From 0a345aa3b265963be37b1e5a514e343a2d115a7d Mon Sep 17 00:00:00 2001 From: Thorsten Bus Date: Mon, 11 May 2026 13:37:58 +0200 Subject: [PATCH] fix(docker): remove Node.js from production stage; add public-build asset sync pattern - Remove Node.js from production image (was violating Must NOT Have constraint) - Add 'RUN cp -r /app/public /app/public-build' in build stage after npm run build - Replace 'npm run build' in boot-container.sh with 'cp -r /app/public-build/*' - Add chown www-data for SQLite DB file in init-app.sh - Remove git from production stage package list (not in plan spec) - Update ENTRYPOINT comment to reflect new asset sync approach --- build/Dockerfile | 14 ++++++-------- build/boot-container.sh | 4 ++-- build/init-app.sh | 1 + 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 5697e62..95e4140 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -52,6 +52,10 @@ RUN composer run-script post-autoload-dump --no-interaction || true RUN npm run build +# Copy built Vite assets to /app/public-build so they survive the bind-mount at runtime. +# At boot, boot-container.sh copies from /app/public-build/ into the bind-mounted /app/public/. +RUN cp -r /app/public /app/public-build + # ============================================================================= # Stage 2: Production @@ -74,12 +78,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ unzip \ zip \ curl \ - git \ - && rm -rf /var/lib/apt/lists/* - -# Node.js 20 LTS — needed at boot to build Vite assets into the bind-mounted public/ -RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ - && apt-get install -y --no-install-recommends nodejs \ && rm -rf /var/lib/apt/lists/* # LibreOffice for PowerPoint → PDF conversion (large layer, separate cache) @@ -133,7 +131,7 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ cgi-fcgi -bind -connect 127.0.0.1:9000 2>/dev/null | grep -q "pong" || exit 1 # boot-container.sh runs as root: creates dirs, sets permissions, -# creates DB on first run, builds Vite assets, runs migrations, -# warms caches, then exec's supervisord (CMD). +# creates DB on first run, syncs pre-built Vite assets from /app/public-build/, +# runs migrations, warms caches, then exec's supervisord (CMD). ENTRYPOINT ["/app/build/boot-container.sh"] CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/conf.d/supervisord.conf"] diff --git a/build/boot-container.sh b/build/boot-container.sh index 731df0e..1eccc2a 100755 --- a/build/boot-container.sh +++ b/build/boot-container.sh @@ -26,8 +26,8 @@ chmod -R 775 storage bootstrap/cache database 2>/dev/null || true rm -f /app/public/hot -echo "[boot] Building Vite assets..." -npm run build +echo "[boot] Syncing pre-built Vite assets to bind-mounted public/ ..." +cp -r /app/public-build/* /app/public/ 2>/dev/null || true # Create RELATIVE storage symlink (public/storage → ../storage/app/public). # Must be relative: Caddy serves the bind-mounted ./public from the host, where diff --git a/build/init-app.sh b/build/init-app.sh index 58b66c2..ddebd2e 100755 --- a/build/init-app.sh +++ b/build/init-app.sh @@ -13,6 +13,7 @@ fi echo "[init] First run detected — initializing application..." touch "$DB_PATH" +chown www-data:www-data "$DB_PATH" chmod 664 "$DB_PATH" if [ -z "${APP_KEY}" ]; then