# syntax=docker/dockerfile:1.6 # # Proof of Work (proof-of-work) — StartOS 0.4 package image. # # Build context: repo root (see manifest.images.main.source.dockerBuild.workdir # which is set to '../..' so all COPY paths below are repo-root-relative). # # This Dockerfile is self-contained: it references only files under # `proof-of-work/` (the upstream app) and `start9/0.4/` (this wrapper). # # Data preservation (v1.0.0:1 — initial seeded cutover): # - This image bakes a one-time snapshot of the maintainer's live /data # volume under /app/seed/data so the cutover from the legacy `workout-log` # package preserves every workout, exercise, and preference. # - docker_entrypoint.sh copies the seed into the StartOS-managed /data # volume only on a truly-fresh first boot (both /data/app.db missing AND # /data/.seeded absent). Every subsequent boot leaves /data alone. # - v1.0.0:2 will strip the seed copy from the image and the seed-copy # branch from the entrypoint once the cutover is verified in production. # - A tiny empty-schema fallback DB is also COPYed from the builder stage # (at /app/prisma/data/app.db) as a safety net for fresh sideloads on a # brand-new host with no existing /data and no baked seed. FROM node:20-alpine AS builder WORKDIR /app # openssl: Prisma engine runtime # python3 + make + g++: native node-gyp builds (bcrypt). Even when the # `bcrypt` npm package ships musl prebuilts, a postinstall fallback # compile is the safety net — no compile, no boot. RUN apk add --no-cache openssl python3 make g++ COPY proof-of-work/package.json proof-of-work/package-lock.json ./ RUN npm ci COPY proof-of-work/ ./ RUN npx prisma generate # Build a fallback empty-but-schema-correct DB. Used by docker_entrypoint.sh # only when /data has no app.db AND no baked seed is available (i.e. after # v1.0.0:2 strips the seed). Seeded with the curated exercise library via # `npm run db:seed`, so a brand-new install still gets the full library. RUN mkdir -p /tmp-seed \ && DATABASE_URL=file:/tmp-seed/app.db npx prisma db push --skip-generate \ && DATABASE_URL=file:/tmp-seed/app.db npm run db:seed RUN npm run build FROM node:20-alpine AS runner WORKDIR /app RUN apk add --no-cache dumb-init curl openssl sqlite \ && addgroup -S nodejs -g 1001 \ && adduser -S nextjs -u 1001 -G nodejs ENV NODE_ENV=production \ HOSTNAME=0.0.0.0 \ PORT=3000 \ WORKOUT_DATA_DIR=/data \ WORKOUT_DB_PATH=/data/app.db \ WORKOUT_FALLBACK_SEED_DB_PATH=/app/prisma/data/app.db \ WORKOUT_BAKED_SEED_DB_PATH=/app/seed/data/app.db \ WORKOUT_LIBRARY_JSON_PATH=/app/prisma/exercises.seed.json # Next.js standalone runtime bundle COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static COPY --from=builder --chown=nextjs:nodejs /app/public ./public COPY --from=builder --chown=nextjs:nodejs /app/prisma ./prisma # Native bcrypt binding. Next.js standalone tracing usually picks up # the .node file but we copy explicitly as a belt-and-braces guard — # bundling failures here surface as auth being silently broken at boot. COPY --from=builder --chown=nextjs:nodejs /app/node_modules/bcrypt ./node_modules/bcrypt # Empty-schema fallback DB (used only when no baked seed is available on a # brand-new sideload). COPY --from=builder --chown=nextjs:nodejs /tmp-seed/app.db /app/prisma/data/app.db # Baked one-time cutover seed: the maintainer's live /data snapshot pulled # off the running `workout-log` host via refresh_seed.sh. Copied into /data # only on truly-fresh first boot. Removed in v1.0.0:2. COPY --chown=nextjs:nodejs start9/0.4/seed/data /app/seed/data # Container entrypoint and diagnostic healthcheck COPY start9/0.4/docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh COPY start9/0.4/healthcheck.sh /usr/local/bin/healthcheck.sh RUN chmod +x /usr/local/bin/docker_entrypoint.sh /usr/local/bin/healthcheck.sh \ && mkdir -p /data \ && chown -R nextjs:nodejs /app /data EXPOSE 3000 ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]