fix(ci): lowercase GHCR owner tags and harden frontend runtime image

2026-03-07 21:18:21 +00:00
parent 7cf1b783ae
commit f11a5051c6
10 changed files with 111 additions and 26 deletions
--- a/frontend/Dockerfile
+++ b/frontend/Dockerfile
@@ -1,5 +1,5 @@
 # Use this image as the platform to build the app
-FROM node:22-alpine AS external-website
+FROM node:22-alpine AS builder

 # Metadata labels for the AdventureLog image
 LABEL maintainer="Sean Morley" \
@@ -42,6 +42,28 @@ RUN pnpm run build
 # Make startup script executable
 RUN chmod +x ./startup.sh

+# Keep only production dependencies for runtime image
+RUN CI=true pnpm prune --prod
+
+# Runtime image contains only built app + runtime deps
+FROM node:22-alpine AS runtime
+
+WORKDIR /app
+
+# Upgrade zlib and remove npm toolchain from runtime image
+RUN apk upgrade --no-cache zlib \
+    && rm -f /usr/local/bin/npm /usr/local/bin/npx \
+    && rm -rf /usr/local/lib/node_modules/npm /usr/local/lib/node_modules/corepack
+
+# Copy build artifacts and production runtime dependencies
+COPY --from=builder /app/build ./build
+COPY --from=builder /app/node_modules ./node_modules
+COPY --from=builder /app/package.json ./package.json
+COPY --from=builder /app/startup.sh ./startup.sh
+
+# Ensure startup script is executable
+RUN chmod +x ./startup.sh
+
 # Change to non-root user for security
 USER node:node