recap/Dockerfile

# ─────────────────────────────────────────────────────────
#  Recap — StartOS 0.4 Docker image
#
#  Includes: Node.js 20, Python 3, yt-dlp, ffmpeg
#
#  Uses Debian slim (not Alpine) because:
#  - Debian is more reliable for pip-installed packages with C deps
# ─────────────────────────────────────────────────────────

# ── Stage 1: Install Node.js dependencies ──────────────────
FROM node:20-slim AS builder

# @keysat/licensing-client is a private git repo, so we vendor its built
# output into vendor/ and reference it via a file: dep. That removes any
# need for git or credentials in the build container.
#
# The vendor package needs its own node_modules (for @noble/ed25519 etc.)
# because npm's file: deps create a symlink, and Node's module resolver
# walking up from a symlinked location won't find the parent project's
# node_modules. Installing inside the vendor dir is the simplest fix.
WORKDIR /app
COPY vendor/keysat-licensing-client /app/vendor/keysat-licensing-client
WORKDIR /app/vendor/keysat-licensing-client
RUN npm install --omit=dev --ignore-scripts
WORKDIR /app/server
COPY server/package.json server/package-lock.json* ./
RUN npm ci --omit=dev --ignore-scripts 2>/dev/null || npm install --omit=dev --ignore-scripts

# better-sqlite3 is a native (C++) module — `--ignore-scripts` above
# skips the postinstall hook that fetches its prebuilt binary for our
# platform. Rebuild it explicitly so prebuild-install runs. python3 +
# make + g++ are the fallback toolchain if no prebuilt matches (e.g.
# on uncommon arches); on linux-x64/arm64 the prebuild downloads in
# seconds and the compiler is never invoked. This stage is discarded
# from the final image, so the install footprint doesn't matter.
RUN apt-get update && apt-get install -y --no-install-recommends \
      python3 make g++ \
  && npm rebuild better-sqlite3 \
  && rm -rf /var/lib/apt/lists/*

# ── Stage 2: Final runtime image ───────────────────────────
FROM node:20-slim AS runner

WORKDIR /app

# Install runtime dependencies:
#   - dumb-init: proper PID 1 signal handling in containers
#   - curl: health checks + yt-dlp binary downloads
#   - python3 + pip: yt-dlp installation and updates
#   - ffmpeg: audio extraction, splitting, and duration detection
#   - ca-certificates: HTTPS for YouTube/Gemini API calls
RUN apt-get update && apt-get install -y --no-install-recommends \
    dumb-init \
    curl \
    python3 \
    python3-pip \
    python3-venv \
    ffmpeg \
    ca-certificates \
  && rm -rf /var/lib/apt/lists/* \
  && pip3 install --break-system-packages yt-dlp \
  && yt-dlp --version

# Copy Node.js app from builder
COPY --from=builder /app/vendor ./vendor/
COPY --from=builder /app/server/node_modules ./server/node_modules/
COPY server/package.json ./server/
# Top-level *.js files (index.js, license.js, util.js, gemini-helpers.js,
# audio.js, ytdlp.js, cookies.js, config.js, license-middleware.js,
# history.js, library.js, admin-auth.js, …) PLUS the providers/
# subdirectory (multi-provider AI adapters). Anything new added in
# `server/<subdir>/` needs its own COPY line — the glob does not recurse.
COPY server/*.js ./server/
COPY server/providers/ ./server/providers/
COPY public/ ./public/
COPY assets/ ./assets/

# Copy entrypoint scripts
COPY docker_entrypoint.sh /usr/local/bin/docker_entrypoint.sh
RUN chmod +x /usr/local/bin/docker_entrypoint.sh

# Create persistent data mount point
RUN mkdir -p /data

ENV NODE_ENV=production \
    PORT=3001 \
    DATA_DIR=/data

EXPOSE 3001

ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker_entrypoint.sh"]