (default: true)
|
|
# VITE_DISABLE_PWA: disable PWA (default: false)
|
|
#
|
|
# Environment Variables:
|
|
# NODE_ENV: Build environment (development/production)
|
|
# VITE_APP_SERVER: Application server URL
|
|
# VITE_DEFAULT_ENDORSER_API_SERVER: Endorser API server URL
|
|
# VITE_DEFAULT_IMAGE_API_SERVER: Image API server URL
|
|
# VITE_DEFAULT_PARTNER_API_SERVER: Partner API server URL
|
|
# VITE_DEFAULT_PUSH_SERVER: Push notification server URL
|
|
# VITE_PASSKEYS_ENABLED: Enable passkeys feature
|
|
|
|
# =============================================================================
|
|
# BASE STAGE - Common dependencies and setup
|
|
# =============================================================================
|
|
FROM node:22-alpine3.20 AS base
|
|
|
|
# Install system dependencies for build process
|
|
RUN apk add --no-cache \
|
|
bash \
|
|
git \
|
|
python3 \
|
|
py3-pip \
|
|
py3-setuptools \
|
|
make \
|
|
g++ \
|
|
gcc \
|
|
&& rm -rf /var/cache/apk/*
|
|
|
|
# Create non-root user for security
|
|
RUN addgroup -g 1001 -S nodejs && \
|
|
adduser -S nextjs -u 1001
|
|
|
|
# Set working directory
|
|
WORKDIR /app
|
|
|
|
# Copy package files for dependency installation
|
|
COPY package*.json ./
|
|
|
|
# Install dependencies with security audit
|
|
RUN npm ci --only=production --audit --fund=false && \
|
|
npm audit fix --audit-level=moderate || true
|
|
|
|
# =============================================================================
|
|
# BUILDER STAGE - Compile web assets
|
|
# =============================================================================
|
|
FROM base AS builder
|
|
|
|
# Define build arguments with defaults
|
|
ARG BUILD_MODE=production
|
|
ARG NODE_ENV=production
|
|
ARG VITE_PLATFORM=web
|
|
ARG VITE_PWA_ENABLED=true
|
|
ARG VITE_DISABLE_PWA=false
|
|
|
|
# Set environment variables from build arguments
|
|
ENV BUILD_MODE=${BUILD_MODE}
|
|
ENV NODE_ENV=${NODE_ENV}
|
|
ENV VITE_PLATFORM=${VITE_PLATFORM}
|
|
ENV VITE_PWA_ENABLED=${VITE_PWA_ENABLED}
|
|
ENV VITE_DISABLE_PWA=${VITE_DISABLE_PWA}
|
|
|
|
# Install all dependencies (including dev dependencies)
|
|
RUN npm ci --audit --fund=false && \
|
|
npm audit fix --audit-level=moderate || true
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the application with proper error handling
|
|
RUN echo "Building TimeSafari in ${BUILD_MODE} mode..." && \
|
|
npm run build:web || (echo "Build failed. Check the logs above." && exit 1)
|
|
|
|
# Verify build output exists
|
|
RUN ls -la dist/ || (echo "Build output not found in dist/ directory" && exit 1)
|
|
|
|
# =============================================================================
|
|
# PRODUCTION STAGE - Nginx server
|
|
# =============================================================================
|
|
FROM nginx:alpine AS production
|
|
|
|
# Define build arguments for production stage
|
|
ARG BUILD_MODE=production
|
|
ARG NODE_ENV=production
|
|
|
|
# Set environment variables
|
|
ENV BUILD_MODE=${BUILD_MODE}
|
|
ENV NODE_ENV=${NODE_ENV}
|
|
|
|
# Install security updates and clean cache
|
|
RUN apk update && \
|
|
apk upgrade && \
|
|
apk add --no-cache \
|
|
curl \
|
|
&& rm -rf /var/cache/apk/*
|
|
|
|
# Create non-root user for nginx
|
|
RUN addgroup -g 1001 -S nginx && \
|
|
adduser -S nginx -u 1001 -G nginx
|
|
|
|
# Copy appropriate nginx configuration based on build mode
|
|
COPY docker/nginx.conf /etc/nginx/nginx.conf
|
|
COPY docker/default.conf /etc/nginx/conf.d/default.conf
|
|
|
|
# Copy staging configuration if needed
|
|
COPY docker/staging.conf /etc/nginx/conf.d/staging.conf
|
|
|
|
# Copy built assets from builder stage
|
|
COPY --from=builder --chown=nginx:nginx /app/dist /usr/share/nginx/html
|
|
|
|
# Create necessary directories with proper permissions
|
|
RUN mkdir -p /var/cache/nginx /var/log/nginx /var/run && \
|
|
chown -R nginx:nginx /var/cache/nginx /var/log/nginx /var/run && \
|
|
chown -R nginx:nginx /usr/share/nginx/html
|
|
|
|
# Switch to non-root user
|
|
USER nginx
|
|
|
|
# Expose port 80
|
|
EXPOSE 80
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD curl -f http://localhost/ || exit 1
|
|
|
|
# Start nginx with proper signal handling
|
|
CMD ["nginx", "-g", "daemon off;"]
|
|
|
|
# =============================================================================
|
|
# DEVELOPMENT STAGE - For development with hot reloading
|
|
# =============================================================================
|
|
FROM base AS development
|
|
|
|
# Define build arguments for development stage
|
|
ARG BUILD_MODE=development
|
|
ARG NODE_ENV=development
|
|
ARG VITE_PLATFORM=web
|
|
ARG VITE_PWA_ENABLED=true
|
|
ARG VITE_DISABLE_PWA=false
|
|
|
|
# Set environment variables
|
|
ENV BUILD_MODE=${BUILD_MODE}
|
|
ENV NODE_ENV=${NODE_ENV}
|
|
ENV VITE_PLATFORM=${VITE_PLATFORM}
|
|
ENV VITE_PWA_ENABLED=${VITE_PWA_ENABLED}
|
|
ENV VITE_DISABLE_PWA=${VITE_DISABLE_PWA}
|
|
|
|
# Install all dependencies including dev dependencies
|
|
RUN npm ci --audit --fund=false && \
|
|
npm audit fix --audit-level=moderate || true
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Expose development port
|
|
EXPOSE 5173
|
|
|
|
# Start development server
|
|
CMD ["npm", "run", "dev", "--", "--host", "0.0.0.0"]
|
|
|
|
# =============================================================================
|
|
# STAGING STAGE - For staging environment testing
|
|
# =============================================================================
|
|
FROM production AS staging
|
|
|
|
# Define build arguments for staging stage
|
|
ARG BUILD_MODE=staging
|
|
ARG NODE_ENV=staging
|
|
|
|
# Set environment variables
|
|
ENV BUILD_MODE=${BUILD_MODE}
|
|
ENV NODE_ENV=${NODE_ENV}
|
|
|
|
# Copy staging-specific nginx configuration
|
|
COPY docker/staging.conf /etc/nginx/conf.d/default.conf
|
|
|
|
# Expose port 80
|
|
EXPOSE 80
|
|
|
|
# Health check for staging
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD curl -f http://localhost/health || exit 1
|
|
|
|
# Start nginx
|
|
CMD ["nginx", "-g", "daemon off;"]
|