From c0db4dc2c9998af2255bc93e4e0041b2158c83c4 Mon Sep 17 00:00:00 2001 From: liquidrinu Date: Thu, 22 May 2025 12:52:05 +0200 Subject: [PATCH] updated caching to resolve 403 entity too large errors --- .gitea/workflows/deploy.yaml | 12 +++++++++++ Dockerfile | 40 ++++++++++++++++++++++++++++-------- 2 files changed, 43 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml index 6f8e18e..76eab4e 100644 --- a/.gitea/workflows/deploy.yaml +++ b/.gitea/workflows/deploy.yaml @@ -14,6 +14,10 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + with: + driver-opts: | + image=moby/buildkit:latest + network=host - name: Login to Docker Registry uses: docker/login-action@v2 @@ -30,6 +34,10 @@ jobs: tags: registry.liquidrinu.com/fusero-backend:latest cache-from: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache cache-to: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache,mode=max + build-args: | + BUILDKIT_INLINE_CACHE=1 + platforms: linux/amd64 + compression: zstd - name: Build and Push Frontend uses: docker/build-push-action@v4 @@ -39,6 +47,10 @@ jobs: tags: registry.liquidrinu.com/fusero-frontend:latest cache-from: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache cache-to: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache,mode=max + build-args: | + BUILDKIT_INLINE_CACHE=1 + platforms: linux/amd64 + compression: zstd - name: Install kubectl uses: azure/setup-kubectl@v3 diff --git a/Dockerfile b/Dockerfile index d9bd3fe..482da59 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -# Use Node.js 18.3 as the base image +# Build stage FROM node:20-slim AS build # Install Python and build tools for node-gyp @@ -12,31 +12,53 @@ RUN apt-get update && \ ENV APP_DIR=/usr/src/app/ RUN mkdir -p ${APP_DIR} -# Install global dependencies like pm2, ts-node, and typescript as root +# Install global dependencies RUN npm install -g pm2 ts-node typescript -# Create a non-root user and switch to it +# Create a non-root user ENV APP_USER=appuser RUN adduser --disabled-password --gecos '' ${APP_USER} WORKDIR ${APP_DIR} RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR} -# Switch to non-root user before copying files and installing dependencies +# Switch to non-root user USER ${APP_USER} -# Copy package.json and package-lock.json and install dependencies as appuser +# Copy package files and install dependencies COPY --chown=${APP_USER}:${APP_USER} package.json package-lock.json ./ RUN npm install -# Copy the rest of the application code with appropriate ownership +# Copy source code COPY --chown=${APP_USER}:${APP_USER} . . -# Rebuild bcrypt and other native dependencies as appuser +# Rebuild native dependencies RUN npm rebuild bcrypt --build-from-source -# Build the application using the npm script, assuming "build:ts" is defined +# Build the application RUN npm run build:ts +# Production stage +FROM node:20-slim + +# Install only production dependencies +ENV APP_DIR=/usr/src/app/ +RUN mkdir -p ${APP_DIR} + +# Create non-root user +ENV APP_USER=appuser +RUN adduser --disabled-password --gecos '' ${APP_USER} +WORKDIR ${APP_DIR} +RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR} + +# Copy only necessary files from build stage +COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/dist ./dist +COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package.json ./ +COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package-lock.json ./ + +# Install only production dependencies +USER ${APP_USER} +RUN npm ci --only=production + # Environment variables ENV CI=true ENV PORT=14000 @@ -45,5 +67,5 @@ ENV NODE_ENV=production # Expose the application's port EXPOSE ${PORT} -# Command to run the application using npm start +# Command to run the application CMD ["npm", "start"]