diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 4366990..b850d3a 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -29,10 +29,6 @@ jobs: images: srizan10/hclive tags: latest - - name: Set outputs - id: vars - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - - name: Build and push Docker image uses: docker/build-push-action@v6 with: @@ -45,8 +41,6 @@ jobs: secrets: | TURBO_TOKEN=${{ secrets.TURBO_TOKEN }} TURBO_TEAM=${{ secrets.TURBO_TEAM }} - build-args: | - commit=${{ steps.vars.outputs.sha_short }} db: name: Push db to Docker Hub runs-on: ubuntu-latest diff --git a/apps/web/Dockerfile b/apps/web/Dockerfile index 79e3428..f2aa9b7 100644 --- a/apps/web/Dockerfile +++ b/apps/web/Dockerfile @@ -2,13 +2,16 @@ FROM node:lts-alpine AS base FROM base AS builder RUN apk update -RUN apk add --no-cache libc6-compat +RUN apk add --no-cache libc6-compat git # Set working directory WORKDIR /app # Replace with the major version installed in your repository. For example: # RUN yarn global add turbo@^2 RUN yarn global add turbo@^2 COPY . . + +# Get the git commit hash before pruning (since .git might be removed) +RUN git rev-parse --short HEAD > /tmp/commit_hash || echo "unknown" > /tmp/commit_hash # Generate a partial monorepo with a pruned lockfile for a target workspace. # Assuming "web" is the name entered in the project's package.json: { name: "web" } @@ -18,8 +21,12 @@ RUN turbo prune @hctv/web --docker FROM base AS installer RUN apk update RUN apk add --no-cache libc6-compat git -ARG commit=0 -ENV commit=$commit +# Get the commit hash from the builder stage +COPY --from=builder /tmp/commit_hash /tmp/commit_hash +# Read commit hash and set as build arg +ARG COMMIT_HASH_FILE=/tmp/commit_hash +RUN COMMIT_HASH=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \ + echo "COMMIT_HASH=$COMMIT_HASH" > /tmp/build_env WORKDIR /app # First install the dependencies (as they change less often) @@ -27,19 +34,28 @@ COPY --from=builder /app/out/json/ . RUN yarn install --frozen-lockfile COPY --from=builder /app/out/full/ . -RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build +RUN --mount=type=secret,id=TURBO_TOKEN --mount=type=secret,id=TURBO_TEAM \ + . /tmp/build_env && \ + export commit=$COMMIT_HASH && \ + TURBO_TOKEN=$(cat /run/secrets/TURBO_TOKEN) TURBO_TEAM=$(cat /run/secrets/TURBO_TEAM) yarn turbo run build FROM base AS runner WORKDIR /app RUN apk add --no-cache ffmpeg -ARG commit=0 -ENV commit=$commit - # Don't run production as root RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs + +# Get the commit hash from the installer stage and create a startup script +COPY --from=installer /tmp/commit_hash /tmp/commit_hash +RUN COMMIT_VALUE=$(cat /tmp/commit_hash 2>/dev/null || echo "unknown") && \ + echo "#!/bin/sh" > /usr/local/bin/start.sh && \ + echo "export commit=$COMMIT_VALUE" >> /usr/local/bin/start.sh && \ + echo "exec node apps/web/server.js" >> /usr/local/bin/start.sh && \ + chmod +x /usr/local/bin/start.sh + USER nextjs # Automatically leverage output traces to reduce image size @@ -48,4 +64,4 @@ COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/standalone ./ COPY --from=installer --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static COPY --from=installer --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public -CMD node apps/web/server.js \ No newline at end of file +CMD ["/usr/local/bin/start.sh"] \ No newline at end of file