# ───────────────────────────────────────────────────────── # Recap — StartOS 0.4 Docker image # # Includes: Node.js 20, Python 3, yt-dlp, ffmpeg # # Uses Debian slim (not Alpine) because: # - Debian is more reliable for pip-installed packages with C deps # ───────────────────────────────────────────────────────── # ── Stage 1: Install Node.js dependencies ────────────────── FROM node:20-slim AS builder # @keysat/licensing-client is a private git repo, so we vendor its built # output into vendor/ and reference it via a file: dep. That removes any # need for git or credentials in the build container. # # The vendor package needs its own node_modules (for @noble/ed25519 etc.) # because npm's file: deps create a symlink, and Node's module resolver # walking up from a symlinked location won't find the parent project's # node_modules. Installing inside the vendor dir is the simplest fix. WORKDIR /app COPY vendor/keysat-licensing-client /app/vendor/keysat-licensing-client WORKDIR /app/vendor/keysat-licensing-client RUN npm install --omit=dev --ignore-scripts WORKDIR /app/server COPY server/package.json server/package-lock.json* ./ RUN npm ci --omit=dev --ignore-scripts 2>/dev/null || npm install --omit=dev --ignore-scripts # better-sqlite3 is a native (C++) module — `--ignore-scripts` above # skips the postinstall hook that fetches its prebuilt binary for our # platform. Rebuild it explicitly so prebuild-install runs. python3 + # make + g++ are the fallback toolchain if no prebuilt matches (e.g. # on uncommon arches); on linux-x64/arm64 the prebuild downloads in # seconds and the compiler is never invoked. This stage is discarded # from the final image, so the install footprint doesn't matter. RUN apt-get update && apt-get install -y --no-install-recommends \ python3 make g++ \ && npm rebuild better-sqlite3 \ && rm -rf /var/lib/apt/lists/* # ── Stage 2: Final runtime image ─────────────────────────── FROM node:20-slim AS runner WORKDIR /app # Install runtime dependencies: # - dumb-init: proper PID 1 signal handling in containers # - curl: health checks + yt-dlp binary downloads # - python3 + pip: yt-dlp installation and updates # - ffmpeg: audio extraction, splitting, and duration detection # - ca-certificates: HTTPS for YouTube/Gemini API calls RUN apt-get update && apt-get install -y --no-install-recommends \ dumb-init \ curl \ python3 \ python3-pip \ python3-venv \ ffmpeg \ ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && pip3 install --break-system-packages yt-dlp \ && yt-dlp --version # Copy Node.js app from builder COPY --from=builder /app/vendor ./vendor/ COPY --from=builder /app/server/node_modules ./server/node_modules/ COPY server/package.json ./server/ # Top-level *.js files (index.js, license.js, util.js, gemini-helpers.js, # audio.js, ytdlp.js, cookies.js, config.js, license-middleware.js, # history.js, library.js, admin-auth.js, …) PLUS the providers/ # subdirectory (multi-provider AI adapters). Anything new added in # `server//` needs its own COPY line — the glob does not recurse. COPY server/*.js ./server/ COPY server/providers/ ./server/providers/ COPY public/ ./public/ COPY assets/ ./assets/ # Copy entrypoint scripts COPY docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh RUN chmod +x /usr/local/bin/docker_entrypoint.sh # Create persistent data mount point RUN mkdir -p /data ENV NODE_ENV=production \ PORT=3001 \ DATA_DIR=/data EXPOSE 3001 ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]