cameleer/cameleer-saas
1
0
Fork 0
Code Issues 22 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9013740b8361c04ce9edb1b2a4ac7fda4938aae4
cameleer-saas/Dockerfile
hsiegeln 9013740b83
All checks were successful
CI / build (push) Successful in 39s
Details
CI / docker (push) Successful in 33s
Details
fix: mount custom sign-in UI over Logto experience dist 
CUSTOM_UI_PATH is a Logto Cloud feature, not available in OSS.
The correct approach for self-hosted Logto is to volume-mount
over /etc/logto/packages/experience/dist/.

- Use init container (sign-in-ui) to copy dist to shared volume
  as root (fixes permission denied with cameleer user)
- Logto mounts signinui volume at experience/dist path
- Logto depends on sign-in-ui init container completion
- Remove saas-entrypoint.sh approach (no longer needed)
- Revert Dockerfile entrypoint to direct java -jar
- Permit /favicon.svg in SecurityConfig for sign-in page logo

Tested: full OIDC flow works end-to-end via Playwright.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 14:24:33 +02:00

41 lines
1.4 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1
# Frontend: runs natively on build host
FROM --platform=$BUILDPLATFORM node:22-alpine AS frontend
ARG REGISTRY_TOKEN
WORKDIR /ui
COPY ui/package.json ui/package-lock.json ui/.npmrc ./
RUN echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci
COPY ui/ .
RUN npm run build
# Sign-in UI: custom Logto sign-in experience
FROM --platform=$BUILDPLATFORM node:22-alpine AS sign-in-frontend
ARG REGISTRY_TOKEN
WORKDIR /ui
COPY ui/sign-in/package.json ui/sign-in/package-lock.json ui/sign-in/.npmrc ./
RUN echo "//gitea.siegeln.net/api/packages/cameleer/npm/:_authToken=${REGISTRY_TOKEN}" >> .npmrc && npm ci
COPY ui/sign-in/ .
RUN npm run build
# Maven build: runs natively on build host (no QEMU emulation)
FROM --platform=$BUILDPLATFORM eclipse-temurin:21-jdk-alpine AS build
WORKDIR /build
COPY .mvn/ .mvn/
COPY mvnw pom.xml ./
# Cache deps — only re-downloaded when POM changes
RUN ./mvnw dependency:go-offline -B || true
COPY src/ src/
COPY --from=frontend /ui/dist/ src/main/resources/static/
RUN ./mvnw package -DskipTests -B
# Runtime: target platform (amd64)
FROM eclipse-temurin:21-jre-alpine
WORKDIR /app
RUN addgroup -S cameleer && adduser -S cameleer -G cameleer
COPY --from=build /build/target/*.jar app.jar
COPY --from=sign-in-frontend /ui/dist/ /app/sign-in-dist/
USER cameleer
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]
Reference in New Issue View Git Blame Copy Permalink