mirror of
https://github.com/sourcebot-dev/sourcebot.git
synced 2025-12-11 20:05:25 +00:00
3d85a0595c
Some checks are pending
Publish to ghcr / build (linux/amd64, blacksmith-4vcpu-ubuntu-2404) (push) Waiting to run
Publish to ghcr / build (linux/arm64, blacksmith-8vcpu-ubuntu-2204-arm) (push) Waiting to run
Publish to ghcr / merge (push) Blocked by required conditions
Update Roadmap Released / update (push) Waiting to run
* fix: add support for anyuid to Dockerfile * changelog --------- Co-authored-by: Cade Schlaefli <cade.schlaefli@mouser.com> Co-authored-by: Brendan Kellam <bshizzle1234@gmail.com>
269 lines
No EOL
10 KiB
Docker
269 lines
No EOL
10 KiB
Docker
# syntax=docker/dockerfile:1
|
|
# ------ Global scope variables ------
|
|
|
|
# Set of global build arguments.
|
|
# These are considered "public" and will be baked into the image.
|
|
# The convention is to prefix these with `NEXT_PUBLIC_` so that
|
|
# they can be optionally be passed as client-side environment variables
|
|
# in the webapp.
|
|
# @see: https://docs.docker.com/build/building/variables/#scoping
|
|
|
|
ARG NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
|
|
ARG NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
|
|
ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
|
|
ARG NEXT_PUBLIC_SENTRY_BACKEND_DSN
|
|
ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
|
|
ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
|
|
|
|
FROM node:20-alpine3.19 AS node-alpine
|
|
FROM golang:1.23.4-alpine3.19 AS go-alpine
|
|
# ----------------------------------
|
|
|
|
# ------ Build Zoekt ------
|
|
FROM go-alpine AS zoekt-builder
|
|
RUN apk add --no-cache ca-certificates
|
|
WORKDIR /zoekt
|
|
COPY vendor/zoekt/go.mod vendor/zoekt/go.sum ./
|
|
RUN go mod download
|
|
COPY vendor/zoekt ./
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -o /cmd/ ./cmd/...
|
|
# -------------------------
|
|
|
|
# ------ Build shared libraries ------
|
|
FROM node-alpine AS shared-libs-builder
|
|
WORKDIR /app
|
|
|
|
COPY package.json yarn.lock* .yarnrc.yml ./
|
|
COPY .yarn ./.yarn
|
|
COPY ./packages/db ./packages/db
|
|
COPY ./packages/schemas ./packages/schemas
|
|
COPY ./packages/shared ./packages/shared
|
|
COPY ./packages/queryLanguage ./packages/queryLanguage
|
|
|
|
RUN yarn workspace @sourcebot/db install
|
|
RUN yarn workspace @sourcebot/schemas install
|
|
RUN yarn workspace @sourcebot/shared install
|
|
RUN yarn workspace @sourcebot/query-language install
|
|
# ------------------------------------
|
|
|
|
# ------ Build Web ------
|
|
FROM node-alpine AS web-builder
|
|
ENV SKIP_ENV_VALIDATION=1
|
|
# -----------
|
|
ARG NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
|
|
ENV NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT
|
|
ARG NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
|
|
ENV NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT=$NEXT_PUBLIC_SOURCEBOT_CLOUD_ENVIRONMENT
|
|
ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
|
|
ENV NEXT_PUBLIC_SENTRY_WEBAPP_DSN=$NEXT_PUBLIC_SENTRY_WEBAPP_DSN
|
|
ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
|
|
ENV NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=$NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
|
|
ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
|
|
ENV NEXT_PUBLIC_LANGFUSE_BASE_URL=$NEXT_PUBLIC_LANGFUSE_BASE_URL
|
|
|
|
# To upload source maps to Sentry, we need to set the following build-time args.
|
|
# It's important that we don't set these for oss builds, otherwise the Sentry
|
|
# auth token will be exposed.
|
|
# @see : next.config.mjs
|
|
ARG SENTRY_ORG
|
|
ENV SENTRY_ORG=$SENTRY_ORG
|
|
ARG SENTRY_WEBAPP_PROJECT
|
|
ENV SENTRY_WEBAPP_PROJECT=$SENTRY_WEBAPP_PROJECT
|
|
ENV SENTRY_RELEASE=$NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
# SMUAT = Source Map Upload Auth Token
|
|
ARG SENTRY_SMUAT
|
|
ENV SENTRY_SMUAT=$SENTRY_SMUAT
|
|
# -----------
|
|
|
|
RUN apk add --no-cache libc6-compat
|
|
WORKDIR /app
|
|
|
|
COPY package.json yarn.lock* .yarnrc.yml ./
|
|
COPY .yarn ./.yarn
|
|
COPY ./packages/web ./packages/web
|
|
COPY --from=shared-libs-builder /app/node_modules ./node_modules
|
|
COPY --from=shared-libs-builder /app/packages/db ./packages/db
|
|
COPY --from=shared-libs-builder /app/packages/schemas ./packages/schemas
|
|
COPY --from=shared-libs-builder /app/packages/shared ./packages/shared
|
|
COPY --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
|
|
|
|
# Fixes arm64 timeouts
|
|
RUN yarn workspace @sourcebot/web install
|
|
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
RUN yarn workspace @sourcebot/web build
|
|
ENV SKIP_ENV_VALIDATION=0
|
|
# ------------------------------
|
|
|
|
# ------ Build Backend ------
|
|
FROM node-alpine AS backend-builder
|
|
ENV SKIP_ENV_VALIDATION=1
|
|
# -----------
|
|
ARG NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
|
|
# To upload source maps to Sentry, we need to set the following build-time args.
|
|
# It's important that we don't set these for oss builds, otherwise the Sentry
|
|
# auth token will be exposed.
|
|
ARG SENTRY_ORG
|
|
ENV SENTRY_ORG=$SENTRY_ORG
|
|
ARG SENTRY_BACKEND_PROJECT
|
|
ENV SENTRY_BACKEND_PROJECT=$SENTRY_BACKEND_PROJECT
|
|
# SMUAT = Source Map Upload Auth Token
|
|
ARG SENTRY_SMUAT
|
|
ENV SENTRY_SMUAT=$SENTRY_SMUAT
|
|
# -----------
|
|
|
|
WORKDIR /app
|
|
|
|
COPY package.json yarn.lock* .yarnrc.yml ./
|
|
COPY .yarn ./.yarn
|
|
COPY ./schemas ./schemas
|
|
COPY ./packages/backend ./packages/backend
|
|
COPY --from=shared-libs-builder /app/node_modules ./node_modules
|
|
COPY --from=shared-libs-builder /app/packages/db ./packages/db
|
|
COPY --from=shared-libs-builder /app/packages/schemas ./packages/schemas
|
|
COPY --from=shared-libs-builder /app/packages/shared ./packages/shared
|
|
COPY --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
|
|
RUN yarn workspace @sourcebot/backend install
|
|
RUN yarn workspace @sourcebot/backend build
|
|
|
|
# Upload source maps to Sentry if we have the necessary build-time args.
|
|
RUN if [ -n "$SENTRY_SMUAT" ] && [ -n "$SENTRY_ORG" ] && [ -n "$SENTRY_BACKEND_PROJECT" ] && [ -n "$NEXT_PUBLIC_SOURCEBOT_VERSION" ]; then \
|
|
apk add --no-cache curl; \
|
|
curl -sL https://sentry.io/get-cli/ | sh; \
|
|
sentry-cli login --auth-token $SENTRY_SMUAT; \
|
|
sentry-cli sourcemaps inject --org $SENTRY_ORG --project $SENTRY_BACKEND_PROJECT --release $NEXT_PUBLIC_SOURCEBOT_VERSION ./packages/backend/dist; \
|
|
sentry-cli sourcemaps upload --org $SENTRY_ORG --project $SENTRY_BACKEND_PROJECT --release $NEXT_PUBLIC_SOURCEBOT_VERSION ./packages/backend/dist; \
|
|
fi
|
|
|
|
ENV SKIP_ENV_VALIDATION=0
|
|
# ------------------------------
|
|
|
|
# ------ Runner ------
|
|
FROM node-alpine AS runner
|
|
# -----------
|
|
ARG NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ENV NEXT_PUBLIC_SOURCEBOT_VERSION=$NEXT_PUBLIC_SOURCEBOT_VERSION
|
|
ARG NEXT_PUBLIC_SENTRY_ENVIRONMENT
|
|
ENV NEXT_PUBLIC_SENTRY_ENVIRONMENT=$NEXT_PUBLIC_SENTRY_ENVIRONMENT
|
|
ARG NEXT_PUBLIC_SENTRY_WEBAPP_DSN
|
|
ENV NEXT_PUBLIC_SENTRY_WEBAPP_DSN=$NEXT_PUBLIC_SENTRY_WEBAPP_DSN
|
|
ARG NEXT_PUBLIC_SENTRY_BACKEND_DSN
|
|
ENV NEXT_PUBLIC_SENTRY_BACKEND_DSN=$NEXT_PUBLIC_SENTRY_BACKEND_DSN
|
|
ARG NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
|
|
ENV NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY=$NEXT_PUBLIC_LANGFUSE_PUBLIC_KEY
|
|
ARG NEXT_PUBLIC_LANGFUSE_BASE_URL
|
|
ENV NEXT_PUBLIC_LANGFUSE_BASE_URL=$NEXT_PUBLIC_LANGFUSE_BASE_URL
|
|
# -----------
|
|
|
|
RUN echo "Sourcebot Version: $NEXT_PUBLIC_SOURCEBOT_VERSION"
|
|
|
|
WORKDIR /app
|
|
ENV NODE_ENV=production
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
ENV DATA_DIR=/data
|
|
ENV DATA_CACHE_DIR=$DATA_DIR/.sourcebot
|
|
ENV DATABASE_DATA_DIR=$DATA_CACHE_DIR/db
|
|
ENV REDIS_DATA_DIR=$DATA_CACHE_DIR/redis
|
|
ENV SOURCEBOT_PUBLIC_KEY_PATH=/app/public.pem
|
|
# PAPIK = Project API Key
|
|
# Note that this key does not need to be kept secret, so it's not
|
|
# necessary to use Docker build secrets here.
|
|
# @see: https://posthog.com/tutorials/api-capture-events#authenticating-with-the-project-api-key
|
|
# @note: this is also declared in the shared env.server.ts file.
|
|
ENV POSTHOG_PAPIK=phc_lLPuFFi5LH6c94eFJcqvYVFwiJffVcV6HD8U4a1OnRW
|
|
|
|
# Valid values are: debug, info, warn, error
|
|
ENV SOURCEBOT_LOG_LEVEL=info
|
|
|
|
# Sourcebot collects anonymous usage data using [PostHog](https://posthog.com/). Uncomment this line to disable.
|
|
# ENV SOURCEBOT_TELEMETRY_DISABLED=1
|
|
|
|
# Configure dependencies
|
|
RUN apk add --no-cache git ca-certificates bind-tools tini jansson wget supervisor uuidgen curl perl jq redis postgresql postgresql-contrib openssl util-linux unzip
|
|
|
|
ARG UID=1500
|
|
ARG GID=1500
|
|
|
|
# Always create the non-root user to support runtime user switching
|
|
# The container can be run as root (default) or as sourcebot user using docker run --user
|
|
RUN addgroup -g $GID sourcebot && \
|
|
adduser -D -u $UID -h /app -S sourcebot && \
|
|
adduser sourcebot postgres && \
|
|
adduser sourcebot redis && \
|
|
chown -R sourcebot /app && \
|
|
adduser sourcebot node && \
|
|
mkdir /var/log/sourcebot && \
|
|
chown sourcebot /var/log/sourcebot
|
|
|
|
COPY package.json yarn.lock* .yarnrc.yml public.pem ./
|
|
COPY .yarn ./.yarn
|
|
|
|
# Configure zoekt
|
|
COPY vendor/zoekt/install-ctags-alpine.sh .
|
|
RUN ./install-ctags-alpine.sh && rm install-ctags-alpine.sh
|
|
RUN mkdir -p ${DATA_CACHE_DIR}
|
|
COPY --from=zoekt-builder \
|
|
/cmd/zoekt-git-index \
|
|
/cmd/zoekt-indexserver \
|
|
/cmd/zoekt-mirror-github \
|
|
/cmd/zoekt-mirror-gitiles \
|
|
/cmd/zoekt-mirror-bitbucket-server \
|
|
/cmd/zoekt-mirror-gitlab \
|
|
/cmd/zoekt-mirror-gerrit \
|
|
/cmd/zoekt-webserver \
|
|
/cmd/zoekt-index \
|
|
/usr/local/bin/
|
|
|
|
RUN chown -R sourcebot:sourcebot /app
|
|
|
|
# Copy zoekt proto files (needed for gRPC client at runtime)
|
|
COPY --chown=sourcebot:sourcebot vendor/zoekt/grpc/protos /app/vendor/zoekt/grpc/protos
|
|
|
|
# Copy all of the things
|
|
COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/public ./packages/web/public
|
|
COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/.next/standalone ./
|
|
COPY --chown=sourcebot:sourcebot --from=web-builder /app/packages/web/.next/static ./packages/web/.next/static
|
|
|
|
COPY --chown=sourcebot:sourcebot --from=backend-builder /app/node_modules ./node_modules
|
|
COPY --chown=sourcebot:sourcebot --from=backend-builder /app/packages/backend ./packages/backend
|
|
|
|
COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/db ./packages/db
|
|
COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/schemas ./packages/schemas
|
|
COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/shared ./packages/shared
|
|
COPY --chown=sourcebot:sourcebot --from=shared-libs-builder /app/packages/queryLanguage ./packages/queryLanguage
|
|
|
|
# Fixes git "dubious ownership" issues when the volume is mounted with different permissions to the container.
|
|
RUN git config --global safe.directory "*"
|
|
|
|
# Configure the database
|
|
RUN mkdir -p /run/postgresql && \
|
|
chown -R postgres:postgres /run/postgresql && \
|
|
chmod 775 /run/postgresql
|
|
|
|
# Make app directory accessible to both root and sourcebot user
|
|
RUN chown -R sourcebot /app \
|
|
&& chgrp -R 0 /app \
|
|
&& chmod -R g=u /app
|
|
# Make data directory accessible to both root and sourcebot user
|
|
RUN chown -R sourcebot /data
|
|
|
|
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
|
|
COPY prefix-output.sh ./prefix-output.sh
|
|
RUN chmod +x ./prefix-output.sh
|
|
COPY entrypoint.sh ./entrypoint.sh
|
|
RUN chmod +x ./entrypoint.sh
|
|
|
|
# Note: for back-compat cases, we do _not_ set the USER directive here.
|
|
# Instead, the user can be overridden at runtime with --user flag.
|
|
# USER sourcebot
|
|
|
|
EXPOSE 3000
|
|
ENV PORT=3000
|
|
ENV HOSTNAME="0.0.0.0"
|
|
ENTRYPOINT ["/sbin/tini", "--", "./entrypoint.sh"]
|
|
# ------------------------------ |