chore(docker): .dockerignore angepasst; lokale Build-Schritte in Rebuild-Skripten; Doku/README zu production vs production-prebuilt aktualisiert

Dockerfile

@@ -10,27 +10,15 @@ RUN pnpm config set enable-pre-post-scripts true
 
 WORKDIR /app
 
-# Install all deps for building server
-COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+# Copy full sources and build both client and server
+COPY . .
 RUN pnpm install --frozen-lockfile --ignore-scripts=false --enable-pre-post-scripts \
-  && pnpm rebuild bcrypt --build-from-source || true
-
-# Ensure Node types are available for server build
-RUN pnpm add -D @types/node@^22
-
-# Copy only server sources and tsconfig for server build
-COPY src/server ./src/server
-COPY tsconfig.server.json ./tsconfig.server.json
-COPY tsconfig.server.build.json ./tsconfig.server.build.json
-COPY tsconfig.json ./tsconfig.json
-
-# Build server only (no client build)
-RUN tsc -p tsconfig.server.build.json
+  && pnpm run build
 
 FROM node:22-alpine AS production
 
 # Install pnpm, runtime tools and build deps for native modules present in prod deps
-RUN npm install -g pnpm ts-node \
+RUN npm install -g pnpm \
   && apk add --no-cache su-exec curl python3 make g++ libc6-compat
 
 ENV npm_config_build_from_source=1 \
@@ -45,11 +33,17 @@ COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 
 # Install production dependencies only
 RUN pnpm install --frozen-lockfile --prod --ignore-scripts=false --enable-pre-post-scripts \
-  && pnpm rebuild bcrypt --build-from-source || true
+  && echo "[production] Rebuilding bcrypt for Alpine Linux..." \
+  && pnpm rebuild bcrypt --build-from-source \
+  && echo "[production] Verifying bcrypt installation..." \
+  && node -e "require('bcrypt')" \
+  && echo "[production] Removing build toolchain to reduce image size..." \
+  && apk del python3 make g++
 
-# Copy client build from context and server build from builder
-COPY dist ./dist
+# Copy built artifacts from builder
+COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/server-dist ./server-dist
+# public wird aus dem Kontext kopiert
 COPY public ./public
 
 # Copy necessary runtime files
@@ -62,12 +56,8 @@ RUN adduser -S nextjs -u 1001
 # Make start script executable
 RUN chmod +x /app/start.sh
 
-# Change ownership of the app directory (but keep root for .storage)
-RUN chown -R nextjs:nodejs /app
-RUN chown root:root /app/.storage 2>/dev/null || true
-
-# Don't switch to nextjs user here - the start script will handle it
-# USER nextjs
+# Change ownership of the app directory
+RUN chown -R nextjs:nodejs /app || true
 
 # Expose port
 EXPOSE 3000
@@ -82,7 +72,7 @@ CMD ["/app/start.sh"]
 # Prebuilt runtime stage (used locally): copies prebuilt dist and server-dist from context
 FROM node:22-alpine AS production-prebuilt
 
-RUN npm install -g pnpm ts-node \
+RUN npm install -g pnpm \
   && apk add --no-cache su-exec curl python3 make g++ libc6-compat
 
 ENV npm_config_build_from_source=1 \
@@ -92,8 +82,10 @@ WORKDIR /app
 
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 RUN pnpm install --frozen-lockfile --prod --ignore-scripts=false --enable-pre-post-scripts \
-  && pnpm add --prod hono@^4.9.4 @hono/node-server@^1.19.5 \
-  && pnpm rebuild bcrypt --build-from-source || true
+  && echo "[production-prebuilt] Rebuilding bcrypt for Alpine Linux..." \
+  && pnpm rebuild bcrypt --build-from-source \
+  && echo "[production-prebuilt] Verifying bcrypt installation..." \
+  && node -e "require('bcrypt')"
 
 # Copy prebuilt artifacts from repository
 COPY dist ./dist
@@ -103,8 +95,7 @@ COPY start.sh ./start.sh
 
 RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001 \
   && chmod +x /app/start.sh \
-  && chown -R nextjs:nodejs /app \
-  && chown root:root /app/.storage 2>/dev/null || true
+  && chown -R nextjs:nodejs /app || true
 
 EXPOSE 3000
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \