forked from github/docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
155 lines (125 loc) · 5.88 KB
/
Dockerfile
File metadata and controls
155 lines (125 loc) · 5.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# This Dockerfile is used solely for production deployments to Moda
# For building this file locally, see src/deployments/production/README.md
# Environment variables are set in the Moda configuration:
# config/moda/configuration/*/env.yaml
# ---------------------------------------------------------------
# BASE STAGE: Install linux dependencies and set up the node user
# ---------------------------------------------------------------
# To update the sha:
# https://github.com/github/gh-base-image/pkgs/container/gh-base-image%2Fgh-base-noble
FROM ghcr.io/github/gh-base-image/gh-base-noble:20260218-111945-g0ef8bb15f@sha256:03eb088f3581049afaf2984f917a3a9be7e5efc248049f4156cd83481579fb59 AS base
# Install curl for Node install and determining the early access branch
# Install git for cloning docs-early-access & translations repos
# Install Node.js latest LTS
# https://github.com/nodejs/release#release-schedule
# Ubuntu's apt-get install nodejs is _very_ outdated
# Must run as root
RUN apt-get -qq update && apt-get -qq install --no-install-recommends curl git \
&& curl -sL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-get install -y nodejs \
&& node --version
# Create the node user and home directory
ARG APP_HOME="/home/node/app" # Define in base so all child stages inherit it
RUN useradd -ms /bin/bash node \
&& mkdir -p $APP_HOME && chown -R node:node $APP_HOME
# -----------------------------------------------------------------
# CLONES STAGE: Clone docs-internal, early-access, and translations
# -----------------------------------------------------------------
FROM base AS clones
USER node:node
WORKDIR $APP_HOME
# We need to copy over content that will be merged with early-access
COPY --chown=node:node content content/
COPY --chown=node:node assets assets/
COPY --chown=node:node data data/
# Copy in build scripts and make them executable
COPY --chown=node:node --chmod=+x \
src/deployments/production/build-scripts/*.sh build-scripts/
# Use the mounted --secret to:
# - 1. Fetch the docs-internal repo
# - 2. Fetch the docs-early-access repo & override docs-internal with early access content
# - 3. Fetch each translations repo to the repo/translations directory
# We use --mount-type=secret to avoid the secret being copied into the image layers for security
# The secret passed via --secret can only be used in this RUN command
RUN --mount=type=secret,id=DOCS_BOT_PAT_BASE,mode=0444 \
# We don't cache because Docker can't know if we need to fetch new content from remote repos
echo "Don't cache this step by printing date: $(date)" && \
. ./build-scripts/fetch-repos.sh
# ------------------------------------------------
# PROD_DEPS STAGE: Install production dependencies
# ------------------------------------------------
FROM base AS prod_deps
USER node:node
WORKDIR $APP_HOME
# Copy what is needed to run npm ci
COPY --chown=node:node package.json package-lock.json ./
# Install only production dependencies (skip scripts to avoid husky)
RUN npm ci --omit=dev --ignore-scripts --registry https://registry.npmjs.org/
# ------------------------------------------------------------
# ALL_DEPS STAGE: Install all dependencies on top of prod deps
# ------------------------------------------------------------
FROM prod_deps AS all_deps
# Install dev dependencies on top of production ones
RUN npm ci --registry https://registry.npmjs.org/
# ----------------------------------
# BUILD STAGE: Build the application
# ----------------------------------
FROM base AS build
USER node:node
WORKDIR $APP_HOME
# Source code
COPY --chown=node:node src src/
COPY --chown=node:node package.json ./
COPY --chown=node:node next.config.ts ./
COPY --chown=node:node tsconfig.json ./
# From the clones stage
COPY --chown=node:node --from=clones $APP_HOME/data data/
COPY --chown=node:node --from=clones $APP_HOME/assets assets/
COPY --chown=node:node --from=clones $APP_HOME/content content/
COPY --chown=node:node --from=clones $APP_HOME/translations translations/
# From the all_deps stage (need dev deps for build)
COPY --chown=node:node --from=all_deps $APP_HOME/node_modules node_modules/
# Build the application
RUN npm run build
# ---------------------------------------------
# WARMUP_CACHE STAGE: Warm up remote JSON cache
# ---------------------------------------------
FROM build AS warmup_cache
# Generate remote JSON cache
RUN npm run warmup-remotejson
# --------------------------------------
# PRECOMPUTE STAGE: Precompute page info
# --------------------------------------
FROM build AS precompute_stage
# Generate precomputed page info
RUN npm run precompute-pageinfo -- --max-versions 2
# -------------------------------------------------
# PRODUCTION STAGE: What will run on the containers
# -------------------------------------------------
FROM base AS production
USER node:node
WORKDIR $APP_HOME
# Source code
COPY --chown=node:node src src/
COPY --chown=node:node package.json ./
COPY --chown=node:node next.config.ts ./
COPY --chown=node:node tsconfig.json ./
# From clones stage
COPY --chown=node:node --from=clones $APP_HOME/data data/
COPY --chown=node:node --from=clones $APP_HOME/assets assets/
COPY --chown=node:node --from=clones $APP_HOME/content content/
COPY --chown=node:node --from=clones $APP_HOME/translations translations/
# From prod_deps stage (production-only node_modules)
COPY --chown=node:node --from=prod_deps $APP_HOME/node_modules node_modules/
# From build stage
COPY --chown=node:node --from=build $APP_HOME/.next .next/
# From warmup_cache stage
COPY --chown=node:node --from=warmup_cache $APP_HOME/.remotejson-cache ./
# From precompute_stage
COPY --chown=node:node --from=precompute_stage $APP_HOME/.pageinfo-cache.json.br* ./
# This makes it possible to set `--build-arg BUILD_SHA=abc123`
# and it then becomes available as an environment variable in the docker run.
ARG BUILD_SHA
ENV BUILD_SHA=$BUILD_SHA
# Entrypoint to start the server
CMD ["node_modules/.bin/tsx", "src/frame/server.ts"]