Refactor for improved podman support

2025-08-09 00:49:27 +02:00 · 2025-07-29 15:04:40 +02:00 · 2025-07-29 15:04:40 +02:00 · c088b08e77
commit c088b08e77
parent bc92824b4c
2 changed files with 34 additions and 11 deletions
--- a/44
+++ b/44
@ -1,31 +1,53 @@
 # syntax=docker/dockerfile:1
-ARG NODE_VERSION=${NODE_VERSION:-22.14}
-ARG OS=${OS:-alpine}
+ARG NODE_VERSION=22.14
+ARG OS=alpine

 FROM node:${NODE_VERSION}-${OS}

+# Create non-root user for rootless operation
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+
+# Install git (already present, but ensure it’s available)
+RUN apk add --no-cache git
+
+# Set environment variables
 ENV VITE_BYPASS_LOGIN=1 \
    VITE_BYPASS_TUTORIAL=0 \
    NEXT_TELEMETRY_DISABLED=1 \
-    PNP_HOME=/root/.shrc \
+    PNP_HOME=/home/appuser/.shrc \
    NODE_ENV=production \
    PORT=8000

-RUN apk add --no-cache git
-
+# Set working directory
 WORKDIR /app

+# Enable and prepare pnpm
 RUN corepack enable && corepack prepare pnpm@10 --activate

+# Copy package files first for caching
+COPY package.json pnpm-lock.yaml ./
+
+# Initialize Git repository and copy .git (for submodules and lefthook)
+COPY .git ./.git
+COPY .gitmodules ./.gitmodules
+
+# Install dependencies and initialize submodules
+RUN --mount=type=cache,target=/home/appuser/.pnpm-store \
+    git config --global --add safe.directory /app && \
+    git submodule update --init --recursive && \
+    pnpm install --frozen-lockfile
+
+# Copy remaining files
 COPY . .

-RUN --mount=type=bind,source=package.json,target=package.json \
-    --mount=type=bind,source=package-lock.json,target=package-lock.json \
-    --mount=type=cache,target=/root/.npm \
-    npm ci
+# Change ownership for rootless compatibility
+RUN chown -R appuser:appgroup /app

-RUN pnpm install
+# Switch to non-root user
+USER appuser

+# Expose port
 EXPOSE $PORT

-CMD pnpm start:dev -- --host --port $PORT
+# Start the app
+CMD ["pnpm", "start:podman", "--", "--host", "--port", "$PORT"]
--- a/package.json
+++ b/package.json
@ -6,6 +6,7 @@
  "scripts": {
    "start": "vite",
    "start:dev": "vite --mode development",
+    "start:podman": "vite --mode development --host 0.0.0.0 --port $PORT",
    "build": "vite build",
    "build:beta": "vite build --mode beta",
    "preview": "vite preview",