dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

v1.7.0 #318

Merged
LukeGus merged 138 commits from dev-1.7.0 into main 2025-10-01 20:40:10 +00:00
Conversation 3 Commits 138 Files Changed 115 +11 -16
1 changed files with 11 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6ec5a4106b - Show all commits

27
docker/Dockerfile
View File

@@ -1,19 +1,16 @@
# Stage 1: Install dependencies and build frontend
FROM node:22-alpine AS deps
FROM node:22-bullseye AS deps
WORKDIR /app
RUN apk add --no-cache python3 make g++
RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
COPY package*.json ./
ENV npm_config_target_platform=linux
ENV npm_config_target_arch=x64
ENV npm_config_target_libc=musl
ENV npm_config_target_libc=glibc
RUN npm ci --force --ignore-scripts && \
if [ "$(uname -m)" = "x86_64" ]; then \
npm install @rollup/rollup-linux-x64-musl @esbuild/linux-x64 --force; \
fi && \
npm cache clean --force
# Stage 2: Build frontend
@@ -22,10 +19,7 @@ WORKDIR /app
gemini-code-assist[bot] commented 2025-10-01 20:38:40 +00:00 (Migrated from github.com)
Review
Copy Link

high

This command removes package-lock.json and uses npm install --force, which undermines the principle of reproducible builds. Using npm ci is strongly recommended for Docker builds as it installs dependencies exactly as specified in package-lock.json, ensuring that the build is consistent and deterministic across all environments. If there are dependency conflicts, they should be resolved in package.json rather than being bypassed with --force.

RUN npm ci --ignore-scripts && \
    npm cache clean --force
![high](https://www.gstatic.com/codereviewagent/high-priority.svg) This command removes `package-lock.json` and uses `npm install --force`, which undermines the principle of reproducible builds. Using `npm ci` is strongly recommended for Docker builds as it installs dependencies exactly as specified in `package-lock.json`, ensuring that the build is consistent and deterministic across all environments. If there are dependency conflicts, they should be resolved in `package.json` rather than being bypassed with `--force`. ``` RUN npm ci --ignore-scripts && \ npm cache clean --force ```
COPY . .
RUN if [ "$(uname -m)" = "x86_64" ]; then \
npm install @rollup/rollup-linux-x64-musl @esbuild/linux-x64 --force; \
fi && \
npm cache clean --force && \
RUN npm cache clean --force && \
npm run build
# Stage 3: Build backend TypeScript
@@ -36,37 +30,38 @@ COPY . .
ENV npm_config_target_platform=linux
ENV npm_config_target_arch=x64
ENV npm_config_target_libc=musl
ENV npm_config_target_libc=glibc
RUN npm rebuild better-sqlite3 --force
RUN npm run build:backend
# Stage 4: Production dependencies only
FROM node:22-alpine AS production-deps
FROM node:22-bullseye AS production-deps
WORKDIR /app
RUN apk add --no-cache python3 make g++
RUN apt-get update && apt-get install -y python3 make g++ && rm -rf /var/lib/apt/lists/*
COPY package*.json ./
ENV npm_config_target_platform=linux
ENV npm_config_target_arch=x64
ENV npm_config_target_libc=musl
ENV npm_config_target_libc=glibc
RUN npm ci --only=production --ignore-scripts --force && \
npm rebuild better-sqlite3 bcryptjs --force && \
npm cache clean --force
# Stage 5: Final optimized image
FROM node:22-alpine
FROM node:22-bullseye
WORKDIR /app
ENV DATA_DIR=/app/data \
PORT=8080 \
NODE_ENV=production
RUN apk add --no-cache nginx gettext su-exec openssl && \
RUN apt-get update && apt-get install -y nginx gettext-base openssl && \
rm -rf /var/lib/apt/lists/* && \
mkdir -p /app/data && \
chown -R node:node /app/data