Keysat
8aaa405843
The keysat-client-ts repo is private. Previous builds were succeeding
purely because Docker layer caching reused a node_modules from when
the repo had been accessible — once anything invalidated the
server/package.json or server/package-lock.json hash (the rename did),
npm in a fresh container hit github with no credentials and 404'd.
Fix: copy the built dist/ from server/node_modules/@keysat/licensing-
client/ into vendor/keysat-licensing-client/, strip the prepare/build
scripts (we already have the compiled output), and switch the server
package.json dep to a file: path:
"@keysat/licensing-client": "file:../vendor/keysat-licensing-client"
Dockerfile now COPY's vendor/ before npm ci. No git, no SSH, no
credentials needed in the build container — and the npm step is
pure-local so it's deterministic.
Side cleanup: dropped the apt-install-git + url.insteadOf gymnastics
that existed solely to work around the now-removed git+https resolution.
The image is slightly smaller (no git in the builder stage). Switched
the npm flag to the modern --omit=dev (the legacy --production printed
a warning).
If keysat-client-ts updates, regenerate vendor/ by:
cp -r server/node_modules/@keysat/licensing-client/{dist,package.json,LICENSE,README.md} \
vendor/keysat-licensing-client/
# then strip prepare/build scripts and devDeps from the copied package.json
# (or just hand-edit if the upstream package.json hasn't changed)
67 lines
2.4 KiB
Docker
67 lines
2.4 KiB
Docker
# ─────────────────────────────────────────────────────────
|
|
# Recap — StartOS 0.4 Docker image
|
|
#
|
|
# Includes: Node.js 20, Python 3, yt-dlp, ffmpeg
|
|
#
|
|
# Uses Debian slim (not Alpine) because:
|
|
# - Debian is more reliable for pip-installed packages with C deps
|
|
# ─────────────────────────────────────────────────────────
|
|
|
|
# ── Stage 1: Install Node.js dependencies ──────────────────
|
|
FROM node:20-slim AS builder
|
|
|
|
# @keysat/licensing-client is a private git repo, so we vendor its built
|
|
# output into vendor/ and reference it via a file: dep. That removes any
|
|
# need for git or credentials in the build container.
|
|
WORKDIR /app
|
|
COPY vendor/keysat-licensing-client /app/vendor/keysat-licensing-client
|
|
WORKDIR /app/server
|
|
COPY server/package.json server/package-lock.json* ./
|
|
RUN npm ci --omit=dev --ignore-scripts 2>/dev/null || npm install --omit=dev --ignore-scripts
|
|
|
|
# ── Stage 2: Final runtime image ───────────────────────────
|
|
FROM node:20-slim AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
# Install runtime dependencies:
|
|
# - dumb-init: proper PID 1 signal handling in containers
|
|
# - curl: health checks + yt-dlp binary downloads
|
|
# - python3 + pip: yt-dlp installation and updates
|
|
# - ffmpeg: audio extraction, splitting, and duration detection
|
|
# - ca-certificates: HTTPS for YouTube/Gemini API calls
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
dumb-init \
|
|
curl \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
ffmpeg \
|
|
ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& pip3 install --break-system-packages yt-dlp \
|
|
&& yt-dlp --version
|
|
|
|
# Copy Node.js app from builder
|
|
COPY --from=builder /app/server/node_modules ./server/node_modules/
|
|
COPY server/package.json ./server/
|
|
COPY server/index.js ./server/
|
|
COPY server/license.js ./server/
|
|
COPY public/ ./public/
|
|
COPY assets/ ./assets/
|
|
|
|
# Copy entrypoint scripts
|
|
COPY docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
|
|
RUN chmod +x /usr/local/bin/docker_entrypoint.sh
|
|
|
|
# Create persistent data mount point
|
|
RUN mkdir -p /data
|
|
|
|
ENV NODE_ENV=production \
|
|
PORT=3001 \
|
|
DATA_DIR=/data
|
|
|
|
EXPOSE 3001
|
|
|
|
ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]
|