From 0ccf3b42e4102f778da7b5ad34b8ff1e7f99a4af Mon Sep 17 00:00:00 2001
From: Karmaa <bugattiguy527@gmail.com>
Date: Sun, 16 Mar 2025 20:32:06 -0500
Subject: [PATCH] Optimize github build workflow

---
 .github/workflows/docker-image.yml | 40 ++++++++++++--------
 docker/Dockerfile                  | 60 +++++++++++++++---------------
 docker/entrypoint.sh               | 23 ++++++------
 3 files changed, 67 insertions(+), 56 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 9ed4e074..bbd5f8a4 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -16,24 +16,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v2
-        with:
-          node-version: '18'
-
-      - name: Install Dependencies and Build Frontend
-        run: |
-          cd src
-          npm ci
-          npm run build
-
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Setup Docker Buildx
+      - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v2
+        with:
+          buildkitd-flags: --debug
+          driver-opts: |
+            image=moby/buildkit:v0.12.0
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
 
       - name: Login to Docker Registry
         uses: docker/login-action@v2
@@ -61,6 +59,16 @@ jobs:
           platforms: linux/amd64,linux/arm64
           tags: ghcr.io/${{ env.REPO_OWNER }}/termix:${{ env.IMAGE_TAG }}
           labels: org.opencontainers.image.source=https://github.com/${{ github.repository }}
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+          build-args: |
+            BUILDKIT_INLINE_CACHE=1
+
+      # Temp fix for https://github.com/docker/build-push-action/issues/252
+      - name: Move cache
+        run: |
+          rm -rf /tmp/.buildx-cache
+          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
       - name: Notify via ntfy
         run: |
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 798f23f8..701cf125 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -22,39 +22,52 @@ RUN apk add --no-cache python3 make g++ \
     && rm -rf /root/.npm
 
 # Stage 4: Final production image
-FROM ubuntu:20.04
+FROM ubuntu:20.04 as base
 
 # Prevent interactive prompts during package installation
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive \
+    NODE_VERSION=18.x \
+    MONGO_VERSION=4.4.24 \
+    MONGO_URL=mongodb://localhost:27017/termix \
+    MONGODB_DATA_DIR=/data/db \
+    MONGODB_LOG_DIR=/var/log/mongodb \
+    NODE_ENV=production
 
-# Install MongoDB 4.4
+# Create users first
+RUN groupadd -r mongodb && useradd -r -g mongodb mongodb \
+    && groupadd -r node && useradd -r -g node -m node
+
+# Install all dependencies in one layer
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-        wget \
-        gnupg \
-        ca-certificates && \
+        wget gnupg ca-certificates gosu \
+        nginx supervisor && \
+    # Add MongoDB repo
     wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - && \
     echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list && \
-    # Install Node.js, nginx, and MongoDB
-    wget -qO- https://deb.nodesource.com/setup_18.x | bash - && \
+    # Add Node.js repo
+    wget -qO- https://deb.nodesource.com/setup_${NODE_VERSION} | bash - && \
+    # Install Node.js and MongoDB
     apt-get update && \
     apt-get install -y --no-install-recommends \
         nodejs \
-        nginx \
-        mongodb-org=4.4.24 \
-        mongodb-org-server=4.4.24 \
-        mongodb-org-shell=4.4.24 \
-        mongodb-org-mongos=4.4.24 \
-        mongodb-org-tools=4.4.24 && \
+        mongodb-org=${MONGO_VERSION} \
+        mongodb-org-server=${MONGO_VERSION} \
+        mongodb-org-shell=${MONGO_VERSION} \
+        mongodb-org-mongos=${MONGO_VERSION} \
+        mongodb-org-tools=${MONGO_VERSION} && \
     # Cleanup
     apt-get clean && \
-    rm -rf /var/lib/apt/lists/* && \
-    rm -rf /var/cache/apt/* && \
-    rm -rf /root/.npm /tmp/*
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/* /root/.npm /tmp/* && \
+    # Create necessary directories
+    mkdir -p /data/db /var/log/{nginx,mongodb} /var/lib/nginx /var/run/mongodb && \
+    chown -R mongodb:mongodb /data/db /var/log/mongodb /var/run/mongodb && \
+    chown -R www-data:www-data /var/log/nginx /var/lib/nginx
 
 # Configure nginx and copy frontend
 COPY docker/nginx.conf /etc/nginx/nginx.conf
 COPY --from=frontend-builder /app/dist /usr/share/nginx/html
+RUN chown -R www-data:www-data /usr/share/nginx/html
 
 # Setup backend with pre-built bcrypt
 WORKDIR /app
@@ -62,18 +75,7 @@ COPY package*.json ./
 RUN npm ci --only=production --ignore-scripts
 COPY --from=bcrypt-builder /app/node_modules/bcrypt /app/node_modules/bcrypt
 COPY --from=backend-builder /app/src/backend ./src/backend
-
-# Create necessary directories and set permissions
-RUN mkdir -p /data/db /var/log/{nginx,mongodb} /var/lib/nginx /var/run/mongodb \
-    && chown -R mongodb:mongodb /data/db /var/log/mongodb /var/run/mongodb \
-    && chown -R www-data:www-data /var/log/nginx /var/lib/nginx \
-    && rm -rf /root/.npm /tmp/*
-
-# Set environment variables
-ENV MONGO_URL=mongodb://localhost:27017/termix \
-    MONGODB_DATA_DIR=/data/db \
-    MONGODB_LOG_DIR=/var/log/mongodb \
-    NODE_ENV=production
+RUN chown -R node:node /app
 
 # Create volume for MongoDB data
 VOLUME ["/data/db"]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index c7a259b9..5253035c 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -2,19 +2,19 @@
 set -e
 
 # Create MongoDB pid directory if it doesn't exist
-mkdir -p /var/run/mongodb
-chown mongodb:mongodb /var/run/mongodb
+mkdir -p /var/run/mongodb /data/db /var/log/mongodb
+chown -R mongodb:mongodb /var/run/mongodb /data/db /var/log/mongodb
 
-# Start MongoDB
+# Start MongoDB (first without --fork to see errors)
 echo "Starting MongoDB..."
-mongod --fork --dbpath $MONGODB_DATA_DIR --logpath $MONGODB_LOG_DIR/mongodb.log --pidfilepath /var/run/mongodb/mongod.pid
+gosu mongodb mongod --dbpath $MONGODB_DATA_DIR --logpath $MONGODB_LOG_DIR/mongodb.log &
+MONGO_PID=$!
 
-# Wait for MongoDB to be ready (using mongo instead of mongosh for MongoDB 4.4)
+# Wait for MongoDB to be ready
 echo "Waiting for MongoDB to start..."
-until mongo --eval "print(\"waited for connection\")" > /dev/null 2>&1; do
+until gosu mongodb mongo --eval "print(\"waited for connection\")" > /dev/null 2>&1; do
     sleep 0.5
-    # Check if MongoDB is still running
-    if ! pgrep -x "mongod" > /dev/null; then
+    if ! kill -0 $MONGO_PID 2>/dev/null; then
         echo "MongoDB failed to start. Checking logs:"
         cat $MONGODB_LOG_DIR/mongodb.log
         exit 1
@@ -26,16 +26,17 @@ echo "MongoDB has started"
 echo "Starting nginx..."
 nginx
 
-# Change to app directory
+# Change to app directory and ensure permissions
 cd /app
+chown -R node:node /app
 
 # Start the SSH service
 echo "Starting SSH service..."
-node src/backend/ssh.cjs &
+gosu node node src/backend/ssh.cjs &
 
 # Start the database service
 echo "Starting database service..."
-node src/backend/database.cjs &
+gosu node node src/backend/database.cjs &
 
 # Keep the container running and show MongoDB logs
 echo "All services started. Tailing MongoDB logs..."