chore: better docker build

2025-11-03 14:15:52 -03:00
parent 966c16e2c2
commit 151cb5088b
3 changed files with 53 additions and 25 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,12 +1,34 @@
-node_modules/*
-dist/*
-.k8s/*
-.github/*
-
-.gitignore
-.dockerignore
-Dockerfile
-README.md
+# Node and build artifacts
+node_modules
+dist
+.DS_Store
+npm-debug.log
+yarn-error.log
+.lock-wscript

+# Local env files and editor stuff
 .env
-.secret
+.env.*
+.secrets
+.secrets.*
+.vscode
+.idea
+*.swp
+
+# Git
+.git
+.gitignore
+
+# Kubernetes manifests, CI, Dockerfiles (if you intentionally want them out of build context)
+.k8s
+.github
+Dockerfile
+
+# tests and misc
+coverage
+tests
+
+# keep package files
+!package*.json
+!package-lock.json
+
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -80,12 +80,8 @@ jobs:
                tags: |
                  ${{ env.IMAGE_LATEST }}
                  ${{ env.IMAGE_SHA }}
-                cache-from: |
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64
-                cache-to: |
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64,mode=max,platform=linux/amd64
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64,mode=max,platform=linux/arm64
+                cache-from: type=gha
+                cache-to: type=gha,mode=max

    deploy:
        needs: [docker]
--- a/28
+++ b/28
@@ -1,27 +1,37 @@
 FROM node:22.12-alpine AS base

-FROM base AS build
-
+# set a working dir in the base image so all stages inherit it
 WORKDIR /app
+ENV PATH=/app/node_modules/.bin:$PATH

+# Dependency stage: cache node_modules by only copying package files first
+FROM base AS deps
+# copy package manifests first so this layer is cached when source files change
 COPY package*.json ./
-RUN npm install
+# if you have a lockfile, copy it too (better reproducibility & cacheability)
+COPY package-lock.json ./
+# Use npm ci for deterministic installs and faster caching
+RUN npm ci --prefer-offline --no-audit --no-fund

+# Build stage: only run the build after deps layer is ready
+FROM deps AS build
+# copy the rest of the source
 COPY . .
 RUN npm run build:prod

-
-FROM base AS prod
-
+# Production stage: keep the final image small and only include what's necessary
+FROM node:22.12-alpine AS prod
 WORKDIR /app
+ENV NODE_ENV=production

-COPY --from=build /app/node_modules ./node_modules
+# copy production node_modules from the deps stage (they include prod + dev if needed for build)
+COPY --from=deps /app/node_modules ./node_modules
 COPY --from=build /app/dist ./dist
 COPY --from=build /app/server.js ./
 COPY --from=build /app/set_env.js ./
 COPY --from=build /app/package*.json ./

-
-EXPOSE 5000-7000
+# expose single well-known port instead of a wide range
+EXPOSE 5000

 CMD ["npm", "run", "start:prod"]