# Stage 1: Build the frontend FROM cgr.dev/chainguard/node:latest-dev AS node-builder USER root RUN npm install -g pnpm USER node WORKDIR /app COPY --chown=node:node package.json pnpm-lock.yaml ./ RUN pnpm install --frozen-lockfile COPY --chown=node:node . . RUN pnpm run build # Stage 2: Build the Go binary with embedded assets FROM cgr.dev/chainguard/go:latest-dev AS go-builder WORKDIR /app COPY go.mod go.sum ./ RUN --mount=type=cache,target=/go/pkg/mod \ go mod download COPY . . COPY --from=node-builder /app/build ./build RUN --mount=type=cache,target=/root/.cache/go-build \ CGO_ENABLED=0 go build -ldflags="-s -w" -o web-news main.go # Create data directory for accounts.json and hashes RUN mkdir -p /app/data && chown 65532:65532 /app/data # Stage 3: Minimal runtime image FROM cgr.dev/chainguard/static:latest WORKDIR /app ARG BUILD_DATE ARG VCS_REF ARG VERSION="0.2.0" LABEL org.opencontainers.image.created=$BUILD_DATE \ org.opencontainers.image.title="Web News" \ org.opencontainers.image.description="A modern, high-performance RSS news reader." \ org.opencontainers.image.url="https://quad4.io" \ org.opencontainers.image.documentation="https://github.com/Quad4-Software/webnews/blob/main/README.md" \ org.opencontainers.image.source="https://github.com/Quad4-Software/webnews" \ org.opencontainers.image.version=$VERSION \ org.opencontainers.image.revision=$VCS_REF \ org.opencontainers.image.vendor="Quad4" \ org.opencontainers.image.licenses="MIT" \ org.opencontainers.image.authors="Quad4" \ org.opencontainers.image.base.name="cgr.dev/chainguard/static:latest" COPY --from=go-builder /app/web-news . COPY --from=go-builder --chown=65532:65532 /app/data ./data COPY LICENSE README.md ./ EXPOSE 8080 ENV PORT=8080 ENV NODE_ENV=production ENV AUTH_FILE=/app/data/accounts.json ENV HASHES_FILE=/app/data/client_hashes.json ENV RATE_LIMIT=100 ENV RATE_BURST=200 ENV CACHE_FILE=/app/data/cache.db ENV PUBLIC_INSTANCE=false USER 65532 CMD ["./web-news", "-auth-file", "/app/data/accounts.json", "-hashes-file", "/app/data/client_hashes.json", "-cache-file", "/app/data/cache.db"]