From 0354debd2ba9107137fa6d08a8a93bb08d21b5f4 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Tue, 14 Oct 2025 23:49:57 +0300 Subject: [PATCH] build(docker): setup rootless image (#2032) [skip ci] * build(docker): setup rootless image --------- Signed-off-by: Ludovic Ortega --- .dockerignore | 5 +++- .github/workflows/ci.yml | 2 +- Dockerfile | 49 +++++++++++++++++---------------- bin/prepare.js | 9 ++++++ docs/getting-started/docker.mdx | 4 +++ package.json | 2 +- 6 files changed, 45 insertions(+), 26 deletions(-) create mode 100644 bin/prepare.js diff --git a/.dockerignore b/.dockerignore index 9c94daaee..76aae0c40 100644 --- a/.dockerignore +++ b/.dockerignore @@ -11,16 +11,19 @@ .husky .next .prettierignore +.vscode +charts config/db/* config/logs/* config/*.json +cypress dist Dockerfile* compose.yaml +gen-docs docs LICENSE node_modules public/os_logo_filled.png public/preview.jpg stylelint.config.js -cypress diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d8610e83..04fa51cfe 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -48,7 +48,7 @@ jobs: - name: Install dependencies env: - HUSKY: 0 + CI: true run: pnpm install - name: Lint diff --git a/Dockerfile b/Dockerfile index 6354ee43a..039b0ca88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,20 @@ -FROM node:22.20.0-alpine3.22@sha256:cb3143549582cc5f74f26f0992cdef4a422b22128cb517f94173a5f910fa4ee7 AS build_image - +FROM node:22.20.0-alpine3.22@sha256:cb3143549582cc5f74f26f0992cdef4a422b22128cb517f94173a5f910fa4ee7 AS base ARG SOURCE_DATE_EPOCH ARG TARGETPLATFORM -ARG COMMIT_TAG ENV TARGETPLATFORM=${TARGETPLATFORM:-linux/amd64} -ENV COMMIT_TAG=${COMMIT_TAG} ENV PNPM_HOME="/pnpm" ENV PATH="$PNPM_HOME:$PATH" RUN corepack enable +COPY . ./app +WORKDIR /app + +FROM base AS prod-deps +RUN --mount=type=cache,id=pnpm,target=/pnpm/store CI=true pnpm install --prod --frozen-lockfile + +FROM base as build + RUN \ case "${TARGETPLATFORM}" in \ 'linux/arm64' | 'linux/arm/v7') \ @@ -19,34 +24,32 @@ RUN \ ;; \ esac -WORKDIR /app +RUN --mount=type=cache,id=pnpm,target=/pnpm/store CYPRESS_INSTALL_BINARY=0 pnpm install --frozen-lockfile -COPY package.json pnpm-lock.yaml postinstall-win.js ./ -RUN CYPRESS_INSTALL_BINARY=0 pnpm install --frozen-lockfile - -COPY . ./ RUN pnpm build -# remove development dependencies -RUN pnpm prune --prod --ignore-scripts && \ - rm -rf src server .next/cache charts gen-docs docs && \ - touch config/DOCKER && \ - echo "{\"commitTag\": \"${COMMIT_TAG}\"}" > committag.json +RUN rm -rf .next/cache FROM node:22.20.0-alpine3.22@sha256:cb3143549582cc5f74f26f0992cdef4a422b22128cb517f94173a5f910fa4ee7 +ARG SOURCE_DATE_EPOCH +ARG COMMIT_TAG +ENV NODE_ENV=production +ENV COMMIT_TAG=${COMMIT_TAG} -ENV PNPM_HOME="/pnpm" -ENV PATH="$PNPM_HOME:$PATH" -RUN corepack enable +RUN apk add --no-cache tzdata + +USER node:node WORKDIR /app -RUN apk add --no-cache tzdata tini && rm -rf /tmp/* +COPY --chown=node:node . . +COPY --chown=node:node --from=prod-deps /app/node_modules ./node_modules +COPY --chown=node:node --from=build /app/.next ./.next +COPY --chown=node:node --from=build /app/dist ./dist -# copy from build image -COPY --from=build_image /app ./ - -ENTRYPOINT [ "/sbin/tini", "--" ] -CMD [ "pnpm", "start" ] +RUN touch config/DOCKER && \ + echo "{\"commitTag\": \"${COMMIT_TAG}\"}" > committag.json EXPOSE 5055 + +CMD [ "npm", "start" ] diff --git a/bin/prepare.js b/bin/prepare.js new file mode 100644 index 000000000..5f19878a1 --- /dev/null +++ b/bin/prepare.js @@ -0,0 +1,9 @@ +#!/usr/bin/env node + +/** + * Do not run husky in CI environments + */ +const isCi = process.env.CI !== undefined; +if (!isCi) { + require('husky').install(); +} diff --git a/docs/getting-started/docker.mdx b/docs/getting-started/docker.mdx index d71e3a19d..a771693e6 100644 --- a/docs/getting-started/docker.mdx +++ b/docs/getting-started/docker.mdx @@ -31,6 +31,7 @@ For details on the Docker CLI, please [review the official `docker run` document ```bash docker run -d \ --name jellyseerr \ + --init \ -e LOG_LEVEL=debug \ -e TZ=Asia/Tashkent \ -e PORT=5055 \ @@ -85,6 +86,7 @@ Define the `jellyseerr` service in your `compose.yaml` as follows: services: jellyseerr: image: fallenbagel/jellyseerr:latest + init: true container_name: jellyseerr environment: - LOG_LEVEL=debug @@ -156,6 +158,7 @@ Then, create and start the Jellyseerr container: ```bash docker run -d \ --name jellyseerr \ + --init \ -e LOG_LEVEL=debug \ -e TZ=Asia/Tashkent \ -e PORT=5055 \ @@ -193,6 +196,7 @@ docker compose up -d services: jellyseerr: image: fallenbagel/jellyseerr:latest + init: true container_name: jellyseerr environment: - LOG_LEVEL=debug diff --git a/package.json b/package.json index 8e2b0bd60..19d88b1fa 100644 --- a/package.json +++ b/package.json @@ -22,7 +22,7 @@ "typecheck": "pnpm typecheck:server && pnpm typecheck:client", "typecheck:server": "tsc --project server/tsconfig.json --noEmit", "typecheck:client": "tsc --noEmit", - "prepare": "husky install", + "prepare": "node bin/prepare.js", "cypress:open": "cypress open", "cypress:prepare": "ts-node -r tsconfig-paths/register --files --project server/tsconfig.json server/scripts/prepareTestDb.ts", "cypress:build": "pnpm build && pnpm cypress:prepare"