docker: install build deps and enable scripts for bcrypt; rebuild native module in prod images

2025-10-06 17:55:14 +02:00
parent 25392f7b29
commit 7e3173f5b3
1 changed files with 13 additions and 8 deletions
--- a/21
+++ b/21
@@ -1,13 +1,14 @@
 FROM node:22-alpine AS builder
-# Install pnpm
+# Install pnpm and build deps for native modules (e.g., bcrypt)
-RUN npm install -g pnpm
+RUN npm install -g pnpm \
  && apk add --no-cache python3 make g++ libc6-compat
 WORKDIR /app
 # Install all deps for building server
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
-RUN pnpm install --frozen-lockfile
+RUN pnpm install --frozen-lockfile --ignore-scripts=false
 # Copy only server sources and tsconfig for server build
 COPY src/server ./src/server
@@ -19,8 +20,9 @@ RUN pnpm tsc -p tsconfig.server.build.json
 FROM node:22-alpine AS production
-# Install pnpm and required runtime tools
+# Install pnpm, runtime tools and build deps for native modules present in prod deps
-RUN npm install -g pnpm ts-node && apk add --no-cache su-exec curl
+RUN npm install -g pnpm ts-node \
  && apk add --no-cache su-exec curl python3 make g++ libc6-compat
 # Set working directory
 WORKDIR /app
@@ -29,7 +31,8 @@ WORKDIR /app
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
 # Install production dependencies only
-RUN pnpm install --frozen-lockfile --prod
+RUN pnpm install --frozen-lockfile --prod --ignore-scripts=false \
  && pnpm rebuild bcrypt || true
 # Copy prebuilt application artifacts from repository (no TS build in image)
 COPY dist ./dist
@@ -67,11 +70,13 @@ CMD ["/app/start.sh"]
 # Prebuilt runtime stage (used locally): copies prebuilt dist and server-dist from context
 FROM node:22-alpine AS production-prebuilt
-RUN npm install -g pnpm ts-node && apk add --no-cache su-exec curl
+RUN npm install -g pnpm ts-node \
  && apk add --no-cache su-exec curl python3 make g++ libc6-compat
 WORKDIR /app
 COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
-RUN pnpm install --frozen-lockfile --prod
+RUN pnpm install --frozen-lockfile --prod --ignore-scripts=false \
  && pnpm rebuild bcrypt || true
 # Copy prebuilt artifacts from repository
 COPY dist ./dist