Update Dockerfile

Dockerfile

@@ -1,55 +1,95 @@
-# Use official Node.js image as base
+# Use BuildKit for better caching
-FROM node:20-alpine as builder
+# syntax=docker/dockerfile:1.4
+
+# Base stage for common settings
+FROM node:20-alpine AS base
 WORKDIR /app
+
+# Dependencies stage - caches npm install unless package.json changes
+FROM base AS deps
 COPY package.json package-lock.json ./
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --force --prefer-offline
 
-RUN npm install --force
+# Build stage - only rebuilds when source files change
+FROM base AS builder
+WORKDIR /app
 
-COPY . .
+# Copy node_modules from deps stage
+COPY --from=deps /app/node_modules ./node_modules
 
-# Install git and get commit hash
+# Get git and create git hash file before copying source
-RUN apk add --no-cache git && \
+RUN apk add --no-cache git
-    if [ -d .git ]; then \
+
+# Copy package files first (these change less frequently)
+COPY package.json package-lock.json ./
+COPY next.config.mjs tsconfig.json ./
+
+# Copy source files (these change most frequently)
+COPY public ./public
+COPY app ./app
+COPY components ./components
+COPY lib ./lib
+COPY config ./config
+COPY services ./services
+COPY utils ./utils
+COPY middleware.ts ./
+COPY .env* ./
+COPY styles* ./
+COPY hooks ./hooks
+COPY models ./models
+
+# Copy git directory if it exists or create dummy hash
+COPY .git ./.git 2>/dev/null || :
+RUN if [ -d .git ]; then \
       git rev-parse --short HEAD > /app/git_commit_sha; \
     else \
       echo "unknown" > /app/git_commit_sha; \
     fi
 
+# Set build env vars
 ENV NEXT_PUBLIC_API_URL=/api
+ENV NODE_ENV=production
 
-# Build the Next.js application
+# Build (using build cache when possible)
-# The environment variable will be available during build if needed
+RUN --mount=type=cache,target=/app/.next/cache \
-# ENV GIT_COMMIT_SHA=$(cat /app/git_commit_sha)
+    echo "Building with GIT_COMMIT_SHA=$(cat /app/git_commit_sha)" && \
-RUN echo "Building with GIT_COMMIT_SHA=$(cat /app/git_commit_sha)" && npm run build
+    npm run build
 
-# ---- Production Stage ----
+# Production stage
-FROM node:20-alpine
+FROM node:20-alpine AS runner
-
-# Set working directory inside the container
 WORKDIR /app
 
-RUN mkdir -p /app/public
+# Set production env vars
-
-# Copy only necessary files from builder
-COPY --from=builder /app/package.json /app/package-lock.json ./
-COPY --from=builder /app/.next ./.next
-COPY --from=builder /app/node_modules ./node_modules
-COPY --from=builder /app/public ./public
-COPY --from=builder /app/next.config.mjs ./next.config.mjs
-
-# Copy commit hash file from builder stage
-COPY --from=builder /app/git_commit_sha /app/git_commit_sha
-RUN cat /app/git_commit_sha
-
-EXPOSE 3000
-
 ENV NODE_ENV=production
 ENV NEXT_PUBLIC_API_URL=/api
 ENV SERVER_API_URL=https://internal-api.inboxi.ng
 
-# Set GIT_COMMIT_SHA environment variable in the final image by reading the file
+# Create non-root user for security
-ENV GIT_COMMIT_SHA="$(cat /app/git_commit_sha)"
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
 
+# Copy only necessary files
+COPY --from=builder /app/public ./public
+COPY --from=builder /app/next.config.mjs ./
+COPY --from=builder /app/git_commit_sha /app/git_commit_sha
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
 
-# Start Next.js server
+# Verify git hash is readable
-CMD ["npm", "start"]
+RUN cat /app/git_commit_sha
+
+# Instead of using ENV with command substitution, create a wrapper script
+RUN echo '#!/bin/sh' > /app/start.sh && \
+    echo 'export GIT_COMMIT_SHA=$(cat /app/git_commit_sha)' >> /app/start.sh && \
+    echo 'exec node server.js' >> /app/start.sh && \
+    chmod +x /app/start.sh && \
+    cat /app/start.sh
+
+# Switch to non-root user
+USER nextjs
+
+EXPOSE 3000
+
+# Use the wrapper script
+CMD ["/app/start.sh"]