Ilia Denisov
8700fbfae1
- backend + gateway multi-stage distroless Dockerfiles; the gateway embeds and
serves the SPA at / and /telegram/ via go:embed (committed dist placeholder,
real build baked in by the image's node stage)
- deploy/docker-compose.yml: backend + gateway + Postgres + Telegram connector
(VPN sidecar) + OTel Collector + Prometheus (15d) + Tempo (72h) + Grafana,
fronted by a caddy owning a single /_gm Basic-Auth (admin console + Grafana
subpath); inter-service on a private network, only caddy on the edge network
- new metrics: backend accounts_created_total{kind} (robots excluded) and an
in-memory gateway active_users{window=24h,7d} gauge
- CI: single .gitea/workflows/ci.yaml (unit/integration/ui + a gated test-contour
deploy) on the new feature/* -> development -> master branch model; the old
go-unit/integration/ui-test workflows are folded in; the connector-scoped
compose is retired (superseded by deploy/)
- docs: ARCHITECTURE §11/§12/§13, root + gateway READMEs, CLAUDE.md branching,
PLAN.md (stage 16 done + refinements + Stage 17 forward-notes)
54 lines
2.3 KiB
Docker
54 lines
2.3 KiB
Docker
# Multi-stage build for the gateway service. A node stage builds the static UI
|
|
# (Vite), the result is embedded into the Go binary (gateway/internal/webui/dist),
|
|
# and the Go stage — mirroring platform/telegram/Dockerfile — yields a static
|
|
# binary shipped on distroless nonroot. So the single binary serves the SPA at /
|
|
# and /telegram/ (docs/ARCHITECTURE.md §13) with no separate static container.
|
|
#
|
|
# The production UI build vars are image build-args, baked into the bundle.
|
|
# Build from the repository root so go.work, pkg/, gateway/ and ui/ are all in the
|
|
# Docker context:
|
|
# docker build -f gateway/Dockerfile \
|
|
# --build-arg VITE_GATEWAY_URL=https://example \
|
|
# -t scrabble-gateway .
|
|
|
|
# --- UI build ----------------------------------------------------------------
|
|
FROM node:22-alpine AS ui
|
|
WORKDIR /ui
|
|
RUN corepack enable && corepack prepare pnpm@11.0.9 --activate
|
|
|
|
# Prod UI build vars (Vite reads VITE_-prefixed env at build; baked into the bundle).
|
|
ARG VITE_TELEGRAM_BOT_ID=
|
|
ARG VITE_TELEGRAM_LINK=
|
|
ARG VITE_GATEWAY_URL=
|
|
ENV VITE_TELEGRAM_BOT_ID=$VITE_TELEGRAM_BOT_ID \
|
|
VITE_TELEGRAM_LINK=$VITE_TELEGRAM_LINK \
|
|
VITE_GATEWAY_URL=$VITE_GATEWAY_URL
|
|
|
|
# Install with the lockfile first (the workspace file carries pnpm's build-script
|
|
# approval for esbuild), then build. Committed src/gen/ means no codegen here.
|
|
COPY ui/package.json ui/pnpm-lock.yaml ui/pnpm-workspace.yaml ./
|
|
RUN pnpm install --frozen-lockfile
|
|
COPY ui ./
|
|
RUN pnpm build
|
|
|
|
# --- Go build ----------------------------------------------------------------
|
|
FROM golang:1.26.3-alpine AS build
|
|
WORKDIR /src
|
|
COPY go.work go.work.sum ./
|
|
COPY pkg ./pkg
|
|
COPY gateway ./gateway
|
|
|
|
# Replace the committed placeholder with the freshly built UI before compiling, so
|
|
# go:embed bakes the real bundle into the binary.
|
|
RUN rm -rf gateway/internal/webui/dist
|
|
COPY --from=ui /ui/dist gateway/internal/webui/dist
|
|
|
|
# Reduce the workspace to what the gateway needs: gateway + pkg.
|
|
RUN go work edit -dropuse=./backend -dropuse=./platform/telegram
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -o /out/gateway ./gateway/cmd/gateway
|
|
|
|
# --- runtime -----------------------------------------------------------------
|
|
FROM gcr.io/distroless/static-debian12:nonroot
|
|
COPY --from=build /out/gateway /usr/local/bin/gateway
|
|
ENTRYPOINT ["/usr/local/bin/gateway"]
|