From 641f00de961da2afd599a88b64b6ccd9ce58a32c Mon Sep 17 00:00:00 2001 From: wood chen Date: Sat, 14 Jun 2025 17:54:44 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0Dockerfile=E4=BB=A5=E4=BC=98?= =?UTF-8?q?=E5=8C=96=E5=89=8D=E5=90=8E=E7=AB=AF=E6=9E=84=E5=BB=BA=E6=B5=81?= =?UTF-8?q?=E7=A8=8B=EF=BC=8C=E6=B7=BB=E5=8A=A0=E5=BF=85=E8=A6=81=E7=9A=84?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6=E5=A4=8D=E5=88=B6=EF=BC=8C?= =?UTF-8?q?=E8=B0=83=E6=95=B4=E7=94=A8=E6=88=B7=E6=9D=83=E9=99=90=EF=BC=8C?= =?UTF-8?q?=E5=A2=9E=E5=BC=BA=E5=AE=89=E5=85=A8=E6=80=A7=E3=80=82=E5=90=8C?= =?UTF-8?q?=E6=97=B6=E6=9B=B4=E6=96=B0.gitignore=E4=BB=A5=E6=8E=92?= =?UTF-8?q?=E9=99=A4=E6=96=B0=E7=94=9F=E6=88=90=E7=9A=84=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=92=8C=E7=9B=AE=E5=BD=95=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .dockerignore | 29 ++++++++++++++++++++---- .github/workflows/docker.yml | 22 +++++++++++++++++- Dockerfile | 44 ++++++++++++++++++++++++++---------- 3 files changed, 78 insertions(+), 17 deletions(-) diff --git a/.dockerignore b/.dockerignore index 2c03eb2..1ef2a46 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,7 @@ # Git .git .gitignore +.gitattributes # IDE .vscode @@ -8,10 +9,12 @@ *.swp *.swo *~ +.cursor/ # OS .DS_Store Thumbs.db +desktop.ini # Logs *.log @@ -19,9 +22,10 @@ logs/ data/logs/ data/server.log -# Database +# Database and runtime data data/data.db data/stats.json +data/ # Build artifacts random-api-go.exe @@ -29,8 +33,16 @@ random-api-go random-api-test *.exe +# Node.js build artifacts (will be rebuilt in Docker) +web/node_modules/ +web/.next/ +web/out/ +web/.turbo/ + # Go vendor/ +*.test +*.prof # Docker docker-compose*.yml @@ -40,8 +52,17 @@ test-build.sh *.md DOCKER_DEPLOYMENT.md +# Environment and config +.env* +!.env.example + +# GitHub +.github/ + # Misc -.env -.env.local -.env.example +*.tmp +*.temp +.cache/ + +# README README.md \ No newline at end of file diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 392461f..9548983 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -33,12 +33,18 @@ jobs: uses: actions/setup-go@v4 with: go-version: '1.23' + cache: true - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + with: + driver-opts: | + network=host + buildkitd-flags: | + --allow-insecure-entitlement network.host - name: Login to Docker Hub uses: docker/login-action@v3 @@ -46,16 +52,30 @@ jobs: username: woodchen password: ${{ secrets.ACCESS_TOKEN }} + - name: Extract metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: woodchen/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=ref,event=pr + type=sha,prefix={{branch}}- + type=raw,value=latest,enable={{is_default_branch}} + - name: Build and push multi-arch image uses: docker/build-push-action@v5 with: context: . file: Dockerfile push: true - tags: woodchen/${{ env.IMAGE_NAME }}:latest + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} platforms: linux/amd64,linux/arm64 cache-from: type=gha cache-to: type=gha,mode=max + build-args: | + BUILDKIT_INLINE_CACHE=1 - name: Execute deployment commands uses: appleboy/ssh-action@master diff --git a/Dockerfile b/Dockerfile index 0d5f31c..38d8a1b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,14 +3,26 @@ FROM node:20-alpine AS frontend-builder WORKDIR /app/web -# 复制前端依赖文件 +# 复制前端依赖文件(优先缓存依赖层) COPY web/package*.json ./ # 安装前端依赖(包括开发依赖,构建需要) -RUN npm ci +RUN npm ci --prefer-offline --no-audit --progress=false -# 复制前端源代码 -COPY web/ ./ +# 复制前端配置文件 +COPY web/next.config.ts ./ +COPY web/tsconfig.json ./ +COPY web/postcss.config.mjs ./ +COPY web/components.json ./ +COPY web/eslint.config.mjs ./ +COPY web/next-env.d.ts ./ + +# 复制前端源代码目录 +COPY web/app ./app +COPY web/components ./components +COPY web/lib ./lib +COPY web/types ./types +COPY web/public ./public # 构建前端静态文件 RUN npm run build @@ -21,27 +33,31 @@ FROM golang:1.23-alpine AS backend-builder WORKDIR /app # 安装必要的工具 -RUN apk add --no-cache git +RUN apk add --no-cache git ca-certificates tzdata -# 复制 go.mod 和 go.sum 文件 +# 复制 go.mod 和 go.sum 文件(优先缓存依赖层) COPY go.mod go.sum ./ # 下载依赖 -RUN go mod download +RUN go mod download && go mod verify # 复制后端源代码 COPY . . # 构建后端应用 -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o random-api . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \ + -ldflags='-w -s -extldflags "-static"' \ + -a -installsuffix cgo \ + -o random-api . # 运行阶段 FROM alpine:latest # 安装必要的工具 -RUN apk --no-cache add ca-certificates tzdata tini +RUN apk --no-cache add ca-certificates tzdata tini && \ + adduser -D -s /bin/sh appuser -WORKDIR /root/ +WORKDIR /app # 从后端构建阶段复制二进制文件 COPY --from=backend-builder /app/random-api . @@ -49,8 +65,12 @@ COPY --from=backend-builder /app/random-api . # 从前端构建阶段复制静态文件 COPY --from=frontend-builder /app/web/out ./web/out -# 创建必要的目录 -RUN mkdir -p /root/data/logs +# 创建必要的目录并设置权限 +RUN mkdir -p /app/data/logs && \ + chown -R appuser:appuser /app + +# 切换到非root用户 +USER appuser # 暴露端口 EXPOSE 5003