5896e56faa
Add TODO comments above each FROM instruction in Dockerfile and services/ml/Dockerfile instructing how to pin base images to sha256 digests for reproducible builds. Marks task 6.7 as complete. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
52 lines
1.4 KiB
Docker
52 lines
1.4 KiB
Docker
# Build stage
|
|
# TODO: Pin to sha256 digest after verifying with: docker pull node:20-alpine && docker inspect node:20-alpine --format='{{index .RepoDigests 0}}'
|
|
FROM node:20-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
COPY package*.json ./
|
|
|
|
RUN npm ci
|
|
|
|
COPY . .
|
|
|
|
RUN npm run build
|
|
|
|
# Production stage
|
|
# TODO: Pin to sha256 digest after verifying with: docker pull node:20-alpine && docker inspect node:20-alpine --format='{{index .RepoDigests 0}}'
|
|
FROM node:20-alpine
|
|
|
|
WORKDIR /app
|
|
|
|
# Install PostgreSQL client for pg module
|
|
RUN apk add --no-cache postgresql-client
|
|
|
|
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
|
|
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
|
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
|
|
|
# Copy drizzle migrations
|
|
COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle
|
|
|
|
# Copy data loading scripts
|
|
COPY --from=builder --chown=nextjs:nodejs /app/scripts ./scripts
|
|
|
|
# Copy initial data CSV
|
|
COPY --from=builder --chown=nextjs:nodejs /app/EURUSD.csv ./EURUSD.csv
|
|
|
|
RUN mkdir -p /app/public && chown -R nextjs:nodejs /app/public
|
|
|
|
# Make startup script executable
|
|
RUN chmod +x /app/scripts/startup.sh
|
|
|
|
ENV NODE_ENV=production PORT=3000 HOSTNAME=0.0.0.0
|
|
|
|
USER nextjs
|
|
|
|
EXPOSE 3000
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 CMD wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1
|
|
|
|
CMD ["/app/scripts/startup.sh"]
|