feat: 🎸 update Docker image to use best practices

SSHari · SSHari · commit 04ce02bb5d23 · 2023-07-18T16:10:13.000-04:00
diff --git a/.dockerignore b/.dockerignore
@@ -3,6 +3,7 @@
 .github
 # editor
 .idea
+.vscode
 # dependencies
 node_modules
 .pnp
@@ -34,4 +35,11 @@ cypress/screenshots
 cypress/videos
 
 apps/**/styles/tailwind.css
-packages/**/styles/tailwind.css
+packages/**/styles/tailwind.css
+
+.changeset
+examples
+CHANGESETS.md
+CONTRIBUTING.md
+README.md
+LICENSE
diff --git a/apps/webapp/package.json b/apps/webapp/package.json
@@ -36,6 +36,7 @@
     "@codemirror/view": "^6.5.0",
     "@conform-to/react": "^0.6.1",
     "@conform-to/zod": "^0.6.1",
+    "@godaddy/terminus": "^4.12.1",
     "@headlessui/react": "^1.7.8",
     "@heroicons/react": "^2.0.12",
     "@highlight-run/node": "^3.1.0",
@@ -173,4 +174,4 @@
   "engines": {
     "node": ">=16.0.0"
   }
-}
+}
diff --git a/apps/webapp/server.ts b/apps/webapp/server.ts
@@ -3,6 +3,7 @@ import express from "express";
 import compression from "compression";
 import morgan from "morgan";
 import { createRequestHandler } from "@remix-run/express";
+import { createTerminus } from "@godaddy/terminus";
 
 const app = express();
 
@@ -56,12 +57,15 @@ app.all(
 
 const port = process.env.REMIX_APP_PORT || 3000;
 
-app.listen(port, () => {
+const server = app.listen(port, () => {
   // require the built app so we're ready when the first request comes in
   require(BUILD_DIR);
   console.log(`✅ app ready: http://localhost:${port}`);
 });
 
+// Handle shutdowns gracefully
+createTerminus(server, { signals: ["SIGINT", "SIGTERM"], timeout: 5000 });
+
 function purgeRequireCache() {
   // purge require cache on requests for "server side HMR" this won't let
   // you have in-memory objects between requests in development,
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,19 +1,19 @@
-FROM node:18 AS pruner
+FROM node:18.16.1-bullseye-slim AS pruner
 
 WORKDIR /triggerdotdev
 
-COPY . .
+COPY --chown=node:node . .
 RUN npx -q turbo prune --scope=webapp --docker
 RUN find . -name "node_modules" -type d -prune -exec rm -rf '{}' +
 
 # Base strategy to have layer caching
-FROM node:18 AS base
-RUN apt-get update && apt-get install -y openssl
+FROM node:18.16.1-bullseye-slim AS base
+RUN apt-get update && apt-get install -y openssl dumb-init
 WORKDIR /triggerdotdev
-COPY .gitignore .gitignore
-COPY --from=pruner /triggerdotdev/out/json/ .
-COPY --from=pruner /triggerdotdev/out/pnpm-lock.yaml ./pnpm-lock.yaml
-COPY --from=pruner /triggerdotdev/out/pnpm-workspace.yaml ./pnpm-workspace.yaml
+COPY --chown=node:node .gitignore .gitignore
+COPY --from=pruner --chown=node:node /triggerdotdev/out/json/ .
+COPY --from=pruner --chown=node:node /triggerdotdev/out/pnpm-lock.yaml ./pnpm-lock.yaml
+COPY --from=pruner --chown=node:node /triggerdotdev/out/pnpm-workspace.yaml ./pnpm-workspace.yaml
 
 ## Dev deps
 FROM base AS dev-deps
@@ -30,41 +30,43 @@ WORKDIR /triggerdotdev
 RUN corepack enable
 ENV NODE_ENV production
 RUN pnpm install --prod --no-frozen-lockfile
-COPY --from=pruner /triggerdotdev/packages/database/prisma/schema.prisma /triggerdotdev/packages/database/prisma/schema.prisma
+COPY --from=pruner --chown=node:node /triggerdotdev/packages/database/prisma/schema.prisma /triggerdotdev/packages/database/prisma/schema.prisma
 RUN pnpx prisma@^4.16.0 generate --schema /triggerdotdev/packages/database/prisma/schema.prisma
 
 ## Builder (builds the webapp)
 FROM base AS builder
 WORKDIR /triggerdotdev
 # Corepack is used to install pnpm
 RUN corepack enable
-COPY --from=pruner /triggerdotdev/out/full/ .
-COPY --from=dev-deps /triggerdotdev/ .
-COPY turbo.json turbo.json
-COPY docker/scripts ./scripts
+COPY --from=pruner --chown=node:node /triggerdotdev/out/full/ .
+COPY --from=dev-deps --chown=node:node /triggerdotdev/ .
+COPY --chown=node:node turbo.json turbo.json
+COPY --chown=node:node docker/scripts ./scripts
 RUN chmod +x ./scripts/wait-for-it.sh
 RUN chmod +x ./scripts/entrypoint.sh
 RUN pnpm run generate
 RUN pnpm run build --filter=webapp...
 
 # Runner
-FROM node:18 AS runner
+FROM node:18.16.1-bullseye-slim AS runner
 RUN apt-get update && apt-get install -y openssl
 WORKDIR /triggerdotdev
 RUN corepack enable
 ENV NODE_ENV production
 
-COPY --from=pruner /triggerdotdev/out/full/ .
-COPY --from=production-deps /triggerdotdev .
-COPY --from=builder /triggerdotdev/apps/webapp/build/server.js ./apps/webapp/build/server.js
-COPY --from=builder /triggerdotdev/apps/webapp/build ./apps/webapp/build
-COPY --from=builder /triggerdotdev/apps/webapp/public ./apps/webapp/public
-COPY --from=builder /triggerdotdev/scripts ./scripts
+COPY --from=base /usr/bin/dumb-init /usr/bin/dumb-init
+COPY --from=pruner --chown=node:node /triggerdotdev/out/full/ .
+COPY --from=production-deps --chown=node:node /triggerdotdev .
+COPY --from=builder --chown=node:node /triggerdotdev/apps/webapp/build/server.js ./apps/webapp/build/server.js
+COPY --from=builder --chown=node:node /triggerdotdev/apps/webapp/build ./apps/webapp/build
+COPY --from=builder --chown=node:node /triggerdotdev/apps/webapp/public ./apps/webapp/public
+COPY --from=builder --chown=node:node /triggerdotdev/scripts ./scripts
 
 EXPOSE 3000
 
 # This is needed to run migrations in the entrypoint.sh script (TODO: figure out a better way to do this)
 RUN npm install -g prisma@4.16.0
 RUN npm install -g ts-node@10.9.1
 
-CMD ["./scripts/entrypoint.sh"]
+USER node
+CMD ["./scripts/entrypoint.sh"]
diff --git a/docker/scripts/entrypoint.sh b/docker/scripts/entrypoint.sh
@@ -9,4 +9,4 @@ npx --no-install prisma migrate deploy --schema /triggerdotdev/packages/database
 npx --no-install ts-node --transpile-only /triggerdotdev/apps/webapp/prisma/seed.ts
 
 cd /triggerdotdev/apps/webapp
-exec pnpm run start
+exec dumb-init pnpm run start
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
