From bec3f38cc5e44e3634f385f0442d27c286031e9f Mon Sep 17 00:00:00 2001 From: insleker Date: Thu, 4 Sep 2025 18:04:15 +0800 Subject: [PATCH] feat: refine dockerfile to deploy on host service provider --- .dockerignore | 21 +++++++++++++++++++++ Dockerfile | 23 +++++++++++++++++++---- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/.dockerignore b/.dockerignore index 6216772..7c651e1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -23,3 +23,24 @@ test/ integration_test/ coverage/ custom_lint.log +test_cache/ +unit_test_assets/ + +# Docs and repo meta to avoid cache busting +docs/ +**/*.md +wireframe.assets/ +AGENTS.md +README.md +LICENSE + +# Packaging artifacts not needed for web image +AppDir/ +AppRun +pdf_signature.desktop +tool/ +*.iml +*.ipr +*.iws +.github/ +.husky/ diff --git a/Dockerfile b/Dockerfile index 295fbf0..73815ee 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,3 +1,4 @@ +# syntax=docker/dockerfile:1.7-labs ## Two-stage build for minimal Flutter web static server (Caddy runtime) # Stage 1: Build the Flutter web app FROM ghcr.io/cirruslabs/flutter:latest AS build @@ -6,13 +7,17 @@ WORKDIR /app # Copy pubspec first for better layer caching COPY pubspec.* ./ -RUN flutter pub get +# Use BuildKit cache for Dart pub cache +RUN --mount=type=cache,target=/root/.pub-cache \ + flutter pub get # Copy the rest of the project COPY . . -# Ensure no host caches leak into the container -RUN rm -rf .dart_tool build && \ +# Ensure no host caches leak into the container; use BuildKit caches for pub and Flutter +RUN --mount=type=cache,target=/root/.pub-cache \ + --mount=type=cache,target=/sdks/flutter/bin/cache \ + rm -rf .dart_tool build && \ flutter pub get && \ flutter gen-l10n && \ flutter build web --release -O4 --wasm @@ -23,12 +28,13 @@ WORKDIR /usr/share/caddy # Copy built web assets COPY --from=build /app/build/web/ /usr/share/caddy/ # Write Caddyfile inline (listens on :8080 and SPA fallback) +ENV PORT=8080 RUN cat > /etc/caddy/Caddyfile <<'CADDY' { admin off } -:8080 { +:{$PORT} { root * /usr/share/caddy encode zstd gzip # SPA fallback: serve index.html if file not found @@ -36,4 +42,13 @@ RUN cat > /etc/caddy/Caddyfile <<'CADDY' file_server } CADDY +# Some platforms (e.g., gVisor/Firecracker like Render) forbid file capabilities; strip and copy to a clean path +USER root +RUN apk add --no-cache libcap && \ + (setcap -r /usr/bin/caddy || true) && \ + install -m 0755 /usr/bin/caddy /caddy && \ + apk del libcap +# Use numeric UID/GID for caddy to avoid passwd lookup issues across platforms +USER 65532:65532 EXPOSE 8080 +ENTRYPOINT ["/caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]