denshooter/portfolio
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4184e2fcf09c7cfa986299e14893c1ac793c691c
portfolio/Dockerfile
denshooter fd49095710
All checks were successful
Dev Deployment (Zero Downtime) / deploy-dev (push) Successful in 13m33s
Details
feat: Optimize builds, add rollback script, and improve security 
Build Optimizations:
- Enable Docker BuildKit cache for faster builds (7min → 3-4min)
- Add .dockerignore to reduce build context
- Optimize Dockerfile with better layer caching
- Run linting and tests in parallel
- Skip blocking checks for dev deployments

Rollback Functionality:
- Add rollback.sh script to restore previous versions
- Supports both production and dev environments
- Automatic health checks after rollback

Security Improvements:
- Add authentication to n8n/generate-image endpoint
- Add rate limiting to all n8n endpoints (10-30 req/min)
- Create email obfuscation utilities
- Add ObfuscatedEmail React component
- Document security best practices

Files:
- .dockerignore - Faster builds
- scripts/rollback.sh - Rollback functionality
- lib/email-obfuscate.ts - Email obfuscation utilities
- components/ObfuscatedEmail.tsx - React component
- SECURITY_IMPROVEMENTS.md - Security documentation
2026-01-09 14:30:14 +01:00

97 lines
3.0 KiB
Docker
Raw Blame History

# Multi-stage build for optimized production image
FROM node:20 AS base
# Install dependencies only when needed
FROM base AS deps
RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Copy package files first for better caching
COPY package.json package-lock.json* ./
RUN npm ci --only=production && npm cache clean --force
# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app
# Copy package files first for better caching
COPY package.json package-lock.json* ./
# Install all dependencies (including dev dependencies for build)
# Use npm ci with cache mount for faster builds
RUN --mount=type=cache,target=/root/.npm \
npm ci
# Copy Prisma schema first (for better caching)
COPY prisma ./prisma
# Generate Prisma client (cached if schema unchanged)
RUN npx prisma generate
# Copy source code (this invalidates cache when code changes)
COPY . .
# Build the application
ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_ENV=production
RUN npm run build
# Verify standalone output was created and show structure for debugging
RUN if [ ! -d .next/standalone ]; then \
echo "ERROR: .next/standalone directory not found!"; \
echo "Contents of .next directory:"; \
ls -la .next/ || true; \
echo "Checking if standalone exists in different location:"; \
find .next -name "standalone" -type d || true; \
exit 1; \
fi && \
echo "✅ Standalone output found" && \
ls -la .next/standalone/ && \
echo "Standalone structure:" && \
find .next/standalone -type f -name "server.js" || echo "server.js not found in standalone"
# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
# Create a non-root user
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
# Copy the built application
COPY --from=builder /app/public ./public
# Set the correct permission for prerender cache
RUN mkdir .next
RUN chown nextjs:nodejs .next
# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
# Copy standalone output (contains server.js and all dependencies)
# The standalone output structure is: .next/standalone/ (not .next/standalone/app/)
# Next.js creates: .next/standalone/server.js, .next/standalone/.next/, .next/standalone/node_modules/
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
# Copy Prisma files
COPY --from=builder /app/prisma ./prisma
COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma
# Note: Environment variables should be passed via docker-compose or runtime environment
# DO NOT copy .env files into the image for security reasons
USER nextjs
EXPOSE 3000
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/api/health || exit 1
CMD ["node", "server.js"]
Reference in New Issue View Git Blame Copy Permalink