Keysat
81 lines
3.2 KiB
Docker
81 lines
3.2 KiB
Docker
# ─────────────────────────────────────────────────────────
|
|
# Recap Relay — StartOS 0.4 Docker image
|
|
#
|
|
# Includes: Node.js 20 + yt-dlp + ffmpeg + Python. yt-dlp + ffmpeg are
|
|
# needed by the /relay/transcribe-url endpoint, which downloads
|
|
# YouTube / direct-audio URLs server-side so Recap clients don't have
|
|
# to ship the audio over their own (often slow) upstream.
|
|
#
|
|
# Uses Debian slim for the same reason Recap does — pip-free, but
|
|
# pulled-in C deps from npm packages prefer glibc over musl.
|
|
# ─────────────────────────────────────────────────────────
|
|
|
|
# ── Stage 1: install dependencies ──────────────────────────
|
|
FROM node:20-slim AS builder
|
|
|
|
# @keysat/licensing-client is vendored from a private git repo into
|
|
# vendor/keysat-licensing-client. Install its deps in place first so
|
|
# the file: dep on it works downstream.
|
|
WORKDIR /app
|
|
COPY vendor/keysat-licensing-client /app/vendor/keysat-licensing-client
|
|
WORKDIR /app/vendor/keysat-licensing-client
|
|
RUN npm install --omit=dev --ignore-scripts
|
|
|
|
WORKDIR /app/server
|
|
COPY server/package.json server/package-lock.json* ./
|
|
RUN npm ci --omit=dev --ignore-scripts 2>/dev/null || npm install --omit=dev --ignore-scripts
|
|
|
|
# ── Stage 2: final runtime image ───────────────────────────
|
|
FROM node:20-slim AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
# Runtime deps:
|
|
# - dumb-init: PID 1 signal handling
|
|
# - ca-certificates: HTTPS for Gemini + Keysat
|
|
# - python3 + pip: yt-dlp installation
|
|
# - ffmpeg: audio extraction (yt-dlp invokes it for -x)
|
|
# - curl: yt-dlp self-update fallback
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
dumb-init \
|
|
ca-certificates \
|
|
curl \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
ffmpeg \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& pip3 install --break-system-packages yt-dlp \
|
|
&& yt-dlp --version
|
|
|
|
# Copy installed deps + app code from builder
|
|
COPY --from=builder /app/vendor ./vendor/
|
|
COPY --from=builder /app/server/node_modules ./server/node_modules/
|
|
COPY server/package.json ./server/
|
|
# Top-level *.js files (index.js, config.js, credits.js, admin-auth.js,
|
|
# job-credits.js, keysat-client.js) plus the backends/ + routes/
|
|
# subdirectories. Anything added under server/<subdir>/ needs its own
|
|
# COPY line — the glob doesn't recurse.
|
|
COPY server/*.js ./server/
|
|
COPY server/backends/ ./server/backends/
|
|
COPY server/routes/ ./server/routes/
|
|
COPY public/ ./public/
|
|
# Issuer public key for offline license verification. Without this
|
|
# assets/ COPY, keysat-client.js can't load the PEM at runtime and
|
|
# falls back to "all licenses are anonymous" — which silently degrades
|
|
# every paid tier to Core. Same file Recap-app ships at assets/issuer.pub.
|
|
COPY assets/ ./assets/
|
|
|
|
COPY docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
|
|
RUN chmod +x /usr/local/bin/docker_entrypoint.sh
|
|
|
|
RUN mkdir -p /data
|
|
|
|
ENV NODE_ENV=production \
|
|
PORT=3002 \
|
|
DATA_DIR=/data
|
|
|
|
EXPOSE 3002
|
|
|
|
ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]
|