feat(docker): multi-stage Dockerfiles with npmmirror registry

Rewrites dashboard and finder Dockerfiles to use a clean multi-stage build (deps → builder → runner) that installs npm packages inside Alpine Linux, avoiding the SWC musl binary issue when building from Windows host. Uses registry.npmmirror.com for reliable installs from restricted networks (Iran). - docker/api/Dockerfile: .NET 10 multi-stage build - docker/web/Dockerfile: Node 20-alpine multi-stage, npmmirror - docker/finder/Dockerfile: Node 20-alpine multi-stage, npmmirror - docker/website/Dockerfile: marketing website build - scripts/: PowerShell helper scripts for local dev Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-05-27 21:33:29 +03:30
parent 45cd028d1c
commit 03376b3ea1
20 changed files with 5519 additions and 0 deletions
@@ -0,0 +1,29 @@
+ARG DOTNET_SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0
+ARG DOTNET_ASPNET_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0
+
+FROM ${DOTNET_SDK_IMAGE} AS build
+WORKDIR /src
+
+COPY global.json Directory.Build.props Directory.Packages.props nuget.config ./
+
+COPY src/Meezi.Shared/Meezi.Shared.csproj src/Meezi.Shared/
+COPY src/Meezi.Core/Meezi.Core.csproj src/Meezi.Core/
+COPY src/Meezi.Infrastructure/Meezi.Infrastructure.csproj src/Meezi.Infrastructure/
+COPY src/Meezi.Admin.API/Meezi.Admin.API.csproj src/Meezi.Admin.API/
+
+ENV NUGET_CERT_REVOCATION_MODE=offline
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    dotnet restore src/Meezi.Admin.API/Meezi.Admin.API.csproj --disable-parallel
+
+COPY src/ src/
+RUN dotnet publish src/Meezi.Admin.API/Meezi.Admin.API.csproj -c Release -o /app/publish /p:UseAppHost=false
+
+FROM ${DOTNET_ASPNET_IMAGE} AS runtime
+WORKDIR /app
+
+ENV ASPNETCORE_URLS=http://+:8080
+EXPOSE 8080
+
+COPY --from=build /app/publish .
+
+ENTRYPOINT ["dotnet", "Meezi.Admin.API.dll"]
@@ -0,0 +1,35 @@
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+COPY web/admin/ .
+
+ARG NEXT_PUBLIC_ADMIN_API_URL=http://localhost:5081
+ENV NEXT_PUBLIC_ADMIN_API_URL=$NEXT_PUBLIC_ADMIN_API_URL
+
+RUN NEXT_VER=$(node -e "process.stdout.write(require('./node_modules/next/package.json').version)") \
+    && rm -rf node_modules/@next/swc-win32-* node_modules/@next/swc-darwin-* 2>/dev/null; \
+    ls node_modules/@next/swc-linux-x64-musl 2>/dev/null \
+    || npm install --no-save --ignore-scripts "@next/swc-linux-x64-musl@${NEXT_VER}"
+
+ENV NEXT_TELEMETRY_DISABLED=1
+RUN npm run build
+
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV HOSTNAME=0.0.0.0
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs \
+    && adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+EXPOSE 3000
+
+CMD ["node", "server.js"]
@@ -0,0 +1,39 @@
+# Base images: override via docker-compose build args or .env (see docs/DOCKER.md).
+# Default = Microsoft Container Registry (official). Docker Hub dotnet/* often returns
+# "insufficient_scope" unless logged in, or is unreachable in some regions.
+ARG DOTNET_SDK_IMAGE=mcr.microsoft.com/dotnet/sdk:10.0
+ARG DOTNET_ASPNET_IMAGE=mcr.microsoft.com/dotnet/aspnet:10.0
+
+FROM ${DOTNET_SDK_IMAGE} AS build
+WORKDIR /src
+
+COPY global.json Directory.Build.props Directory.Packages.props nuget.config ./
+
+COPY src/Meezi.Shared/Meezi.Shared.csproj src/Meezi.Shared/
+COPY src/Meezi.Core/Meezi.Core.csproj src/Meezi.Core/
+COPY src/Meezi.Infrastructure/Meezi.Infrastructure.csproj src/Meezi.Infrastructure/
+COPY src/Meezi.API/Meezi.API.csproj src/Meezi.API/
+
+# NuGet over TLS often fails in Docker when VPN/filter/antivirus breaks HTTPS (bad record mac).
+# Retry via nuget.config; offline revocation helps restricted networks. Re-run build if restore fails.
+ENV NUGET_CERT_REVOCATION_MODE=offline
+RUN --mount=type=cache,target=/root/.nuget/packages \
+    dotnet restore src/Meezi.API/Meezi.API.csproj --disable-parallel
+
+COPY src/ src/
+COPY data/menu-image-manifest.json data/
+COPY data/demo-credentials.json data/
+RUN dotnet publish src/Meezi.API/Meezi.API.csproj -c Release -o /app/publish /p:UseAppHost=false
+
+FROM ${DOTNET_ASPNET_IMAGE} AS runtime
+WORKDIR /app
+
+# No apt-get here — avoids Ubuntu mirror downloads during build (Iran/VPN issues).
+# Healthcheck uses a TCP probe (see docker-compose.yml).
+
+ENV ASPNETCORE_URLS=http://+:8080
+EXPOSE 8080
+
+COPY --from=build /app/publish .
+
+ENTRYPOINT ["dotnet", "Meezi.API.dll"]
@@ -0,0 +1,6 @@
+{
+  "registry-mirrors": [
+    "https://docker.iranrepo.ir",
+    "https://registry.docker.ir"
+  ]
+}
@@ -0,0 +1,37 @@
+FROM node:20-alpine AS deps
+WORKDIR /app
+COPY web/finder/package*.json ./
+RUN npm config set registry https://registry.npmmirror.com \
+    && npm install --legacy-peer-deps --ignore-scripts
+
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+ARG NEXT_PUBLIC_API_URL=http://localhost:5080
+ARG NEXT_PUBLIC_SITE_URL=https://find.meezi.ir
+ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL
+ENV NEXT_PUBLIC_SITE_URL=$NEXT_PUBLIC_SITE_URL
+ENV NEXT_TELEMETRY_DISABLED=1
+
+COPY --from=deps /app/node_modules ./node_modules
+COPY web/finder/ .
+RUN npm run build
+
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV HOSTNAME=0.0.0.0
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs \
+    && adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+EXPOSE 3000
+CMD ["node", "server.js"]
@@ -0,0 +1,36 @@
+FROM node:20-alpine AS deps
+WORKDIR /app
+COPY web/dashboard/package*.json ./
+RUN npm config set registry https://registry.npmmirror.com \
+    && npm install --legacy-peer-deps --ignore-scripts
+
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+ARG NEXT_PUBLIC_API_URL=http://localhost:5080
+ENV NEXT_PUBLIC_API_URL=$NEXT_PUBLIC_API_URL
+ENV NEXT_TELEMETRY_DISABLED=1
+
+COPY --from=deps /app/node_modules ./node_modules
+COPY web/dashboard/ .
+RUN npm run build
+
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV HOSTNAME=0.0.0.0
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs \
+    && adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+EXPOSE 3000
+
+CMD ["node", "server.js"]
@@ -0,0 +1,41 @@
+FROM meezi-node:20-alpine AS builder
+WORKDIR /app
+
+COPY web/website/ .
+
+ARG MEEZI_API_URL=http://api:8080
+ENV MEEZI_API_URL=$MEEZI_API_URL
+
+ARG NEXT_PUBLIC_SITE_URL=http://localhost:3010
+ENV NEXT_PUBLIC_SITE_URL=$NEXT_PUBLIC_SITE_URL
+
+RUN NEXT_VER=$(node -e "process.stdout.write(require('./node_modules/next/package.json').version)") \
+    && rm -rf node_modules/@next/swc-win32-* node_modules/@next/swc-darwin-* 2>/dev/null; \
+    ls node_modules/@next/swc-linux-x64-musl 2>/dev/null \
+    || npm install --no-save --ignore-scripts "@next/swc-linux-x64-musl@${NEXT_VER}"
+
+ENV NEXT_TELEMETRY_DISABLED=1
+RUN npm run build
+
+FROM meezi-node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV PORT=3000
+ENV HOSTNAME=0.0.0.0
+ENV NEXT_TELEMETRY_DISABLED=1
+
+RUN addgroup --system --gid 1001 nodejs \
+    && adduser --system --uid 1001 nextjs
+
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+# Blog MDX content is read at runtime by process.cwd()
+COPY --from=builder /app/src/content ./src/content
+
+USER nextjs
+EXPOSE 3000
+
+CMD ["node", "server.js"]