# ============================================================================= # Stage 1: Dependencies & Build # ============================================================================= FROM oven/bun:latest AS builder WORKDIR /app # Install system dependencies needed for build RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/* # Install root project dependencies COPY package.json bun.lock ./ RUN bun install --frozen-lockfile # Install web project dependencies COPY web/package.json web/bun.lock ./web/ RUN cd web && bun install --frozen-lockfile # Copy source code COPY . . # Build web assets for production RUN cd web && bun run build # ============================================================================= # Stage 2: Production Runtime # ============================================================================= FROM oven/bun:latest AS production WORKDIR /app # Create non-root user for security RUN groupadd --system appgroup && useradd --system --gid appgroup appuser # Copy only what's needed for production COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules COPY --from=builder --chown=appuser:appgroup /app/web/node_modules ./web/node_modules COPY --from=builder --chown=appuser:appgroup /app/web/dist ./web/dist COPY --from=builder --chown=appuser:appgroup /app/web/src ./web/src COPY --from=builder --chown=appuser:appgroup /app/bot ./bot COPY --from=builder --chown=appuser:appgroup /app/shared ./shared COPY --from=builder --chown=appuser:appgroup /app/package.json . COPY --from=builder --chown=appuser:appgroup /app/drizzle.config.ts . COPY --from=builder --chown=appuser:appgroup /app/tsconfig.json . # Switch to non-root user USER appuser # Expose web dashboard port EXPOSE 3000 # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ CMD bun -e "fetch('http://localhost:3000/api/health').then(r => r.ok ? process.exit(0) : process.exit(1)).catch(() => process.exit(1))" # Run in production mode CMD ["bun", "run", "bot/index.ts"]