From 78a122b3ea7020fe750a1f619cc7129ea12844b0 Mon Sep 17 00:00:00 2001
From: Christian Kellner <Christian.Kellner1@ibm.com>
Date: Mon, 26 May 2025 12:07:22 +0200
Subject: [PATCH] improve docker build

---
 .github/workflows/docker.yml |  6 +++++
 Dockerfile                   | 48 +++++++++++++++++++++++++-----------
 2 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 5514c13..731a08c 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -18,6 +18,10 @@ jobs:
       contents: read
       packages: write
 
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -51,3 +55,5 @@ jobs:
           platforms: linux/amd64,linux/arm64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
index bcecd88..ccc96f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,46 @@
-FROM node:22
+# Stage 1: build
+FROM node:22-slim AS builder
 
 WORKDIR /fredy
 
-COPY . /fredy
-
-RUN apt-get update && apt-get install -y chromium
+# Install Chromium without extra recommended packages and clean apt cache
+RUN apt-get update && apt-get install -y --no-install-recommends chromium \
+ && rm -rf /var/lib/apt/lists/*
 
 ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true \
-  PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
+    PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
 
-# Timeout fix für yarn hinzugefügt
-RUN yarn config set network-timeout 600000
+# Copy manifest for better cache usage
+COPY package.json yarn.lock ./
 
-RUN yarn install
-
-RUN yarn global add pm2
+# Increase yarn timeout, install deps and pm2 globally
+RUN yarn config set network-timeout 600000 \
+ && yarn install --frozen-lockfile \
+ && yarn global add pm2
 
+# Copy app sources and build production assets
+COPY . .
 RUN yarn run prod
 
-RUN mkdir /db /conf && \
-  chown 1000:1000 /db /conf && \
-  chmod 777 -R /db/ && \
-  ln -s /db /fredy/db && ln -s /conf /fredy/conf
+# Stage 2: runtime
+FROM node:22-slim AS runner
+
+WORKDIR /fredy
+
+# Copy entire build directory from builder instead of individual folders
+COPY --from=builder /fredy /fredy
+# Copy Chromium executable
+COPY --from=builder /usr/bin/chromium /usr/bin/chromium
+
+# Create non-root user, prepare volumes and permissions
+RUN groupadd -r app && useradd -r -g app app \
+ && mkdir /db /conf \
+ && chown app:app /db /conf \
+ && chmod 777 /db /conf
+
+USER app
 
 EXPOSE 9998
 
-CMD pm2-runtime index.js
+# Run with pm2-runtime for proper process management
+CMD ["pm2-runtime", "index.js"]
\ No newline at end of file