# ---- Stage 1: The "Builder" ---- # We use the full (not slim) Node.js image because it includes the build tools # (like Python, make, g++) needed to compile native dependencies. FROM node:20-bullseye AS builder # Install system dependencies needed for the build RUN apt-get update && apt-get install -y --no-install-recommends git ca-certificates && \ apt-get clean && rm -rf /var/lib/apt/lists/* WORKDIR /app # Enable pnpm RUN corepack enable # Copy dependency files COPY package.json pnpm-lock.yaml* ./ # Install ALL dependencies and run build scripts. # The --unsafe-perm flag is often needed in Docker to allow build scripts to run correctly. RUN pnpm install --unsafe-perm # Copy the rest of your source code COPY . . # Run the build script ("tsc") to compile your TypeScript into JavaScript RUN pnpm build # Remove development dependencies to create a clean, production-only node_modules folder RUN pnpm prune --prod # ---- Stage 2: The Final "Production" Image ---- # We start from a slim image to keep the final size small. FROM node:20-bullseye-slim # Install ONLY the necessary RUNTIME system dependencies. # - ffmpeg: For processing audio/video sent to the bot. # - libvips-dev: Required by the 'sharp' package for image manipulation. RUN apt-get update && apt-get install -y --no-install-recommends ffmpeg libvips-dev && \ apt-get clean && rm -rf /var/lib/apt/lists/* WORKDIR /app # Enable pnpm RUN corepack enable # Create the directory for session data AS THE ROOT USER RUN mkdir ./sessions # Change ownership of the entire app directory to the 'node' user. # This must be done BEFORE switching to the node user. RUN chown -R node:node /app # NOW, switch to the built-in, non-root 'node' user for security USER node # Copy over the essential files from the builder stage # These files will now be correctly owned by 'node' because of the chown command above. COPY --from=builder /app/package.json ./package.json COPY --from=builder /app/pnpm-lock.yaml* ./ COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist # Set the command to run your application using the "start" script. CMD [ "pnpm", "start" ]