From 28c7a7d4d078e22157abb60390ca0464cc28b888 Mon Sep 17 00:00:00 2001 From: Chigozirim Igweamaka Date: Wed, 19 Nov 2025 16:39:07 +0100 Subject: [PATCH] feat(docker): overhaul Dockerfile for multi-stage build and production runtime - Add multi-stage builds for React frontend and Go backend - Use node:20-alpine and golang:1.24-alpine for slimmer build environments - Switch to `/app` directory structure and improve COPY paths - Use `npm ci` for deterministic frontend installs - Add Go build optimizations with stripped binaries - Introduce final Alpine runtime image with ffmpeg, python3, yt-dlp - Add HEALTHCHECK for backend service availability - Add non-root runtime user for improved security - Create necessary app directories with proper permissions - Update CMD to run Go server with explicit args --- Dockerfile | 56 +++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 43 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 44c8845..a64b0fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,63 @@ -# build react +# Build React frontend FROM node:20-alpine AS build_react_stage -RUN mkdir -p /home/react -WORKDIR /home/react +WORKDIR /app/client -COPY client/package.json ./ -RUN npm install +COPY client/package*.json ./ +RUN npm ci --only=production && npm cache clean --force COPY client/ ./ ARG REACT_APP_BACKEND_URL ENV REACT_APP_BACKEND_URL=${REACT_APP_BACKEND_URL} RUN npm run build -# build go -FROM golang:1.21.6 +# Build Go backend +FROM golang:1.24-alpine AS build_go_stage -WORKDIR /home/seek-tune +RUN apk add --no-cache git ca-certificates tzdata gcc musl-dev + +WORKDIR /app/server COPY server/go.mod server/go.sum ./ -RUN go mod download +RUN go mod download && go mod verify COPY server/ ./ -ENV ENV=production +RUN go build -ldflags="-w -s" -o seek-tune + +# Final runtime image +FROM alpine:latest + +# Install runtime dependencies +RUN apk add --no-cache \ + ca-certificates \ + tzdata \ + ffmpeg \ + python3 \ + py3-pip \ + && pip3 install --no-cache-dir yt-dlp --break-system-packages + +WORKDIR /app + +COPY --from=build_go_stage /app/server/seek-tune . RUN mkdir -p static -COPY --from=build_react_stage /home/react/build static +COPY --from=build_react_stage /app/client/build ./static -RUN go build -o seek-tune +RUN mkdir -p db songs recordings snippets tmp && \ + chmod -R 755 db songs recordings snippets tmp + +ENV ENV=production EXPOSE 5000 -CMD [ "/home/seek-tune/seek-tune", "serve" ] \ No newline at end of file +HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://localhost:5000/ || exit 1 + +# Run as non-root user for security +RUN addgroup -g 1001 -S appuser && \ + adduser -u 1001 -S appuser -G appuser && \ + chown -R appuser:appuser /app + +USER appuser + +CMD ["./seek-tune", "serve", "http", "5000"] \ No newline at end of file