Optimize docker image for production

.dockerignore

@@ -1,23 +1,105 @@
 # We want the docker builds to be clean, and as fast as possible. Don't send
 # any half-built stuff in the build context as a pre-caution (also saves copying
 # 180k files in node_modules that isn't used!).
+# Dependencies
 **/node_modules
-node_modules/*
-node_modules
-docker-data/*
-dist
-.nx
-/apps/frontend/.next
-/apps/backend/dist
-/apps/workers/dist
-/apps/cron/dist
-/apps/commands/dist
-.devcontainer
-**/.git
-**/*.md
-**/LICENSE
-**/npm-debug.log
-**/*.vscode
+pnpm-debug.log*
+
+# Production builds
+**/dist
+**/.next
+**/build
+**/out
+
+# Environment files
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+
+# IDE and editor files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# OS generated files
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db
+
+# Git
 .git
-.github
-reports
+.gitignore
+
+# Docker
+Dockerfile*
+docker-compose*
+.dockerignore
+
+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# nyc test coverage
+.nyc_output
+
+# Optional npm cache directory
+**/.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Next.js build output
+**/.next
+
+**/.cache/
+
+# Storybook build outputs
+**/.out
+**/.storybook-out
+
+# Temporary folders
+tmp/
+temp/
+
+# Test files
+test
+tests
+__tests__
+*.test.js
+*.test.ts
+*.test.tsx
+*.spec.js
+*.spec.ts
+*.spec.tsx
+
+# Documentation
+README.md
+CHANGELOG.md
+CONTRIBUTING.md
+
+
+# Reports
+coverage/
+
+# Uploads and var directories
+uploads/
+var/docker/docker-build.sh
+var/docker/docker-create.sh
+
+# Jest
+jest.config.js
+jest.setup.js

.github/workflows/build-containers.yml

@@ -50,7 +50,7 @@ jobs:
           NEXT_PUBLIC_VERSION: ${{ github.ref_name }}
         run: |
           docker buildx build --platform linux/${{ matrix.arch }} \
-            -f Dockerfile.dev \
+            -f Dockerfile \
             -t ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }} \
             --build-arg NEXT_PUBLIC_VERSION=${{ env.NEXT_PUBLIC_VERSION }} \
             --provenance=false --sbom=false \

.github/workflows/pr-docker-build.yml

@@ -25,8 +25,8 @@ jobs:
         id: vars
         run: echo "IMAGE_TAG=ghcr.io/gitroomhq/postiz-app-pr:${{ github.event.pull_request.number }}" >> $GITHUB_ENV
 
-      - name: Build Docker image from Dockerfile.dev
-        run: docker build -f Dockerfile.dev -t $IMAGE_TAG .
+      - name: Build Docker image from Dockerfile
+        run: docker build -f Dockerfile -t $IMAGE_TAG .
 
       - name: Push Docker image to GHCR
         run: docker push $IMAGE_TAG

Dockerfile

@@ -0,0 +1,76 @@
+# ---- Dependencies stage ----
+FROM node:20-alpine3.19 AS deps
+
+RUN apk add --no-cache g++ make py3-pip bash
+RUN npm --no-update-notifier --no-fund --global install [email protected]
+
+WORKDIR /app
+
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY apps/*/package.json ./apps/
+COPY libraries/*/package.json ./libraries/
+
+RUN --mount=type=cache,id=pnpm-store,target=/root/.pnpm-store \
+    pnpm install --ignore-scripts
+
+# ---- Build stage ----
+FROM deps AS build
+
+COPY . .
+
+RUN --mount=type=cache,id=pnpm-store,target=/root/.pnpm-store \
+    pnpm install
+
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build:backend
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build:workers
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build:cron
+RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build:frontend
+
+# ---- Production dependencies stage ---
+FROM node:20-alpine3.19 AS prod-deps
+
+RUN npm --no-update-notifier --no-fund --global install [email protected]
+
+WORKDIR /app
+
+COPY . .
+
+RUN --mount=type=cache,id=pnpm-store,target=/root/.pnpm-store \
+    pnpm install --prod
+
+# --- Runtime stage ----
+FROM node:20-alpine3.19 AS runtime
+
+RUN apk add --no-cache nginx bash && \
+    adduser -D -g 'www' www && \
+    mkdir /www && \
+    chown -R www:www /var/lib/nginx /www && \
+    rm -rf /var/cache/apk/*
+
+WORKDIR /app
+
+RUN npm --no-update-notifier --no-fund --global install pm2 [email protected] && \
+    npm cache clean --force
+
+COPY package.json pnpm-workspace.yaml ./
+COPY --from=prod-deps /app/node_modules ./node_modules
+COPY --from=build /app/apps ./apps
+COPY --from=build /app/libraries ./libraries
+COPY var/docker/nginx.conf /etc/nginx/nginx.conf
+
+# cleanup
+RUN rm -rf /root/.npm /root/.pnpm-store /tmp/* /var/cache/apk/* && \
+    find . -name "*.map" -delete && \
+    find . -name "*.ts" -delete && \
+    find . -name "*.tsx" -delete && \
+    find . -name "*.jsx" -delete && \
+    find . -name "*.md" -delete && \
+    find . -name "LICENSE" -delete && \
+    find . -name "CHANGELOG" -delete && \
+    find . -name "README" -delete && \
+    find . -name "*.test.*" -delete && \
+    find . -name "*.spec.*" -delete
+
+EXPOSE 5000
+
+CMD ["sh", "-c", "nginx && pnpm run pm2"]

Jenkinsfile

@@ -47,7 +47,7 @@ pipeline {
                     '''
                     // Build Docker image
                     sh '''
-                        docker build -f Dockerfile.dev -t $IMAGE_TAG .
+                        docker build -f Dockerfile -t $IMAGE_TAG .
                     '''
                     // Push Docker image to GitHub Container Registry
                     sh '''

package.json

@@ -73,6 +73,7 @@
     "@neynar/react": "^0.9.7",
     "@postiz/wallets": "^0.0.1",
     "@prisma/client": "^6.5.0",
+    "prisma": "^6.5.0",
     "@sentry/nestjs": "^9.43.0",
     "@sentry/nextjs": "^9.43.0",
     "@sentry/profiling-node": "^9.43.0",
@@ -278,7 +279,6 @@
     "nodemon": "^3.1.9",
     "postcss": "8.4.38",
     "prettier": "^2.6.2",
-    "prisma": "^6.5.0",
     "react-refresh": "^0.10.0",
     "ts-jest": "^29.1.0",
     "ts-node": "10.9.2",