From 936b67434b53da3d49aa76c6725b90875b0c05e1 Mon Sep 17 00:00:00 2001 From: Mark Kunzmann Date: Wed, 5 Jun 2024 19:55:13 +0200 Subject: [PATCH 1/4] chore: Revamped Dockerfile --- .dockerignore | 5 +++- Dockerfile | 64 +++++++++++++++++++++++++++++++++++++------- Dockerfile-copy | 67 +++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile-copy-2 | 67 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 192 insertions(+), 11 deletions(-) create mode 100644 Dockerfile-copy create mode 100644 Dockerfile-copy-2 diff --git a/.dockerignore b/.dockerignore index 9843c03ff..99819b2cd 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,6 @@ .git .next -*Dockerfile* \ No newline at end of file +*Dockerfile* +node_modules +.DS_Store +*.log \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 1750bdac8..39e109557 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,14 @@ -FROM node:18 +# ----------- Base ----------- +FROM node:18-slim AS base +RUN apt-get update -y && apt-get install -y openssl && apt-get install ca-certificates -y -RUN mkdir -p /usr/src/app +# ----------- Deps ----------- +# Install deps and build the app +FROM base AS deps WORKDIR /usr/src/app -# build with -# docker build \ +# build with +# docker build --no-cache \ # --build-arg COMMIT=$(git rev-parse HEAD) \ # --build-arg VECTOR_TILE_URL= \ # --build-arg MAPTILER_STYLE_KEY= \ @@ -13,6 +17,7 @@ WORKDIR /usr/src/app # --build-arg ADFS_ISSUER= \ # --build-arg NEXTAUTH_SECRET= \ # --build-arg NEXTAUTH_URL= + ARG COMMIT ARG VECTOR_TILE_URL ARG MAPTILER_STYLE_KEY @@ -22,9 +27,17 @@ ARG ADFS_ISSUER ARG NEXTAUTH_SECRET ARG NEXTAUTH_URL -# Build app +# Sentry args optional +# ARG SENTRY_DSN +# ARG SENTRY_ORG +# ARG SENTRY_PROJECT +# ARG SENTRY_AUTH_TOKEN + COPY package.json yarn.lock ./ COPY app/package.json ./app/ + +# Yarn will find all files linked in the workspace and not +# generate a new lock file RUN yarn install --frozen-lockfile ENV NODE_ENV production @@ -37,15 +50,46 @@ ENV ADFS_SECRET=$ADFS_SECRET ENV ADFS_ISSUER=$ADFS_ISSUER ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET ENV NEXTAUTH_URL=$NEXTAUTH_URL +ENV NEXT_TELEMETRY_DISABLED=1 +ENV STORYBOOK_DISABLE_TELEMETRY=1 +# ENV SENTRY_DSN=$SENTRY_DSN +# ENV SENTRY_ORG=$SENTRY_ORG +# ENV SENTRY_PROJECT=$SENTRY_PROJECT +# ENV SENTRY_AUTH_TOKEN +ENV GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE= +ENV NO_PROXY='localhost,127.0.0.1' ENV PORT 3000 -COPY ./ ./ - RUN yarn prisma generate RUN yarn build -# Install only prod dependencies and start app +# Install only prod dependencies and clean cache RUN yarn install --frozen-lockfile --production && yarn cache clean -CMD npm start -EXPOSE 3000 \ No newline at end of file + +# ----------- Runner ----------- +# Production image, copy necessary files and run next +FROM base AS runner +WORKDIR /usr/src/app + +# Next app builds standalone output +# https://nextjs.org/docs/pages/api-reference/next-config-js/output +COPY --from=deps --chown=node:node /usr/src/app/app/.next/standalone ./ +COPY --from=deps --chown=node:node /usr/src/app/app/.next/static ./app/.next/static +COPY --from=deps --chown=node:node /usr/src/app/app/public ./app/public + +# The file that Next.js generates is CommonJS, but the frontend folder has a +# package.json with type:module, so node expects ESM when files have a .js +# extension. +# +# This should eventually be fixed in Next.js, but for the time being adjusting +# the extension seems to be the easiest path forward (thanks @wereHamster!) +RUN mv ./app/server.js ./app/server.cjs + +# Let's not run as root +USER node + +EXPOSE 3000 + +# Instead of just running npm start, handle signals (SIGINT/SIGTERM) properly +CMD ["node", "app/server.cjs"] diff --git a/Dockerfile-copy b/Dockerfile-copy new file mode 100644 index 000000000..f2a01e4d1 --- /dev/null +++ b/Dockerfile-copy @@ -0,0 +1,67 @@ +# ---- Base Node with Deps ---- + FROM node:18-slim AS base + RUN apt-get update -y && apt-get install -y openssl + + WORKDIR /usr/src/app + + # build with + # docker build \ + # --build-arg COMMIT=$(git rev-parse HEAD) \ + # --build-arg VECTOR_TILE_URL= \ + # --build-arg MAPTILER_STYLE_KEY= \ + # --build-arg ADFS_ID= \ + # --build-arg ADFS_SECRET= \ + # --build-arg ADFS_ISSUER= \ + # --build-arg NEXTAUTH_SECRET= \ + # --build-arg NEXTAUTH_URL= + ARG COMMIT + ARG VECTOR_TILE_URL + ARG MAPTILER_STYLE_KEY + ARG ADFS_ID + ARG ADFS_SECRET + ARG ADFS_ISSUER + ARG NEXTAUTH_SECRET + ARG NEXTAUTH_URL + + COPY --chown=node:node package.json yarn.lock ./ + COPY --chown=node:node app/package.json ./app/ + + RUN yarn install --frozen-lockfile + + # ---- Copy Files/Build ---- + FROM base AS build + WORKDIR /usr/src/app + + ENV NODE_ENV production + ENV NODE_OPTIONS=--max_old_space_size=2048 + ENV NEXT_PUBLIC_COMMIT=$COMMIT + ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL + ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY + ENV ADFS_ID=$ADFS_ID + ENV ADFS_SECRET=$ADFS_SECRET + ENV ADFS_ISSUER=$ADFS_ISSUER + ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET + ENV NEXTAUTH_URL=$NEXTAUTH_URL + ENV PORT 3000 + + COPY ./ ./ + + RUN yarn prisma generate + RUN yarn build + + # ---- Release ---- + FROM node:18-slim AS release + WORKDIR /usr/src/app + + COPY --from=build /usr/src/app/build ./build + COPY --from=base /usr/src/app/node_modules ./node_modules + COPY package.json ./ + + USER node + + # Install only prod dependencies and start app + RUN yarn install --frozen-lockfile --production && yarn cache clean + + EXPOSE 3000 + + CMD npm start \ No newline at end of file diff --git a/Dockerfile-copy-2 b/Dockerfile-copy-2 new file mode 100644 index 000000000..009787919 --- /dev/null +++ b/Dockerfile-copy-2 @@ -0,0 +1,67 @@ +# ---- Build time: 540s +# ---- Build size: 10.4GB +FROM node:18-slim +RUN apt-get update -y && apt-get install -y openssl + +WORKDIR /usr/src/app + +# build with +# docker build \ +# --build-arg COMMIT=$(git rev-parse HEAD) \ +# --build-arg VECTOR_TILE_URL= \ +# --build-arg MAPTILER_STYLE_KEY= \ +# --build-arg ADFS_ID= \ +# --build-arg ADFS_SECRET= \ +# --build-arg ADFS_ISSUER= \ +# --build-arg NEXTAUTH_SECRET= \ +# --build-arg NEXTAUTH_URL= +ARG COMMIT +ARG VECTOR_TILE_URL +ARG MAPTILER_STYLE_KEY +ARG ADFS_ID +ARG ADFS_SECRET +ARG ADFS_ISSUER +ARG NEXTAUTH_SECRET +ARG NEXTAUTH_URL +ARG SENTRY_DSN +ARG SENTRY_ORG + +# Build app +COPY --chown=node:node package.json yarn.lock ./ +COPY --chown=node:node app/package.json ./app/ +RUN yarn install --frozen-lockfile + +ENV NODE_ENV production +ENV NODE_OPTIONS=--max_old_space_size=2048 +ENV NEXT_PUBLIC_COMMIT=$COMMIT +ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL +ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY +ENV ADFS_ID=$ADFS_ID +ENV ADFS_SECRET=$ADFS_SECRET +ENV ADFS_ISSUER=$ADFS_ISSUER +ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET +ENV NEXTAUTH_URL=$NEXTAUTH_URL +ENV NEXT_TELEMETRY_DISABLED=1 +ENV SENTRY_DSN=$SENTRY_DSN +ENV SENTRY_ORG=$SENTRY_ORG +ENV GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE= +ENV NO_PROXY='localhost,127.0.0.1' +ENV PORT 3000 + +COPY ./ ./ + +RUN yarn prisma generate +RUN yarn build + + +# Install only prod dependencies and start app +RUN yarn install --frozen-lockfile --production && yarn cache clean + +USER node + +EXPOSE 3000 + +#CMD npm start + +# Handles signals properly, but doesn't work here +CMD ["node", "app/.next/standalone/app/server.js", "--port", "3000"] From 2cdb995f1bb51fb8ebbd507b68383e5aeb631028 Mon Sep 17 00:00:00 2001 From: Mark Kunzmann Date: Wed, 5 Jun 2024 20:01:02 +0200 Subject: [PATCH 2/4] chore: Cleaned up extraneous files --- Dockerfile-copy | 67 ----------------------------------------------- Dockerfile-copy-2 | 67 ----------------------------------------------- 2 files changed, 134 deletions(-) delete mode 100644 Dockerfile-copy delete mode 100644 Dockerfile-copy-2 diff --git a/Dockerfile-copy b/Dockerfile-copy deleted file mode 100644 index f2a01e4d1..000000000 --- a/Dockerfile-copy +++ /dev/null @@ -1,67 +0,0 @@ -# ---- Base Node with Deps ---- - FROM node:18-slim AS base - RUN apt-get update -y && apt-get install -y openssl - - WORKDIR /usr/src/app - - # build with - # docker build \ - # --build-arg COMMIT=$(git rev-parse HEAD) \ - # --build-arg VECTOR_TILE_URL= \ - # --build-arg MAPTILER_STYLE_KEY= \ - # --build-arg ADFS_ID= \ - # --build-arg ADFS_SECRET= \ - # --build-arg ADFS_ISSUER= \ - # --build-arg NEXTAUTH_SECRET= \ - # --build-arg NEXTAUTH_URL= - ARG COMMIT - ARG VECTOR_TILE_URL - ARG MAPTILER_STYLE_KEY - ARG ADFS_ID - ARG ADFS_SECRET - ARG ADFS_ISSUER - ARG NEXTAUTH_SECRET - ARG NEXTAUTH_URL - - COPY --chown=node:node package.json yarn.lock ./ - COPY --chown=node:node app/package.json ./app/ - - RUN yarn install --frozen-lockfile - - # ---- Copy Files/Build ---- - FROM base AS build - WORKDIR /usr/src/app - - ENV NODE_ENV production - ENV NODE_OPTIONS=--max_old_space_size=2048 - ENV NEXT_PUBLIC_COMMIT=$COMMIT - ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL - ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY - ENV ADFS_ID=$ADFS_ID - ENV ADFS_SECRET=$ADFS_SECRET - ENV ADFS_ISSUER=$ADFS_ISSUER - ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET - ENV NEXTAUTH_URL=$NEXTAUTH_URL - ENV PORT 3000 - - COPY ./ ./ - - RUN yarn prisma generate - RUN yarn build - - # ---- Release ---- - FROM node:18-slim AS release - WORKDIR /usr/src/app - - COPY --from=build /usr/src/app/build ./build - COPY --from=base /usr/src/app/node_modules ./node_modules - COPY package.json ./ - - USER node - - # Install only prod dependencies and start app - RUN yarn install --frozen-lockfile --production && yarn cache clean - - EXPOSE 3000 - - CMD npm start \ No newline at end of file diff --git a/Dockerfile-copy-2 b/Dockerfile-copy-2 deleted file mode 100644 index 009787919..000000000 --- a/Dockerfile-copy-2 +++ /dev/null @@ -1,67 +0,0 @@ -# ---- Build time: 540s -# ---- Build size: 10.4GB -FROM node:18-slim -RUN apt-get update -y && apt-get install -y openssl - -WORKDIR /usr/src/app - -# build with -# docker build \ -# --build-arg COMMIT=$(git rev-parse HEAD) \ -# --build-arg VECTOR_TILE_URL= \ -# --build-arg MAPTILER_STYLE_KEY= \ -# --build-arg ADFS_ID= \ -# --build-arg ADFS_SECRET= \ -# --build-arg ADFS_ISSUER= \ -# --build-arg NEXTAUTH_SECRET= \ -# --build-arg NEXTAUTH_URL= -ARG COMMIT -ARG VECTOR_TILE_URL -ARG MAPTILER_STYLE_KEY -ARG ADFS_ID -ARG ADFS_SECRET -ARG ADFS_ISSUER -ARG NEXTAUTH_SECRET -ARG NEXTAUTH_URL -ARG SENTRY_DSN -ARG SENTRY_ORG - -# Build app -COPY --chown=node:node package.json yarn.lock ./ -COPY --chown=node:node app/package.json ./app/ -RUN yarn install --frozen-lockfile - -ENV NODE_ENV production -ENV NODE_OPTIONS=--max_old_space_size=2048 -ENV NEXT_PUBLIC_COMMIT=$COMMIT -ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL -ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY -ENV ADFS_ID=$ADFS_ID -ENV ADFS_SECRET=$ADFS_SECRET -ENV ADFS_ISSUER=$ADFS_ISSUER -ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET -ENV NEXTAUTH_URL=$NEXTAUTH_URL -ENV NEXT_TELEMETRY_DISABLED=1 -ENV SENTRY_DSN=$SENTRY_DSN -ENV SENTRY_ORG=$SENTRY_ORG -ENV GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE= -ENV NO_PROXY='localhost,127.0.0.1' -ENV PORT 3000 - -COPY ./ ./ - -RUN yarn prisma generate -RUN yarn build - - -# Install only prod dependencies and start app -RUN yarn install --frozen-lockfile --production && yarn cache clean - -USER node - -EXPOSE 3000 - -#CMD npm start - -# Handles signals properly, but doesn't work here -CMD ["node", "app/.next/standalone/app/server.js", "--port", "3000"] From d170c05ddeeafa4b1834548d60a814a6b78250fc Mon Sep 17 00:00:00 2001 From: Mark Kunzmann Date: Thu, 6 Jun 2024 11:01:26 +0200 Subject: [PATCH 3/4] chore: Tweaks to Dockerfile --- Dockerfile | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 39e109557..ee8c5b44a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -41,15 +41,18 @@ COPY app/package.json ./app/ RUN yarn install --frozen-lockfile ENV NODE_ENV production -ENV NODE_OPTIONS=--max_old_space_size=2048 + +# Build-time vars, will be inlined into the app ENV NEXT_PUBLIC_COMMIT=$COMMIT ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY + ENV ADFS_ID=$ADFS_ID ENV ADFS_SECRET=$ADFS_SECRET ENV ADFS_ISSUER=$ADFS_ISSUER ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET ENV NEXTAUTH_URL=$NEXTAUTH_URL + ENV NEXT_TELEMETRY_DISABLED=1 ENV STORYBOOK_DISABLE_TELEMETRY=1 # ENV SENTRY_DSN=$SENTRY_DSN @@ -72,7 +75,11 @@ RUN yarn install --frozen-lockfile --production && yarn cache clean FROM base AS runner WORKDIR /usr/src/app -# Next app builds standalone output +# Leaving this here for future reference +# https://nodejs.org/docs/latest-v18.x/api/cli.html#--max-old-space-sizesize-in-megabytes +#ENV NODE_OPTIONS=--max_old_space_size=2048 + +# Copy Next app standalone output # https://nextjs.org/docs/pages/api-reference/next-config-js/output COPY --from=deps --chown=node:node /usr/src/app/app/.next/standalone ./ COPY --from=deps --chown=node:node /usr/src/app/app/.next/static ./app/.next/static @@ -91,5 +98,5 @@ USER node EXPOSE 3000 -# Instead of just running npm start, handle signals (SIGINT/SIGTERM) properly +# Instead of running npm start; handle signals (SIGINT/SIGTERM) properly CMD ["node", "app/server.cjs"] From 8bc99864849e1e93592028e68119d19920180c2d Mon Sep 17 00:00:00 2001 From: Mark Kunzmann Date: Mon, 23 Sep 2024 09:48:46 +0200 Subject: [PATCH 4/4] chore: Integrate search bots var --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ee8c5b44a..85f12cf73 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,12 +18,13 @@ WORKDIR /usr/src/app # --build-arg NEXTAUTH_SECRET= \ # --build-arg NEXTAUTH_URL= +ARG PREVENT_SEARCH_BOTS ARG COMMIT ARG VECTOR_TILE_URL ARG MAPTILER_STYLE_KEY ARG ADFS_ID -ARG ADFS_SECRET ARG ADFS_ISSUER +ARG ADFS_PROFILE_URL ARG NEXTAUTH_SECRET ARG NEXTAUTH_URL @@ -43,13 +44,14 @@ RUN yarn install --frozen-lockfile ENV NODE_ENV production # Build-time vars, will be inlined into the app +ENV PREVENT_SEARCH_BOTS=$PREVENT_SEARCH_BOTS ENV NEXT_PUBLIC_COMMIT=$COMMIT ENV NEXT_PUBLIC_BASE_VECTOR_TILE_URL=$VECTOR_TILE_URL ENV NEXT_PUBLIC_MAPTILER_STYLE_KEY=$MAPTILER_STYLE_KEY ENV ADFS_ID=$ADFS_ID -ENV ADFS_SECRET=$ADFS_SECRET ENV ADFS_ISSUER=$ADFS_ISSUER +ENV ADFS_PROFILE_URL=$ADFS_PROFILE_URL ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET ENV NEXTAUTH_URL=$NEXTAUTH_URL