kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

web-app-chess: build/runtime hardening & feature enablement

Browse Source 
Build: use Yarn 4 via Corepack; immutable install with inline builds.

Runtime: enable Corepack as user 'node', use project-local cache (/app/.yarn/cache), add curl; fix ownership.

Entrypoint: generate keys in correct dir; run 'yarn install --immutable --inline-builds' before migrations; wait for Postgres.

Config: enable matomo/css/desktop; notify 'docker compose build' on entrypoint changes.

Docs: rename README title to 'Chess'.

Ref: ChatGPT conversation (2025-09-03) — https://chatgpt.com/share/68b88126-7a6c-800f-acae-ae61ed577f46
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-03 19:56:13 +02:00
parent d5204fb5c2
commit 61c29eee60
5 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
roles/web-app-chess/templates/Dockerfile.j2
View File

@@ -12,34 +12,41 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
WORKDIR /src
RUN git clone --depth 1 --branch "${CHESS_REPO_REF}" "${CHESS_REPO_URL}" ./
# Yarn is preinstalled in Node images via corepack; enable it.
RUN corepack enable
# Install deps and build TS
RUN yarn install --frozen-lockfile && yarn build
# Use Yarn 4 for the build
RUN corepack enable && corepack prepare yarn@4.9.1 --activate && yarn -v
RUN yarn install --immutable --inline-builds
RUN yarn build
# Stage 2: runtime
FROM node:{{ CHESS_VERSION }}
WORKDIR /app
# Minimal runtime packages + dumb-init
# Minimal runtime packages + dumb-init (+ curl for healthcheck)
RUN apt-get update && apt-get install -y --no-install-recommends \
openssl dumb-init postgresql-client \
bash openssl dumb-init postgresql-client ca-certificates curl \
&& rm -rf /var/lib/apt/lists/*
# Copy built app
# Copy built app from builder
COPY --from=build /src /app
# Create data dir for signing keys & cache
RUN mkdir -p {{ CHESS_APP_DATA_DIR }} && chown -R node:node /app
VOLUME ["{{ CHESS_APP_DATA_DIR }}"]
# Entrypoint script
# Entrypoint script (root so chmod works in /usr/local/bin)
COPY {{ CHESS_ENTRYPOINT_REL }} {{ CHESS_ENTRYPOINT_INT }}
RUN chmod +x {{ CHESS_ENTRYPOINT_INT }}
# Create data dir for signing keys and Yarn cache; fix ownership
RUN mkdir -p {{ CHESS_APP_DATA_DIR }} /app/.yarn/cache /home/node \
&& chown -R node:node /app /home/node
# Use project-local yarn cache (avoid /root/.yarn)
ENV YARN_ENABLE_GLOBAL_CACHE=false
ENV YARN_CACHE_FOLDER=/app/.yarn/cache
# Switch to non-root and prep yarn 4
USER node
ENV HOME=/home/node
RUN corepack enable && corepack prepare yarn@4.9.1 --activate && yarn -v
EXPOSE {{ container_port }}
ENTRYPOINT ["dumb-init", "--"]
CMD ["{{ CHESS_ENTRYPOINT_INT }}"]