From 7fe4b2556334f2b3d0b5a9068ebea78f27c32472 Mon Sep 17 00:00:00 2001 From: jarek Date: Sun, 5 Apr 2026 06:39:53 +0200 Subject: [PATCH] Dockerfile for baseline builds --- Dockerfile.baseline | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/Dockerfile.baseline b/Dockerfile.baseline index 9418786..73093ab 100644 --- a/Dockerfile.baseline +++ b/Dockerfile.baseline @@ -18,25 +18,33 @@ FROM node:24-alpine AS app-builder WORKDIR /app # Install build dependencies -RUN apk add --no-cache git curl python3 make g++ +RUN apk add --no-cache git curl python3 make g++ gcc musl-dev -# Copy package files and install dependencies +# Build getrandom shim for old kernels (< 3.17) that lack the syscall +COPY shims/getrandom-shim.c /tmp/ +RUN gcc -shared -fPIC -O2 -o /tmp/libgetrandom-shim.so /tmp/getrandom-shim.c + +# Copy package files and install dependencies (--ignore-scripts blocks malicious postinstall hooks) COPY package.json package-lock.json ./ -RUN npm ci +RUN npm ci --ignore-scripts \ + && npm rebuild better-sqlite3 argon2 # Copy source code and build COPY . . RUN npm run build -# Production dependencies only (rebuilds native addons against musl) -RUN rm -rf node_modules \ - && npm ci --omit=dev \ - && rm -rf node_modules/@types +# Production dependencies only +# Preserve better-sqlite3 native addon (no prebuilds exist for Node 24 ABI 137) +RUN cp -r node_modules/better-sqlite3/build /tmp/better-sqlite3-build \ + && rm -rf node_modules \ + && npm ci --omit=dev --ignore-scripts \ + && cp -r /tmp/better-sqlite3-build node_modules/better-sqlite3/build \ + && rm -rf node_modules/@types /tmp/better-sqlite3-build # ----------------------------------------------------------------------------- # Stage 2: Go Collector Builder # ----------------------------------------------------------------------------- -FROM golang:1.24 AS go-builder +FROM golang:1.25.8 AS go-builder WORKDIR /app COPY collector/ ./collector/ RUN cd collector && CGO_ENABLED=0 go build -o /app/bin/collection-worker . @@ -62,9 +70,10 @@ RUN apk add --no-cache \ su-exec \ libstdc++ -# Create docker compose plugin symlink +# Create docker compose plugin symlink (skip if package already installed it there) RUN mkdir -p /usr/libexec/docker/cli-plugins \ - && ln -sf /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose + && [ -x /usr/libexec/docker/cli-plugins/docker-compose ] \ + || ln -sf /usr/bin/docker-compose /usr/libexec/docker/cli-plugins/docker-compose # Create dockhand user and group RUN addgroup -g 1001 dockhand \ @@ -80,7 +89,8 @@ ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \ DATA_DIR=/app/data \ HOME=/home/dockhand \ PUID=1001 \ - PGID=1001 + PGID=1001 \ + LD_PRELOAD=/usr/lib/libgetrandom-shim.so # Copy application files with correct ownership COPY --from=app-builder --chown=dockhand:dockhand /app/node_modules ./node_modules @@ -98,6 +108,9 @@ COPY --chown=dockhand:dockhand drizzle-pg/ ./drizzle-pg/ # Copy legal documents COPY --chown=dockhand:dockhand LICENSE.txt PRIVACY.txt ./ +# Copy getrandom shim for old kernels (Synology DS1513+ with kernel 3.10.x) +COPY --from=app-builder /tmp/libgetrandom-shim.so /usr/lib/libgetrandom-shim.so + # Copy entrypoint script COPY docker-entrypoint-node.sh /usr/local/bin/docker-entrypoint.sh RUN chmod +x /usr/local/bin/docker-entrypoint.sh @@ -113,7 +126,7 @@ RUN mkdir -p /home/dockhand/.dockhand/stacks /app/data \ EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD curl -f http://localhost:3000/ || exit 1 + CMD curl -f http://localhost:${PORT:-3000}/ || exit 1 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"] -CMD ["node", "/app/server.js"] +CMD []