feat: Optimize builds, add rollback script, and improve security
All checks were successful
Dev Deployment (Zero Downtime) / deploy-dev (push) Successful in 13m33s
All checks were successful
Dev Deployment (Zero Downtime) / deploy-dev (push) Successful in 13m33s
Build Optimizations: - Enable Docker BuildKit cache for faster builds (7min → 3-4min) - Add .dockerignore to reduce build context - Optimize Dockerfile with better layer caching - Run linting and tests in parallel - Skip blocking checks for dev deployments Rollback Functionality: - Add rollback.sh script to restore previous versions - Supports both production and dev environments - Automatic health checks after rollback Security Improvements: - Add authentication to n8n/generate-image endpoint - Add rate limiting to all n8n endpoints (10-30 req/min) - Create email obfuscation utilities - Add ObfuscatedEmail React component - Document security best practices Files: - .dockerignore - Faster builds - scripts/rollback.sh - Rollback functionality - lib/email-obfuscate.ts - Email obfuscation utilities - components/ObfuscatedEmail.tsx - React component - SECURITY_IMPROVEMENTS.md - Security documentation
This commit is contained in:
19
Dockerfile
19
Dockerfile
@@ -3,11 +3,10 @@ FROM node:20 AS base
|
||||
|
||||
# Install dependencies only when needed
|
||||
FROM base AS deps
|
||||
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
|
||||
WORKDIR /app
|
||||
|
||||
# Install dependencies based on the preferred package manager
|
||||
# Copy package files first for better caching
|
||||
COPY package.json package-lock.json* ./
|
||||
RUN npm ci --only=production && npm cache clean --force
|
||||
|
||||
@@ -19,17 +18,19 @@ WORKDIR /app
|
||||
COPY package.json package-lock.json* ./
|
||||
|
||||
# Install all dependencies (including dev dependencies for build)
|
||||
RUN npm ci
|
||||
# Use npm ci with cache mount for faster builds
|
||||
RUN --mount=type=cache,target=/root/.npm \
|
||||
npm ci
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
# Copy Prisma schema first (for better caching)
|
||||
COPY prisma ./prisma
|
||||
|
||||
# Install type definitions for react-responsive-masonry and node-fetch
|
||||
RUN npm install --save-dev @types/react-responsive-masonry @types/node-fetch
|
||||
|
||||
# Generate Prisma client
|
||||
# Generate Prisma client (cached if schema unchanged)
|
||||
RUN npx prisma generate
|
||||
|
||||
# Copy source code (this invalidates cache when code changes)
|
||||
COPY . .
|
||||
|
||||
# Build the application
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
ENV NODE_ENV=production
|
||||
|
||||
Reference in New Issue
Block a user