alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c327c282e325e31f2bc6926340b882172b99c113
claudemesh/apps/broker/Dockerfile
Alejandro Gutiérrez f4bcad91b0
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Typecheck (push) Has been cancelled
Details
CI / Broker tests (Postgres) (push) Has been cancelled
Details
CI / Docker build (linux/amd64) (push) Has been cancelled
Details
refactor(deploy): trim docker images via pnpm deploy --legacy 
Use pnpm deploy to flatten each package's runtime subset into /deploy,
then copy ONLY that into the runtime stage. Catalog + workspace:*
specifiers previously forced full-workspace resolution into every
image's node_modules — unnecessary for either runtime.

Results (arm64, same smoke tests pass):
- broker:   3.26GB → 341MB  (-90%, drops all devDeps incl. drizzle-kit)
- migrate:  3.27GB → 653MB  (-80%, keeps drizzle-kit which IS runtime)

Broker /health confirms GIT_SHA build-arg still propagates (gitSha:
"30bc24f" in smoke test). Migrate still reads drizzle.config.ts and
attempts the connection correctly.

--legacy flag needed because pnpm 10 defaults to inject-workspace-
packages mode which the monorepo doesn't opt into; legacy is safe here.
--ignore-scripts on deploy skips the root postinstall (sherif lint:ws)
which has nothing to do with runtime.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 15:37:21 +01:00

46 lines
1.8 KiB
Docker
Raw Blame History

# claudemesh broker — production Dockerfile
# Bun runtime (executes .ts directly, no build step required).
# Build from repo root: docker build -f apps/broker/Dockerfile -t claudemesh-broker .
# Stage 1: resolve pnpm workspace + install deps (Bun base + standalone pnpm)
FROM oven/bun:1.2 AS deps
WORKDIR /app
# Install standalone pnpm binary (no Node needed — pnpm ships as a single ELF)
RUN apt-get update && apt-get install -y --no-install-recommends curl ca-certificates && \
curl -fsSL "https://github.com/pnpm/pnpm/releases/download/v10.25.0/pnpm-linuxstatic-x64" -o /usr/local/bin/pnpm && \
chmod +x /usr/local/bin/pnpm && \
rm -rf /var/lib/apt/lists/*
# Copy full workspace (pnpm needs lockfile + all package.jsons to resolve workspace:* and catalog:)
COPY . .
# Install all workspace deps, then flatten broker's prod subset into /deploy.
# pnpm deploy: resolves workspace:* to real copies, drops catalog: references,
# drops devDependencies (--prod), produces a self-contained runtime directory
# with only what this one package + its transitive prod deps need.
RUN pnpm install --frozen-lockfile --ignore-scripts && \
pnpm deploy --legacy --prod --ignore-scripts --filter=@claudemesh/broker /deploy
# Stage 2: minimal Bun runtime — copy only the flat /deploy subset
FROM oven/bun:1.2-slim AS runtime
WORKDIR /app
# Git SHA baked in at build-time → surfaced on /health (spec: apps/broker/DEPLOY_SPEC.md)
ARG GIT_SHA=unknown
ENV GIT_SHA=$GIT_SHA
ENV NODE_ENV=production
ENV BROKER_PORT=7900
COPY --from=deps --chown=bun:bun /deploy /app
EXPOSE 7900
HEALTHCHECK --interval=15s --timeout=5s --start-period=10s --retries=3 \
CMD bun -e "fetch('http://localhost:7900/health').then(r=>{process.exit(r.ok?0:1)}).catch(()=>process.exit(1))"
# Non-root user (oven/bun image ships with 'bun' uid 1000)
USER bun
CMD ["bun", "src/index.ts"]
Reference in New Issue View Git Blame Copy Permalink