Skip to content

Commit eb5aa6c

Browse files
zhangligeizhangligei
committed
add dockerfile
2 parents c4877cc + be15d87 commit eb5aa6c

File tree

3 files changed

+105
-74
lines changed

3 files changed

+105
-74
lines changed

.dockerignore

Lines changed: 14 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,32 @@
1-
# VCS
2-
.git
3-
.github
4-
5-
# Node / workspace artifacts
1+
# Dependencies
62
node_modules
7-
**/node_modules
83
.pnpm-store
4+
.pnp.*
95

10-
# Next.js build output
6+
# Builds and caches
117
.next
12-
**/.next
138
out
14-
build
159
dist
16-
.turbo
17-
18-
# Tests / coverage
19-
coverage
20-
21-
# OS / editor
22-
.DS_Store
23-
.vscode
24-
.idea
10+
build
2511

2612
# Logs
2713
npm-debug.log*
2814
yarn-debug.log*
2915
yarn-error.log*
3016
pnpm-debug.log*
3117

32-
# Env files (inject via secrets/CI)
18+
# VCS
19+
.git
20+
.gitignore
21+
22+
# Env
3323
.env
3424
.env.*
3525
!.env.example
3626

37-
# Misc
27+
# OS/editor
28+
.DS_Store
3829
*.swp
39-
*.swm
30+
*.swo
31+
.vscode
32+
.idea

.github/workflows/docker-build.yaml

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
name: Prod Deployment
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
8+
jobs:
9+
build-and-push:
10+
runs-on: ubuntu-latest
11+
steps:
12+
- name: Checkout code
13+
uses: actions/checkout@v4
14+
15+
- name: Set up Docker Buildx
16+
uses: docker/setup-buildx-action@v3
17+
18+
- name: Login to registry.sciol.ac.cn
19+
uses: docker/login-action@v3
20+
with:
21+
registry: registry.sciol.ac.cn
22+
username: ${{ secrets.SCIENCEOL_REGISTRY_USERNAME }}
23+
password: ${{ secrets.SCIENCEOL_REGISTRY_PASSWORD }}
24+
25+
- name: Build and push ui Docker image
26+
run: |
27+
docker build . -t registry.sciol.ac.cn/sciol/ui:latest --push
28+
29+
- name: Download Let's Encrypt CA
30+
run: curl -o ca.crt https://letsencrypt.org/certs/isrgrootx1.pem
31+
32+
- name: Rolling update deployments
33+
run: |
34+
kubectl \
35+
--server=${{ secrets.SCIENCEOL_K8S_SERVER_URL }} \
36+
--token=${{ secrets.SCIENCEOL_K8S_ADMIN_TOKEN }} \
37+
--certificate-authority=ca.crt \
38+
rollout restart deployment sciui -n sciol

Dockerfile

Lines changed: 53 additions & 53 deletions
Original file line numberDiff line numberDiff line change
@@ -1,74 +1,74 @@
1-
# Multi-stage Dockerfile for the monorepo, targeting the Next.js app in apps/v4
2-
# - Uses pnpm workspaces and Turbo build scripts
3-
# - Builds in a separate stage and runs "next start" on port 4000
4-
5-
# syntax=docker/dockerfile:1.6
6-
ARG NODE_VERSION=24
71
ARG NEXT_PUBLIC_APP_URL=https://ui.sciol.ac.cn
2+
ARG NODE_VERSION=24
83

9-
FROM node:${NODE_VERSION}-slim AS base
10-
# Re-declare build args inside the stage to use them in RUN/ENV/etc.
11-
ARG NEXT_PUBLIC_APP_URL
12-
ENV PNPM_HOME=/usr/local/share/pnpm \
4+
FROM node:${NODE_VERSION} AS base
5+
ENV NODE_ENV=production \
136
NEXT_TELEMETRY_DISABLED=1 \
14-
NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
15-
ENV PATH="$PNPM_HOME:$PATH"
16-
RUN corepack enable
7+
PNPM_HOME=/pnpm
8+
RUN corepack enable \
9+
&& corepack prepare pnpm@latest --activate
10+
ENV PATH=$PNPM_HOME:$PATH
1711

18-
# ------------------------------
19-
# deps: install workspace deps
20-
# ------------------------------
12+
# 1) Install dependencies with maximal cache reuse
2113
FROM base AS deps
2214
WORKDIR /app
2315

24-
# Only copy files needed to resolve and fetch deps for better layer caching
25-
COPY package.json pnpm-lock.yaml pnpm-workspace.yaml turbo.json tsconfig.json ./
26-
# Workspace manifests used by the v4 build
27-
COPY apps/v4/package.json apps/v4/package.json
28-
COPY packages/shadcn/package.json packages/shadcn/package.json
16+
# Only copy lockfile and workspace manifests for better caching
17+
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json turbo.json tsconfig.json ./
18+
COPY packages/shadcn/package.json packages/shadcn/
19+
COPY packages/tests/package.json packages/tests/
20+
COPY apps/v4/package.json apps/v4/
2921

30-
# Pre-fetch dependencies to leverage pnpm store cache
31-
RUN pnpm fetch
22+
# If you have other apps/packages with postinstall/build hooks required for dependency graph,
23+
# add their package.json similarly above to warm the install cache.
3224

33-
# Bring in the full repo and link deps
34-
COPY . .
35-
RUN pnpm -w install --frozen-lockfile
25+
RUN pnpm fetch \
26+
&& pnpm install --no-frozen-lockfile
3627

37-
# ------------------------------
38-
# build: compile the v4 app
39-
# ------------------------------
40-
FROM deps AS build
41-
ENV NODE_ENV=production \
42-
NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
28+
# 2) Build the app
29+
FROM base AS builder
4330
WORKDIR /app
31+
COPY --from=deps /app /app
32+
33+
ARG NEXT_PUBLIC_APP_URL
34+
ENV NEXT_PUBLIC_APP_URL=$NEXT_PUBLIC_APP_URL
35+
36+
# Copy the full workspace (respect .dockerignore to keep context small)
37+
COPY . .
4438

45-
# Build the local package and then the Next.js app
46-
RUN pnpm --filter=shadcn build \
47-
&& pnpm --filter=v4 build
39+
# Build the v4 app (its script builds workspace package "shadcn" first)
40+
RUN pnpm --filter v4 build
41+
42+
# 3) Create a minimal deployable directory for the v4 app with only prod deps
43+
# This leverages pnpm deploy to gather exactly what's needed to run the app
44+
FROM base AS deployer
45+
WORKDIR /app
46+
COPY --from=builder /app /app
4847

49-
# ------------------------------
50-
# runner: minimal runtime image
51-
# ------------------------------
52-
FROM node:${NODE_VERSION}-slim AS runner
53-
# Re-declare to make the arg available in this stage as well
5448
ARG NEXT_PUBLIC_APP_URL
55-
ENV NODE_ENV=production \
56-
NEXT_TELEMETRY_DISABLED=1 \
57-
NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL}
49+
ENV NEXT_PUBLIC_APP_URL=$NEXT_PUBLIC_APP_URL
50+
51+
# Prune to production-only files for the v4 application
52+
RUN pnpm deploy --filter v4 --prod /runtime
5853

59-
# Use a non-root user for security
60-
USER node
54+
# 4) Final runtime image
55+
FROM node:${NODE_VERSION} AS runner
56+
ENV NODE_ENV=production \
57+
NEXT_TELEMETRY_DISABLED=1
6158
WORKDIR /app
6259

63-
# Copy standalone output only (no pnpm/npm needed in runtime)
64-
# Next.js standalone contains the server and minimal node_modules tree
65-
COPY --chown=node:node --from=build /app/apps/v4/.next/standalone ./
66-
COPY --chown=node:node --from=build /app/apps/v4/.next/static ./apps/v4/.next/static
67-
COPY --chown=node:node --from=build /app/apps/v4/public ./apps/v4/public
60+
ARG NEXT_PUBLIC_APP_URL
61+
ENV NEXT_PUBLIC_APP_URL=$NEXT_PUBLIC_APP_URL
62+
6863

69-
# Expose the v4 app port
64+
# Bring in the pruned app produced by pnpm deploy
65+
COPY --from=deployer /runtime /app
66+
67+
# Expose the port used by apps/v4 (see scripts:start)
7068
EXPOSE 3000
7169

72-
# Run the standalone server
70+
# Switch to the app workspace and drop privileges
7371
WORKDIR /app/apps/v4
74-
CMD ["node", "server.js"]
72+
73+
# Start Next.js in production
74+
CMD ["node", "node_modules/next/dist/bin/next", "start", "-p", "3000"]

0 commit comments

Comments
 (0)