-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile
More file actions
109 lines (83 loc) · 3.47 KB
/
Dockerfile
File metadata and controls
109 lines (83 loc) · 3.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# ViTransfer - Multi-Architecture Docker Image
# Supports: amd64, arm64 | Security: non-root user via PUID/PGID
FROM node:24-alpine3.23 AS base
ARG TARGETPLATFORM
ARG TARGETARCH
ARG BUILDPLATFORM
# Install system dependencies + patch known CVEs
RUN apk update && apk upgrade --no-cache && \
apk add --no-cache \
openssl openssl-dev \
ffmpeg ffmpeg-libs fontconfig ttf-dejavu \
bash curl ca-certificates shadow su-exec \
&& apk add --no-cache --upgrade cjson libsndfile giflib orc zlib expat \
&& npm install -g npm@latest \
&& npm cache clean --force \
&& ffmpeg -version
# === Dependencies ===
FROM base AS deps
WORKDIR /app
COPY --link package.json package-lock.json* ./
COPY --link prisma ./prisma
RUN --mount=type=cache,target=/root/.npm \
npm ci --legacy-peer-deps
RUN cp -R node_modules /tmp/prod_node_modules
RUN npm audit --audit-level=high || \
(echo "SECURITY: High/critical vulnerabilities found!" && exit 1)
# === Builder ===
FROM base AS builder
WORKDIR /app
COPY --from=deps --link /app/node_modules ./node_modules
COPY --link . .
RUN npx prisma generate
ARG APP_VERSION
ENV NEXT_PUBLIC_APP_VERSION=${APP_VERSION}
ENV SKIP_ENV_VALIDATION=1
ENV NEXT_PHASE=phase-production-build
RUN npm run build
# === Production ===
FROM base AS runner
WORKDIR /app
ARG APP_VERSION
LABEL org.opencontainers.image.title="ViTransfer"
LABEL org.opencontainers.image.description="Video review and approval platform"
LABEL org.opencontainers.image.source="https://github.com/MansiVisuals/ViTransfer"
LABEL org.opencontainers.image.version="${APP_VERSION}"
LABEL org.opencontainers.image.licenses="MIT"
ENV NODE_ENV=production
# Python for Apprise notifications
RUN apk add --no-cache python3 py3-pip \
&& python3 -m venv /opt/apprise-venv \
&& /opt/apprise-venv/bin/pip install --no-cache-dir --timeout=120 --upgrade pip \
&& /opt/apprise-venv/bin/pip install --no-cache-dir --timeout=120 apprise==1.9.9 \
&& apk del --no-cache py3-pip
ENV APPRISE_PYTHON=/opt/apprise-venv/bin/python3
ARG TARGETPLATFORM
ARG TARGETARCH
RUN echo "Building for: $TARGETPLATFORM ($TARGETARCH)" && uname -a
# App user (UID 911, remappable via PUID/PGID)
RUN addgroup -g 911 app && adduser -D -u 911 -G app -h /app app
# Copy production files
COPY --from=deps --link /tmp/prod_node_modules ./node_modules
COPY --from=builder --link /app/public ./public
COPY --from=builder --link /app/.next ./.next
COPY --from=builder --link /app/node_modules/.prisma ./node_modules/.prisma
COPY --from=builder --link /app/node_modules/@prisma ./node_modules/@prisma
COPY --from=builder --link /app/prisma ./prisma
COPY --from=builder --link /app/src ./src
COPY --from=builder --link /app/package.json ./package.json
COPY --from=builder --link /app/tsconfig.json ./tsconfig.json
COPY --from=builder --link /app/next.config.js ./next.config.js
COPY --from=builder --link /app/worker.mjs ./worker.mjs
COPY --link --chmod=0755 docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
COPY --link previewlut.cube /usr/share/ffmpeg/previewlut.cube
RUN chmod a+r /usr/share/ffmpeg/previewlut.cube && \
chown -R app:app /app && \
chmod -R a+rX /app
ENV PUID=1000 PGID=1000
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD node -e "require('http').get('http://localhost:4321/api/health', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})" || exit 1
EXPOSE 4321
ENV PORT=4321 HOSTNAME="0.0.0.0"
ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
CMD ["npm", "start"]