# All base images flow through the Nexus docker-group proxy, which aggregates # Docker Hub, Microsoft Container Registry (mcr.microsoft.com) and GitHub # Container Registry (ghcr.io) behind one path — any upstream image is reachable # as mirror.soroushasad.com/repository/docker-group/. # Build directly against Docker Hub instead with: # --build-arg NODE_IMAGE=node:20-slim ARG NODE_IMAGE=node:20-slim # --------------------------------------------------------------------------- # 1. Dependencies — installs node_modules and compiles the better-sqlite3 # native addon (needs python3 + a C++ toolchain). # --------------------------------------------------------------------------- FROM ${NODE_IMAGE} AS deps WORKDIR /app RUN apt-get update \ && apt-get install -y --no-install-recommends python3 make g++ ca-certificates \ && rm -rf /var/lib/apt/lists/* # .npmrc points npm at the Nexus npm-group; NPM_TOKEN (optional) authenticates. # The token is written only into this build stage and never reaches the runner # image, which copies node_modules — not .npmrc. COPY package.json package-lock.json ./ RUN if [ -n "$NPM_TOKEN" ]; then \ echo "//mirror.soroushasad.com/repository/npm-group/:_authToken=${NPM_TOKEN}" >> .npmrc ; \ fi \ && npm ci # --------------------------------------------------------------------------- # 2. Builder — produces the standalone Next.js server bundle. # --------------------------------------------------------------------------- FROM ${NODE_IMAGE} AS builder WORKDIR /app ENV NEXT_TELEMETRY_DISABLED=1 COPY --from=deps /app/node_modules ./node_modules COPY . . RUN npm run build # --------------------------------------------------------------------------- # 3. Runner — minimal runtime image. Content DB + uploads live in /data, # which is a mounted volume so they survive image rebuilds. # --------------------------------------------------------------------------- FROM ${NODE_IMAGE} AS runner WORKDIR /app ENV NODE_ENV=production \ NEXT_TELEMETRY_DISABLED=1 \ PORT=3000 \ HOSTNAME=0.0.0.0 \ DATA_DIR=/data RUN groupadd -g 1001 nodejs && useradd -u 1001 -g nodejs -m nextjs # Standalone server, static assets, and the public/ tree (portfolio art etc.). COPY --from=builder /app/.next/standalone ./ COPY --from=builder /app/.next/static ./.next/static COPY --from=builder /app/public ./public # Native module + its loaders. Next's file tracing usually copies these, but # we copy the compiled .node and bindings explicitly as a safety net. COPY --from=builder /app/node_modules/better-sqlite3 ./node_modules/better-sqlite3 COPY --from=builder /app/node_modules/bindings ./node_modules/bindings COPY --from=builder /app/node_modules/file-uri-to-path ./node_modules/file-uri-to-path RUN mkdir -p /data/uploads && chown -R nextjs:nodejs /data /app USER nextjs VOLUME ["/data"] EXPOSE 3000 CMD ["node", "server.js"]