Dockerfile

# syntax=docker/dockerfile:1.7

FROM node:22-alpine AS builder
WORKDIR /app

# Alpine needs build tools for better-sqlite3 native module.
# vips-dev provides libvips + libheif for sharp (incl. HEIC input from iOS).
RUN apk add --no-cache python3 make g++ libc6-compat vips-dev

COPY package*.json ./
# --ignore-scripts vermeidet eine Race-Condition: sharp's postinstall checkt,
# ob seine Plattform-Prebuilt-Binary (@img/sharp-linuxmusl-arm64) schon im
# node_modules liegt. Bei parallelem Install ist sie das mitunter nicht, und
# sharp fällt auf "build from source" zurück — das scheitert, weil wir
# node-addon-api nicht haben. Mit --ignore-scripts + npm rebuild danach
# sind alle Deps garantiert fertig installiert, bevor postinstall läuft.
RUN npm ci --ignore-scripts --include=optional
RUN npm rebuild

COPY . .
RUN npm run build

# Clean re-install statt npm prune. Grund: package-lock.json wird auf dem Dev-
# System (Windows) generiert, dabei markiert npm die linux-musl-arm64-Prebuilts
# als "dev": true, obwohl sie für's Runtime gebraucht werden. npm prune --omit=dev
# würde sie entfernen. Ein Fresh-Install mit --omit=dev installiert dagegen nur
# das, was für's Runtime nötig ist, inkl. matchenden Prebuilts.
RUN rm -rf node_modules \
  && npm ci --ignore-scripts --omit=dev --include=optional \
  && npm rebuild

FROM node:22-alpine AS runner
WORKDIR /app

RUN apk add --no-cache libc6-compat

COPY --from=builder /app/build ./build
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json

ENV NODE_ENV=production
ENV HOST=0.0.0.0
ENV PORT=3000
ENV DATABASE_PATH=/data/kochwas.db
ENV IMAGE_DIR=/data/images

VOLUME ["/data"]
EXPOSE 3000

HEALTHCHECK --interval=15s --timeout=5s --retries=3 --start-period=20s --start-interval=2s \
  CMD wget -qO- http://127.0.0.1:3000/api/health > /dev/null || exit 1

CMD ["node", "build/index.js"]
feat(infra): add production Dockerfile and docker-compose.prod.yml Multi-stage alpine-based build, healthcheck on /api/health, /data volume. Verified end-to-end: image builds, container starts, health returns 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 15:41:20 +02:00			`# syntax=docker/dockerfile:1.7`

			`FROM node:22-alpine AS builder`
			`WORKDIR /app`

chore(deps): @google/generative-ai + vips-dev fuer Foto-Rezept-Magie 2026-04-21 10:37:12 +02:00			`# Alpine needs build tools for better-sqlite3 native module.`
			`# vips-dev provides libvips + libheif for sharp (incl. HEIC input from iOS).`
			`RUN apk add --no-cache python3 make g++ libc6-compat vips-dev`
feat(infra): add production Dockerfile and docker-compose.prod.yml Multi-stage alpine-based build, healthcheck on /api/health, /data volume. Verified end-to-end: image builds, container starts, health returns 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 15:41:20 +02:00
			`COPY package*.json ./`
fix(docker): sharp-Prebuilts beim CI-Build korrekt installieren Zwei Fixes gegen den arm64-Build-Fehler: 1. npm ci mit --ignore-scripts + npm rebuild danach — vermeidet eine Race, bei der sharp's postinstall check.js laeuft bevor die Plattform-Prebuilt-Binary vollstaendig entpackt ist. 2. Statt npm prune --omit=dev ein Fresh-Install via npm ci --omit=dev. Grund: Der Lockfile wird auf Windows generiert und markiert die linux-musl-arm64-Prebuilts als "dev": true, obwohl sie fuer's Runtime gebraucht werden. Prune wuerde sie kappen. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-21 11:44:05 +02:00			`# --ignore-scripts vermeidet eine Race-Condition: sharp's postinstall checkt,`
			`# ob seine Plattform-Prebuilt-Binary (@img/sharp-linuxmusl-arm64) schon im`
			`# node_modules liegt. Bei parallelem Install ist sie das mitunter nicht, und`
			`# sharp fällt auf "build from source" zurück — das scheitert, weil wir`
			`# node-addon-api nicht haben. Mit --ignore-scripts + npm rebuild danach`
			`# sind alle Deps garantiert fertig installiert, bevor postinstall läuft.`
			`RUN npm ci --ignore-scripts --include=optional`
			`RUN npm rebuild`
feat(infra): add production Dockerfile and docker-compose.prod.yml Multi-stage alpine-based build, healthcheck on /api/health, /data volume. Verified end-to-end: image builds, container starts, health returns 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 15:41:20 +02:00
			`COPY . .`
			`RUN npm run build`

fix(docker): sharp-Prebuilts beim CI-Build korrekt installieren Zwei Fixes gegen den arm64-Build-Fehler: 1. npm ci mit --ignore-scripts + npm rebuild danach — vermeidet eine Race, bei der sharp's postinstall check.js laeuft bevor die Plattform-Prebuilt-Binary vollstaendig entpackt ist. 2. Statt npm prune --omit=dev ein Fresh-Install via npm ci --omit=dev. Grund: Der Lockfile wird auf Windows generiert und markiert die linux-musl-arm64-Prebuilts als "dev": true, obwohl sie fuer's Runtime gebraucht werden. Prune wuerde sie kappen. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-21 11:44:05 +02:00			`# Clean re-install statt npm prune. Grund: package-lock.json wird auf dem Dev-`
			`# System (Windows) generiert, dabei markiert npm die linux-musl-arm64-Prebuilts`
			`# als "dev": true, obwohl sie für's Runtime gebraucht werden. npm prune --omit=dev`
			`# würde sie entfernen. Ein Fresh-Install mit --omit=dev installiert dagegen nur`
			`# das, was für's Runtime nötig ist, inkl. matchenden Prebuilts.`
			`RUN rm -rf node_modules \`
			`&& npm ci --ignore-scripts --omit=dev --include=optional \`
			`&& npm rebuild`
feat(infra): add production Dockerfile and docker-compose.prod.yml Multi-stage alpine-based build, healthcheck on /api/health, /data volume. Verified end-to-end: image builds, container starts, health returns 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 15:41:20 +02:00
			`FROM node:22-alpine AS runner`
			`WORKDIR /app`

			`RUN apk add --no-cache libc6-compat`

			`COPY --from=builder /app/build ./build`
			`COPY --from=builder /app/node_modules ./node_modules`
			`COPY --from=builder /app/package.json ./package.json`

			`ENV NODE_ENV=production`
			`ENV HOST=0.0.0.0`
			`ENV PORT=3000`
			`ENV DATABASE_PATH=/data/kochwas.db`
			`ENV IMAGE_DIR=/data/images`

			`VOLUME ["/data"]`
			`EXPOSE 3000`

fix(docker): tighter healthcheck cadence with start-period Traefik filters containers that are 'unhealthy' or still 'starting' (no health result yet). The old 30s interval meant kochwas stayed in 'starting' for 30+ seconds after boot, blocking Traefik from routing to it. New timing: --start-period=20s grace window — failures don't mark unhealthy yet --start-interval=2s fast probes during start-period --interval=15s steady-state cadence after first success --timeout=5s, retries=3 unchanged Container becomes 'healthy' within ~2-5s of the app coming up, so Traefik picks it up almost immediately after 'docker compose up'. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 16:45:00 +02:00			`HEALTHCHECK --interval=15s --timeout=5s --retries=3 --start-period=20s --start-interval=2s \`
fix(docker): healthcheck uses 127.0.0.1, not localhost In the alpine runtime 'localhost' resolves to ::1 (IPv6) first. The SvelteKit Node adapter binds to 0.0.0.0 which is IPv4-only, so wget to 'localhost:3000' fails with 'Connection refused'. Traefik then filters the container as unhealthy and no router is registered. Using 127.0.0.1 makes the probe deterministically hit the bound IPv4 socket. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 16:47:48 +02:00			`CMD wget -qO- http://127.0.0.1:3000/api/health > /dev/null \|\| exit 1`
feat(infra): add production Dockerfile and docker-compose.prod.yml Multi-stage alpine-based build, healthcheck on /api/health, /data volume. Verified end-to-end: image builds, container starts, health returns 200. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-17 15:41:20 +02:00
			`CMD ["node", "build/index.js"]`