vikingowl/marktvogt.de
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
main
marktvogt.de/web/Dockerfile
T
vikingowl d170a5415a chore(deno): rewrite Dockerfile for deno runtime 
- Base: denoland/deno:debian-2.7.14 (glibc). Alpine fails because Tailwind
  4's @tailwindcss/oxide native bindings can't load under Deno's npm shim
  on musl ('Cannot find native binding').
- Two-stage build: builder runs deno install + deno task build; runtime
  copies .deno-deploy/, node_modules/, package.json/deno.json/deno.lock,
  and serve.ts.
- Runtime flags --cached-only --no-remote prevent any registry fetch on
  cold start (deno install in build stage primes the cache).
- USER nobody:nogroup, PORT=3000 to match Helm web.service.targetPort.

.dockerignore excludes node_modules, .svelte-kit, .deno-deploy, build,
env files, docs to keep build context small.
2026-05-16 02:04:26 +02:00

48 lines
1.6 KiB
Docker
Raw Permalink Blame History

FROM denoland/deno:debian-2.7.14 AS builder
WORKDIR /app
COPY package.json deno.json deno.lock ./
RUN deno install
COPY . .
# PUBLIC_API_BASE_URL is baked at build time via $env/static/public.
ARG PUBLIC_API_BASE_URL=https://api.marktvogt.de
ENV PUBLIC_API_BASE_URL=$PUBLIC_API_BASE_URL
ARG PUBLIC_TURNSTILE_SITE_KEY=1x00000000000000000000AA
ENV PUBLIC_TURNSTILE_SITE_KEY=$PUBLIC_TURNSTILE_SITE_KEY
RUN deno task build
# ─────────────────────────────────────────────
# Runtime — denoland/deno on debian-slim (glibc).
#
# Not alpine: Tailwind 4's @tailwindcss/oxide ships its native binding as an
# optional native dep (@tailwindcss/oxide-linux-x64-musl). Deno's npm shim
# refuses cross-package optional native requires under musl with the error
# "Cannot find native binding". The gnu variant resolves cleanly on glibc,
# so we use debian. `nobody` uid 65534 matches the podSecurityContext
# (group differs: nogroup on debian vs nobody on alpine — uid is what
# matters for fsGroup checks).
#
# serve.ts wraps the auto-generated .deno-deploy/server.ts so PORT / HOST
# env vars are honored (Deno.serve does not read them on its own; the
# generated server.ts hard-codes 0.0.0.0:8000).
FROM denoland/deno:debian-2.7.14
WORKDIR /app
COPY --from=builder /app/.deno-deploy ./.deno-deploy
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json /app/deno.json /app/deno.lock /app/serve.ts ./
USER nobody:nogroup
ENV NODE_ENV=production PORT=3000 HOST=0.0.0.0
EXPOSE 3000
CMD ["deno", "run", "-A", "--cached-only", "--no-remote", "serve.ts"]
Reference in New Issue View Git Blame Copy Permalink