-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
54 lines (38 loc) · 1.25 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Build stage
FROM oven/bun AS build
ENV NODE_ENV=production
WORKDIR /build
COPY tsconfig.json ./
COPY package.json ./
COPY init-db.ts ./
COPY bun.lock ./
COPY bunfig.toml ./
COPY src ./src/
COPY .env.production ./.env
RUN bun install --save-text-lockfile --production && \
mkdir .database && \
bun --env-file=.env run init-db.ts && \
bun run bin
# Nix store stage
FROM nixos/nix AS nix-store
ENV NIXPKGS_ALLOW_UNFREE=1
COPY docker.nix /tmp/docker.nix
RUN mkdir -p /output/store && \
nix-channel --update && \
nix-env --profile /output/profile -i -f /tmp/docker.nix && \
cp -a $(nix-store -qR /output/profile) /output/store && \
nix-collect-garbage && \
nix-collect-garbage -d
# Final stage
FROM gcr.io/distroless/base-debian12:nonroot
LABEL maintainer="Reyhan Kamil <[email protected]>"
ARG PORT
ENV NODE_ENV=production
WORKDIR /home/nonroot/app
COPY --from=nix-store --chown=nonroot:nonroot /output/store /nix/store
COPY --from=nix-store --chown=nonroot:nonroot /output/profile/ /usr/local/
COPY --from=build --chown=nonroot:nonroot /build/tasks-server /usr/local/bin/
COPY --from=build --chown=nonroot:nonroot /build/.database /home/nonroot/app/.database/
COPY --chown=nonroot:nonroot tls /home/nonroot/app/tls/
EXPOSE $PORT/tcp
CMD ["tasks-server"]