From 466459373aa28aefc411b54310b2f1f410d7400a Mon Sep 17 00:00:00 2001 From: Malin Date: Tue, 10 Mar 2026 09:18:23 +0100 Subject: [PATCH] fix: move next build to image build time, drop yarn, add runner stage MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Build Next.js app during docker build (not on container start) — fixes yarn cache permission errors and makes container startup instant - Remove yarn.lock during build so nothing can accidentally invoke yarn - Add lean runner stage: copies only .next, node_modules, public — reduces final image size - npm start is now the only thing that runs at container start Co-Authored-By: Claude Sonnet 4.6 --- Dockerfile | 45 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 35 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 530d04b..db8131a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,55 @@ -# https://nextjs.org/docs/deployment#docker-image - +# ── Stage 1: install dependencies ────────────────────────────────────────── FROM node:lts-alpine AS deps RUN apk add --no-cache libc6-compat WORKDIR /app COPY package.json package-lock.json* ./ RUN npm install --legacy-peer-deps +# ── Stage 2: build the Next.js app ────────────────────────────────────────── FROM node:lts-alpine AS builder +WORKDIR /app + +# Create non-root user +RUN addgroup -g 1001 -S nodejs && \ + adduser -S nextjs -u 1001 + +# Copy source and deps +COPY --chown=nextjs:nodejs . . +COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules + +# Remove yarn.lock so nothing accidentally invokes yarn +RUN rm -f yarn.lock + +# Ensure data dir is writable at runtime +RUN mkdir -p /app/data && chown -R nextjs:nodejs /app/data && chmod 755 /app/data + +# Build the app at image build time (not at container start) +USER nextjs +ENV NODE_ENV=production +ENV NEXT_TELEMETRY_DISABLED=1 +RUN npm run build + +# ── Stage 3: production runner ─────────────────────────────────────────────── +FROM node:lts-alpine AS runner RUN apk add --no-cache curl WORKDIR /app RUN addgroup -g 1001 -S nodejs && \ adduser -S nextjs -u 1001 -COPY --chown=nextjs:nodejs . . -COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules +# Copy only what's needed to run +COPY --from=builder --chown=nextjs:nodejs /app/public ./public +COPY --from=builder --chown=nextjs:nodejs /app/.next ./.next +COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules +COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json +COPY --from=builder --chown=nextjs:nodejs /app/next.config.js ./next.config.js -# Ensure the data directory exists and is writable by the nextjs user RUN mkdir -p /app/data && chown -R nextjs:nodejs /app/data && chmod 755 /app/data USER nextjs - EXPOSE 3000 - -ENV NODE_ENV production -ENV NEXT_TELEMETRY_DISABLED 1 +ENV NODE_ENV=production +ENV NEXT_TELEMETRY_DISABLED=1 HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:3000/ || exit 1 @@ -32,4 +57,4 @@ CMD NEXT_PUBLIC_SITE_DOMAIN=$site_domain \ NEXT_PUBLIC_FORCE_DEFAULT_THEME=$force_default_theme \ NEXT_PUBLIC_DEFAULT_SOURCE_LANG=$default_source_lang \ NEXT_PUBLIC_DEFAULT_TARGET_LANG=$default_target_lang \ - npm run build && npm start + npm start