updated caching to resolve 403 entity too large errors

.gitea/workflows/deploy.yaml

@@ -14,6 +14,10 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          driver-opts: |
+            image=moby/buildkit:latest
+            network=host
 
       - name: Login to Docker Registry
         uses: docker/login-action@v2
@@ -30,6 +34,10 @@ jobs:
           tags: registry.liquidrinu.com/fusero-backend:latest
           cache-from: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache
           cache-to: type=registry,ref=registry.liquidrinu.com/fusero-backend:buildcache,mode=max
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+          platforms: linux/amd64
+          compression: zstd
 
       - name: Build and Push Frontend
         uses: docker/build-push-action@v4
@@ -39,6 +47,10 @@ jobs:
           tags: registry.liquidrinu.com/fusero-frontend:latest
           cache-from: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache
           cache-to: type=registry,ref=registry.liquidrinu.com/fusero-frontend:buildcache,mode=max
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+          platforms: linux/amd64
+          compression: zstd
 
       - name: Install kubectl
         uses: azure/setup-kubectl@v3

Dockerfile

@@ -1,4 +1,4 @@
-# Use Node.js 18.3 as the base image
+# Build stage
 FROM node:20-slim AS build
 
 # Install Python and build tools for node-gyp
@@ -12,31 +12,53 @@ RUN apt-get update && \
 ENV APP_DIR=/usr/src/app/
 RUN mkdir -p ${APP_DIR}
 
-# Install global dependencies like pm2, ts-node, and typescript as root
+# Install global dependencies
 RUN npm install -g pm2 ts-node typescript
     
-# Create a non-root user and switch to it
+# Create a non-root user
 ENV APP_USER=appuser
 RUN adduser --disabled-password --gecos '' ${APP_USER}
 WORKDIR ${APP_DIR}
 RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR}
 
-# Switch to non-root user before copying files and installing dependencies
+# Switch to non-root user
 USER ${APP_USER}
 
-# Copy package.json and package-lock.json and install dependencies as appuser
+# Copy package files and install dependencies
 COPY --chown=${APP_USER}:${APP_USER} package.json package-lock.json ./
 RUN npm install
 
-# Copy the rest of the application code with appropriate ownership
+# Copy source code
 COPY --chown=${APP_USER}:${APP_USER} . .
 
-# Rebuild bcrypt and other native dependencies as appuser
+# Rebuild native dependencies
 RUN npm rebuild bcrypt --build-from-source
 
-# Build the application using the npm script, assuming "build:ts" is defined
+# Build the application
 RUN npm run build:ts
 
+# Production stage
+FROM node:20-slim
+
+# Install only production dependencies
+ENV APP_DIR=/usr/src/app/
+RUN mkdir -p ${APP_DIR}
+
+# Create non-root user
+ENV APP_USER=appuser
+RUN adduser --disabled-password --gecos '' ${APP_USER}
+WORKDIR ${APP_DIR}
+RUN chown -R ${APP_USER}:${APP_USER} ${APP_DIR}
+
+# Copy only necessary files from build stage
+COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/dist ./dist
+COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package.json ./
+COPY --from=build --chown=${APP_USER}:${APP_USER} ${APP_DIR}/package-lock.json ./
+
+# Install only production dependencies
+USER ${APP_USER}
+RUN npm ci --only=production
+
 # Environment variables
 ENV CI=true
 ENV PORT=14000
@@ -45,5 +67,5 @@ ENV NODE_ENV=production
 # Expose the application's port
 EXPOSE ${PORT}
 
-# Command to run the application using npm start
+# Command to run the application
 CMD ["npm", "start"]