chore(docker): update Docker configuration

2026-01-03 22:12:39 -06:00
parent e7d86e11d2
commit 7f30ffe07a
4 changed files with 23 additions and 7 deletions
--- a/18
+++ b/18
@@ -1,4 +1,9 @@
-FROM node:22-alpine@sha256:0340fa682d72068edf603c305bfbc10e23219fb0e40df58d9ea4d6f33a9798bf AS build-frontend
+ARG NODE_IMAGE=node:22-alpine
+ARG NODE_HASH=sha256:0340fa682d72068edf603c305bfbc10e23219fb0e40df58d9ea4d6f33a9798bf
+ARG PYTHON_IMAGE=python:3.13-alpine
+ARG PYTHON_HASH=sha256:e7e041128ffc3e3600509f508e44d34ab08ff432bdb62ec508d01dfc5ca459f7
+
+FROM ${NODE_IMAGE}@${NODE_HASH} AS build-frontend

 WORKDIR /src

@@ -11,11 +16,13 @@ RUN corepack enable && corepack prepare pnpm@latest --activate
 RUN pnpm install --frozen-lockfile && \
    pnpm run build-frontend

-FROM python:3.13-alpine@sha256:e7e041128ffc3e3600509f508e44d34ab08ff432bdb62ec508d01dfc5ca459f7
+FROM ${PYTHON_IMAGE}@${PYTHON_HASH}

 WORKDIR /app

-RUN apk add --no-cache ffmpeg espeak-ng opusfile libffi-dev
+RUN apk add --no-cache ffmpeg espeak-ng opusfile libffi-dev && \
+    addgroup -S meshchat && adduser -S meshchat -G meshchat && \
+    mkdir -p /config && chown meshchat:meshchat /config

 COPY pyproject.toml poetry.lock ./
 RUN apk add --no-cache --virtual .build-deps \
@@ -28,9 +35,10 @@ RUN apk add --no-cache --virtual .build-deps \
    poetry install --no-root --only main && \
    apk del .build-deps

-COPY meshchatx ./meshchatx
+COPY --chown=meshchat:meshchat meshchatx ./meshchatx
+COPY --from=build-frontend --chown=meshchat:meshchat /src/meshchatx/public ./meshchatx/public

-COPY --from=build-frontend /src/meshchatx/public ./meshchatx/public
+USER meshchat

 ENV PYTHONUNBUFFERED=1

--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -327,6 +327,11 @@ tasks:
        cmds:
            - 'MESHCHAT_IMAGE="{{.DOCKER_IMAGE}}" {{.DOCKER_COMPOSE_CMD}} -f {{.DOCKER_COMPOSE_FILE}} up --remove-orphans --pull never reticulum-meshchatx'

+    run-docker-dev:
+        desc: Run Docker container in development mode using docker-compose.dev.yml
+        cmds:
+            - 'MESHCHAT_IMAGE="{{.DOCKER_IMAGE}}" {{.DOCKER_COMPOSE_CMD}} -f docker-compose.dev.yml up --build --remove-orphans reticulum-meshchatx'
+
    docker-build-env:
        desc: Build the Docker image for containerized builds
        cmds:
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@@ -1,7 +1,10 @@
 services:
    reticulum-meshchatx:
+        build:
+            context: .
+            dockerfile: Dockerfile
        container_name: reticulum-meshchatx
-        image: git.quad4.io/rns-things/meshchatx-dev:dev
+        image: reticulum-meshchatx:local
        restart: unless-stopped
        security_opt:
            - no-new-privileges:true
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
    reticulum-meshchatx:
        container_name: reticulum-meshchatx
-        image: git.quad4.io/rns-things/meshchatx:latest
+        image: ${MESHCHAT_IMAGE:-git.quad4.io/rns-things/meshchatx:latest}
        restart: unless-stopped
        security_opt:
            - no-new-privileges:true