trm/tcp-ingestion
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add slim Phase 1 task 1.11 (Dockerfile + Gitea workflow) for pilot deploy

Browse Source 
- Multi-stage Dockerfile (Node 22 alpine, BuildKit cache, non-root user).
  HEALTHCHECK and metrics port (9090) deferred until task 1.10 ships;
  comments document the resume.
- .gitea/workflows/build.yml — single build job following the pattern
  of other TRM repos (no services/container, ubuntu-latest direct).
  Tests + typecheck + lint inline; image tagged :main.
- compose.dev.yaml — local-build variant for verifying Dockerfile
  changes pre-push. Production deploy lives in the sibling deploy/ repo.
- .env.example documenting all runtime env vars.
- README updated to point at deploy/ for production and explain CI.
- Task 1.11 marked done (slim variant) in ROADMAP and task file.
This commit is contained in:
Julian Çuni
2026-04-30 17:29:45 +02:00
parent 90d6a73a60
commit dda53bec16
8 changed files with 282 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+32
View File
@@ -0,0 +1,32 @@
# syntax=docker/dockerfile:1.7
# ---- deps stage: install with cache-friendly pnpm fetch ----
FROM node:22-alpine AS deps
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@latest-9 --activate
COPY package.json pnpm-lock.yaml ./
RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
pnpm fetch
# ---- build stage: compile TypeScript ----
FROM deps AS build
COPY . .
RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
pnpm install --frozen-lockfile --offline
RUN pnpm build
RUN pnpm prune --prod
# ---- runtime: slim, non-root ----
FROM node:22-alpine AS runtime
WORKDIR /app
RUN addgroup -S app && adduser -S -G app app
COPY --from=build --chown=app:app /app/node_modules ./node_modules
COPY --from=build --chown=app:app /app/dist ./dist
COPY --from=build --chown=app:app /app/package.json ./package.json
USER app
# Only the TCP port is exposed. METRICS_PORT (9090) is in the config schema but
# no HTTP server runs today — task 1.10 (observability) adds that server.
EXPOSE 5027
# HEALTHCHECK deferred — re-add `wget -qO- http://localhost:${METRICS_PORT}/readyz`
# when task 1.10 (observability) ships and the HTTP server is running.
CMD ["node", "dist/main.js"]