From ceac5444ca04f3ce08fcccf4984a3ca0ee84433e Mon Sep 17 00:00:00 2001 From: Till-JS <101404291+Till-JS@users.noreply.github.com> Date: Tue, 17 Feb 2026 10:48:55 +0100 Subject: [PATCH] fix(planta-bot): rewrite Dockerfile to use pnpm workspace pattern - Use node:20-slim like other bots - Copy and build shared packages (bot-services, matrix-bot-common) - Use pnpm instead of npm - Add non-root user for security - Fix healthcheck port to 4022 Co-Authored-By: Claude Opus 4.5 --- services/matrix-planta-bot/Dockerfile | 72 +++++++++++++++++++-------- 1 file changed, 51 insertions(+), 21 deletions(-) diff --git a/services/matrix-planta-bot/Dockerfile b/services/matrix-planta-bot/Dockerfile index 78112acf1..f9b421616 100644 --- a/services/matrix-planta-bot/Dockerfile +++ b/services/matrix-planta-bot/Dockerfile @@ -1,41 +1,71 @@ # Build stage -FROM node:20-alpine AS builder +FROM node:20-slim AS builder WORKDIR /app -# Copy package files -COPY package.json ./ +# Enable pnpm via corepack +RUN corepack enable && corepack prepare pnpm@9.15.0 --activate -# Install dependencies -RUN npm install +# Copy workspace configuration +COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./ -# Copy source code -COPY . . +# Copy shared packages that this bot depends on +COPY packages/bot-services ./packages/bot-services +COPY packages/matrix-bot-common ./packages/matrix-bot-common -# Build the application -RUN npm run build +# Copy this bot +COPY services/matrix-planta-bot ./services/matrix-planta-bot + +# Install all dependencies +RUN pnpm install --frozen-lockfile --ignore-scripts + +# Build shared packages first (in dependency order) +RUN pnpm --filter @manacore/bot-services build +RUN pnpm --filter @manacore/matrix-bot-common build + +# Build the bot +RUN pnpm --filter @mana-bots/matrix-planta-bot build # Production stage -FROM node:20-alpine +FROM node:20-slim AS runner WORKDIR /app -# Copy package files and install production dependencies only -COPY package.json ./ -RUN npm install --omit=dev +# Install wget for health checks and enable pnpm +RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/* \ + && corepack enable && corepack prepare pnpm@9.15.0 --activate -# Copy built application from builder -COPY --from=builder /app/dist ./dist +# Copy workspace configuration +COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./ + +# Copy built shared packages +COPY --from=builder /app/packages/bot-services/dist ./packages/bot-services/dist +COPY --from=builder /app/packages/bot-services/package.json ./packages/bot-services/ +COPY --from=builder /app/packages/matrix-bot-common/dist ./packages/matrix-bot-common/dist +COPY --from=builder /app/packages/matrix-bot-common/package.json ./packages/matrix-bot-common/ + +# Copy built bot +COPY --from=builder /app/services/matrix-planta-bot/dist ./services/matrix-planta-bot/dist +COPY --from=builder /app/services/matrix-planta-bot/package.json ./services/matrix-planta-bot/ + +# Install production dependencies only +RUN pnpm install --frozen-lockfile --prod --ignore-scripts # Create data directory RUN mkdir -p /app/data -# Expose port -EXPOSE 3322 +# Create non-root user +RUN groupadd --system --gid 1001 nodejs && \ + useradd --system --uid 1001 -g nodejs nestjs && \ + chown -R nestjs:nodejs /app -# Health check -HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ - CMD wget --no-verbose --tries=1 --spider http://localhost:3322/health || exit 1 +USER nestjs + +WORKDIR /app/services/matrix-planta-bot + +HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ + CMD wget --no-verbose --tries=1 --spider http://localhost:4022/health || exit 1 + +EXPOSE 4022 -# Start the application CMD ["node", "dist/main.js"]