viktor/wrongmove
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wrongmove/frontend/Dockerfile
Viktor Barzin 9bb5320e2b wrongmove: write VITE_MAPBOX_TOKEN to .env.production in CI (replaces broken build_args) 
The previous attempt passed the Mapbox token via `--build-arg`, but
the docker-buildx plugin's KEY=VALUE list-parser mangled the value
(the rendered command was `--build-arg *=VITE_MAPBOX_TOKEN=********`,
key got lost). Inspecting `viktorbarzin/immoweb:45` confirmed
`pk.eyJ...` was nowhere in the bundle.

Switching to the idiomatic Vite path: a new `prepare-frontend-env`
commands step writes `frontend/.env.production` from the
`wrongmove-mapbox-token` Woodpecker secret. `COPY . .` in the
Dockerfile pulls the file into the build context, and Vite
auto-loads `.env.production` during `npx vite build`.

Net diff:
- `.woodpecker/frontend.yml`: new prepare step, build step now
  depends on it, dropped the build_args line.
- `frontend/Dockerfile`: dropped the ARG/ENV lines (no longer needed,
  also silences `SecretsUsedInArgOrEnv` linter warning).
- `frontend/.gitignore`: ignore `.env.production` / `.env.local` so
  the CI-written file never gets accidentally committed.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-15 22:10:25 +00:00

61 lines
1.7 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# Stage 1: Install dependencies (cached if package-lock.json unchanged)
FROM node:24-alpine AS deps
WORKDIR /app
# Limit Node.js heap to avoid OOM in constrained CI environments
ENV NODE_OPTIONS="--max-old-space-size=1024"
# Copy package files first for better layer caching
COPY package.json package-lock.json* ./
RUN --mount=type=cache,target=/root/.npm \
npm ci
# Stage 2: Run tests (fails the build if tests fail)
FROM deps AS test
COPY . .
RUN npx vitest run
# Stage 3: Build production bundle
FROM deps AS builder
# VITE_MAPBOX_TOKEN comes in via frontend/.env.production (written by the
# prepare-frontend-env Woodpecker step). Vite auto-loads .env.production in
# production mode, so no Dockerfile ARG/ENV is required.
COPY . .
# Skip tsc type-checking (vitest already validated); Vite transpiles via SWC
RUN npx vite build
# Stage 4: Serve with nginx
FROM nginx:alpine AS production
# Remove default nginx static files
RUN rm -rf /usr/share/nginx/html/*
WORKDIR /app
COPY --from=builder /app/dist /usr/share/nginx/html
COPY --from=builder /app/nginx.conf /etc/nginx/conf.d/default.conf
# Configure nginx to run as non-root
RUN chown -R nginx:nginx /usr/share/nginx/html && \
chown -R nginx:nginx /var/cache/nginx && \
chown -R nginx:nginx /var/log/nginx && \
touch /run/nginx.pid && chown nginx:nginx /run/nginx.pid && \
sed -i 's/listen 80;/listen 8080;/' /etc/nginx/conf.d/default.conf && \
sed -i 's/^user /#user /' /etc/nginx/nginx.conf
USER nginx
EXPOSE 8080
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1
CMD ["nginx", "-g", "daemon off;"]
Reference in a new issue View git blame Copy permalink