From 151cb5088b5cdecc1102a02a44c52486ddedeb08 Mon Sep 17 00:00:00 2001
From: Vitor Hideyoshi <vitor.h.n.batista@gmail.com>
Date: Mon, 3 Nov 2025 14:15:52 -0300
Subject: [PATCH] chore: better docker build

---
 .dockerignore                | 42 +++++++++++++++++++++++++++---------
 .github/workflows/deploy.yml |  8 ++-----
 Dockerfile                   | 28 ++++++++++++++++--------
 3 files changed, 53 insertions(+), 25 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 87b5fbb..d08889e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,12 +1,34 @@
-node_modules/*
-dist/*
-.k8s/*
-.github/*
-
-.gitignore
-.dockerignore
-Dockerfile
-README.md
+# Node and build artifacts
+node_modules
+dist
+.DS_Store
+npm-debug.log
+yarn-error.log
+.lock-wscript
 
+# Local env files and editor stuff
 .env
-.secret
\ No newline at end of file
+.env.*
+.secrets
+.secrets.*
+.vscode
+.idea
+*.swp
+
+# Git
+.git
+.gitignore
+
+# Kubernetes manifests, CI, Dockerfiles (if you intentionally want them out of build context)
+.k8s
+.github
+Dockerfile
+
+# tests and misc
+coverage
+tests
+
+# keep package files
+!package*.json
+!package-lock.json
+
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 344e1bb..b863678 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -80,12 +80,8 @@ jobs:
                 tags: |
                   ${{ env.IMAGE_LATEST }}
                   ${{ env.IMAGE_SHA }}
-                cache-from: |
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64
-                cache-to: |
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-amd64,mode=max,platform=linux/amd64
-                  type=registry,ref=ghcr.io/hideyoshisolutions/frontend-hideyoshi.com:cache-${{ github.ref_name }}-arm64,mode=max,platform=linux/arm64
+                cache-from: type=gha
+                cache-to: type=gha,mode=max
 
     deploy:
         needs: [docker]
diff --git a/Dockerfile b/Dockerfile
index 41d7e04..f629d9b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,27 +1,37 @@
 FROM node:22.12-alpine AS base
 
-FROM base AS build
-
+# set a working dir in the base image so all stages inherit it
 WORKDIR /app
+ENV PATH=/app/node_modules/.bin:$PATH
 
+# Dependency stage: cache node_modules by only copying package files first
+FROM base AS deps
+# copy package manifests first so this layer is cached when source files change
 COPY package*.json ./
-RUN npm install
+# if you have a lockfile, copy it too (better reproducibility & cacheability)
+COPY package-lock.json ./
+# Use npm ci for deterministic installs and faster caching
+RUN npm ci --prefer-offline --no-audit --no-fund
 
+# Build stage: only run the build after deps layer is ready
+FROM deps AS build
+# copy the rest of the source
 COPY . .
 RUN npm run build:prod
 
-
-FROM base AS prod
-
+# Production stage: keep the final image small and only include what's necessary
+FROM node:22.12-alpine AS prod
 WORKDIR /app
+ENV NODE_ENV=production
 
-COPY --from=build /app/node_modules ./node_modules
+# copy production node_modules from the deps stage (they include prod + dev if needed for build)
+COPY --from=deps /app/node_modules ./node_modules
 COPY --from=build /app/dist ./dist
 COPY --from=build /app/server.js ./
 COPY --from=build /app/set_env.js ./
 COPY --from=build /app/package*.json ./
 
-
-EXPOSE 5000-7000
+# expose single well-known port instead of a wide range
+EXPOSE 5000
 
 CMD ["npm", "run", "start:prod"]