diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index 7e592c0..8675580 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -199,7 +199,7 @@ jobs: - name: Build frontend container image run: | - podman --remote build \ + podman --remote build --no-cache \ -f frontend/Dockerfile \ -t "$FRONTEND_IMAGE:${{ github.sha }}" \ -t "$FRONTEND_IMAGE:latest" \ diff --git a/frontend/Dockerfile b/frontend/Dockerfile index eb45502..b0abf2d 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -1,53 +1,46 @@ -# Multi-stage build for Next.js frontend +# ---------- build ---------- FROM docker.io/node:20-alpine AS builder - -# Set working directory WORKDIR /app -ENV NODE_ENV=development - -# Copy package files +# install deps (needs dev deps for build) COPY package*.json ./ - -# Install all dependencies (including dev dependencies for build) RUN npm ci -# Copy source code +# app source COPY . . +# disable telemetry; let Next control NODE_ENV during build ENV NEXT_TELEMETRY_DISABLED=1 - -# Build the application RUN npm run build -# Production stage +# ---------- runner (standalone) ---------- FROM docker.io/node:20-alpine AS runner - -# Create non-root user -RUN addgroup --system --gid 1001 nodejs \ - && adduser --system --uid 1001 nextjs - WORKDIR /app -# Copy standalone artifacts -COPY --from=builder /app/public ./public -COPY --from=builder /app/.next/standalone ./ -COPY --from=builder /app/.next/static ./.next/static - -# Ownership -RUN chown -R nextjs:nodejs /app -USER nextjs - +# runtime env ENV NODE_ENV=production ENV NEXT_TELEMETRY_DISABLED=1 ENV PORT=3000 ENV HOSTNAME=127.0.0.1 +# minimal probe tool +RUN apk add --no-cache wget + +# copy standalone artifacts +COPY --from=builder /app/public ./public +COPY --from=builder /app/.next/standalone ./ +COPY --from=builder /app/.next/static ./.next/static + +# non-root (optional) +RUN addgroup --system --gid 1001 nodejs \ + && adduser --system --uid 1001 nextjs \ + && chown -R nextjs:nodejs /app +USER nextjs + EXPOSE 3000 -# Healthcheck: hit the frontend root over IPv4 (no curl needed) +# healthcheck (no /api prefix) HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD wget -qO- http://127.0.0.1:${PORT}/ >/dev/null 2>&1 || exit 1 -# Run the application -CMD ["node", "server.js"] \ No newline at end of file +CMD ["node", "server.js"]