letsbe/letsbe-hub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
letsbe-hub/Dockerfile
Matt 1c96c3a85e
Some checks failed
Build and Push Docker Image / lint-and-typecheck (push) Failing after 1m47s
Details
Build and Push Docker Image / build (push) Has been skipped
Details
feat: Audit remediation + Stripe webhook + test suites 
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00

88 lines
2.4 KiB
Docker
Raw Permalink Blame History

FROM node:20-alpine AS base
# Install dependencies only when needed
FROM base AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
# Install dependencies
COPY package.json package-lock.json* ./
RUN npm install
# Generate Prisma Client (Prisma 7 uses prisma.config.mjs for datasource URL)
COPY prisma ./prisma/
COPY prisma.config.mjs ./
RUN npx prisma generate
# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# Ensure public directory exists
RUN mkdir -p public
# Next.js telemetry
ENV NEXT_TELEMETRY_DISABLED=1
RUN npm run build
# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
# Install Docker CLI for spawning provisioning containers
RUN apk add --no-cache docker-cli
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
# Add nextjs user to docker group for socket access
# Note: The actual docker group GID might differ - using 999 as common default
RUN addgroup -g 999 docker || true
RUN addgroup nextjs docker || true
# Create jobs and logs directories for provisioning
RUN mkdir -p /app/jobs /app/logs
RUN chown -R nextjs:nodejs /app/jobs /app/logs
# Create public directory and copy contents if they exist
RUN mkdir -p public
COPY --from=builder /app/public/. ./public/
# Set the correct permission for prerender cache
RUN mkdir .next
RUN chown nextjs:nodejs .next
# Automatically leverage output traces to reduce image size
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
# Copy Prisma client and schema (for runtime + migrations)
COPY --from=deps /app/node_modules/.prisma ./node_modules/.prisma
COPY --from=deps /app/node_modules/@prisma ./node_modules/@prisma
COPY prisma ./prisma/
COPY prisma.config.mjs ./
# Install Prisma CLI globally for running migrations on startup
# (copying just node_modules/prisma misses transitive deps like valibot)
RUN npm install -g prisma@7
# Copy startup script (runs migrations before starting app)
# Use tr to strip Windows CRLF line endings (more reliable than sed on Alpine)
COPY startup.sh /tmp/startup.sh
RUN tr -d '\r' < /tmp/startup.sh > startup.sh && chmod +x startup.sh && rm /tmp/startup.sh
USER nextjs
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
CMD ["./startup.sh"]
Reference in New Issue View Git Blame Copy Permalink