From 5f759b5d8f6cec8b8ad1bab8d3802114b7fd119a Mon Sep 17 00:00:00 2001
From: Julien Froidefond <julien.froidefond@cdbdx.biz>
Date: Thu, 6 Mar 2025 08:16:27 +0100
Subject: [PATCH] fix: review docker for prod version

---
 Dockerfile             | 43 +++++++++++++++++++++++++++----------
 docker-compose.dev.yml | 32 ++++++++++++++++++++++++++++
 docker-compose.yml     | 48 +++++++++++++++++++++++++++++++-----------
 3 files changed, 100 insertions(+), 23 deletions(-)
 create mode 100644 docker-compose.dev.yml

diff --git a/Dockerfile b/Dockerfile
index 229e7fe..e2cdffc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,17 +4,25 @@ FROM node:20-alpine AS builder
 # Set working directory
 WORKDIR /app
 
+# Install dependencies for node-gyp
+RUN apk add --no-cache python3 make g++
+
 # Enable Yarn
 RUN corepack enable
 
-# Copy package files
-COPY package.json yarn.lock* ./
+# Copy package files first to leverage Docker cache
+COPY package.json yarn.lock ./
+
+# Copy configuration files
+COPY tsconfig.json next-env.d.ts .eslintrc.json ./
+COPY tailwind.config.ts postcss.config.js .env ./
 
 # Install dependencies with Yarn
 RUN yarn install --frozen-lockfile
 
-# Copy the rest of the application
-COPY . .
+# Copy source files
+COPY src ./src
+COPY public ./public
 
 # Build the application
 RUN yarn build
@@ -24,16 +32,25 @@ FROM node:20-alpine AS runner
 
 WORKDIR /app
 
-# Enable Yarn
-RUN corepack enable
-
-# Copy package files and install production dependencies only
-COPY package.json yarn.lock* ./
-RUN yarn install --production --frozen-lockfile
+# Install production dependencies only
+COPY package.json yarn.lock ./
+RUN corepack enable && \
+    yarn install --production --frozen-lockfile && \
+    yarn cache clean
 
 # Copy built application from builder stage
 COPY --from=builder /app/.next ./.next
 COPY --from=builder /app/public ./public
+COPY --from=builder /app/next-env.d.ts ./
+COPY --from=builder /app/tailwind.config.ts ./
+COPY --from=builder /app/.env ./
+
+# Add non-root user for security
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs && \
+    chown -R nextjs:nodejs /app
+
+USER nextjs
 
 # Set environment variables
 ENV NODE_ENV=production
@@ -42,5 +59,9 @@ ENV NEXT_TELEMETRY_DISABLED=1
 # Expose the port the app runs on
 EXPOSE 3000
 
-# Start the application in production mode
+# Healthcheck
+HEALTHCHECK --interval=30s --timeout=3s \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1
+
+# Start the application
 CMD ["yarn", "start"] 
\ No newline at end of file
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
new file mode 100644
index 0000000..b124583
--- /dev/null
+++ b/docker-compose.dev.yml
@@ -0,0 +1,32 @@
+version: "3.8"
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: stripstream-app
+    ports:
+      - "3000:3000"
+    volumes:
+      - .:/app
+      - /app/node_modules
+      - /app/.next
+    environment:
+      - NODE_ENV=development
+    command: npm run dev
+
+  mongodb:
+    image: mongo:latest
+    container_name: stripstream_mongodb
+    restart: always
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGO_USER}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD}
+    ports:
+      - "27017:27017"
+    volumes:
+      - mongodb_data:/data/db
+
+volumes:
+  mongodb_data:
diff --git a/docker-compose.yml b/docker-compose.yml
index b124583..f2a6946 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,28 +5,52 @@ services:
     build:
       context: .
       dockerfile: Dockerfile
+      args:
+        - NODE_ENV=production
     container_name: stripstream-app
+    restart: unless-stopped
     ports:
       - "3000:3000"
-    volumes:
-      - .:/app
-      - /app/node_modules
-      - /app/.next
     environment:
-      - NODE_ENV=development
-    command: npm run dev
+      - NODE_ENV=production
+      - MONGODB_URI=mongodb://${MONGO_USER}:${MONGO_PASSWORD}@mongodb:27017/stripstream?authSource=admin
+    depends_on:
+      - mongodb
+    networks:
+      - stripstream-network
+    deploy:
+      resources:
+        limits:
+          cpus: "1"
+          memory: 1G
+    healthcheck:
+      test:
+        ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/api/health"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
 
   mongodb:
     image: mongo:latest
-    container_name: stripstream_mongodb
-    restart: always
+    container_name: stripstream-mongodb
+    restart: unless-stopped
     environment:
       MONGO_INITDB_ROOT_USERNAME: ${MONGO_USER}
       MONGO_INITDB_ROOT_PASSWORD: ${MONGO_PASSWORD}
-    ports:
-      - "27017:27017"
     volumes:
-      - mongodb_data:/data/db
+      - stripstream_mongodb_data:/data/db
+    networks:
+      - stripstream-network
+    deploy:
+      resources:
+        limits:
+          cpus: "0.5"
+          memory: 512M
+    command: ["mongod", "--auth", "--bind_ip_all"]
+
+networks:
+  stripstream-network:
+    driver: bridge
 
 volumes:
-  mongodb_data:
+  stripstream_mongodb_data: