fix workflow build (#1608) · openstatus.dev/openstatus@6ed72ad

+5 -25

apps/workflows/Dockerfile

··· 6 6 FROM debian@sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b AS ca-certs 7 7 LABEL \ 8 8 org.opencontainers.image.base.digest="sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b" \ 9 - org.opencontainers.image.base.name="docker.io/debian:bullseye-slim" \ 10 - org.opencontainers.image.stage="ca-certs" 11 - RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && update-ca-certificates && rm -rf /var/lib/apt/lists/* 9 + org.opencontainers.image.base.name="docker.io/debian:bullseye-slim" 10 + RUN apt update && apt install -y ca-certificates && update-ca-certificates 12 11 13 12 # docker 14 13 FROM oven/bun@sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 AS docker 15 14 LABEL \ 16 15 org.opencontainers.image.base.digest="sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4" \ 17 - org.opencontainers.image.base.name="docker.io/oven/bun:1.3.3" \ 18 - org.opencontainers.image.stage="docker" 16 + org.opencontainers.image.base.name="docker.io/oven/bun:1.3.3" 19 17 WORKDIR /app/apps/workflows 20 18 COPY \ 21 19 --link \ ··· 51 49 --mount=type=bind,target=packages/upstash/package.json,source=packages/upstash/package.json \ 52 50 --mount=type=bind,target=packages/theme-store/package.json,source=packages/theme-store/package.json \ 53 51 --mount=type=cache,target=/root/.bun/install/cache,sharing=locked \ 54 - bun install --production --frozen-lockfile --verbose 52 + bun install --production --frozen-lockfile --verbose 55 53 56 54 # build 57 55 FROM oven/bun@sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 AS build ··· 74 72 FROM oven/bun@sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 AS libsql 75 73 LABEL \ 76 74 org.opencontainers.image.base.digest="sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4" \ 77 - org.opencontainers.image.base.name="docker.io/oven/bun:1.3.3" \ 78 - org.opencontainers.image.stage="libsql" 75 + org.opencontainers.image.base.name="docker.io/oven/bun:1.3.3" 79 76 WORKDIR /app/ 80 77 COPY \ 81 78 --from=docker \ ··· 102 99 --link \ 103 100 "/app/apps/workflows/app" "/app/apps/workflows/" 104 101 COPY \ 105 - --from=build \ 106 - --chown=1000:1000 \ 107 - --link \ 108 - "/app/data" "/app/data" 109 - COPY \ 110 102 --from=libsql \ 111 103 --chown=1000:1000 \ 112 104 --link \ ··· 121 113 --chown=1000:1000 \ 122 114 --link \ 123 115 "/etc/ssl/certs/ca-certificates.crt" "/etc/ssl/certs/" 124 - USER 0:0 125 - RUN <<EOF 126 - apt-get update 127 - apt-get install -y --no-install-recommends curl 128 - rm -rf /var/lib/apt/lists/* 129 - EOF 130 116 USER 1000:1000 131 117 EXPOSE 3000 132 - HEALTHCHECK \ 133 - --interval=30s \ 134 - --timeout=10s \ 135 - --start-period=30s \ 136 - --retries=3 \ 137 - CMD curl -f http://localhost:3000/ping || exit 1 138 118 ENTRYPOINT ["/app/apps/workflows/app"]

+57 -115

apps/workflows/dofigen.lock

··· 12 12 - /packages/error 13 13 - /packages/tracker 14 14 builders: 15 - docker: 15 + install: 16 16 fromImage: 17 17 path: oven/bun 18 18 digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 19 19 label: 20 - org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 21 - org.opencontainers.image.stage: docker 22 20 org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 23 - workdir: /app/apps/workflows 24 - copy: 25 - - paths: 26 - - . 27 - target: /app/ 28 - run: 29 - - bun run src/build-docker.ts 30 - libsql: 31 - fromImage: 32 - path: oven/bun 33 - digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 34 - label: 35 - org.opencontainers.image.stage: libsql 36 21 org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 37 - org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 38 - workdir: /app/ 39 - copy: 40 - - fromBuilder: docker 41 - paths: 42 - - /app/apps/build-docker/package.json 43 - target: /app/package.json 44 - run: 45 - - bun install 46 - install: 47 - fromImage: 48 - path: oven/bun 49 - digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 50 - label: 51 - org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 52 22 org.opencontainers.image.stage: install 53 - org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 54 23 workdir: /app/ 55 24 run: 56 - - bun install --production --frozen-lockfile --verbose 25 + - bun install --production --frozen-lockfile --verbose 57 26 cache: 58 27 - target: /root/.bun/install/cache 59 28 bind: ··· 97 66 source: packages/upstash/package.json 98 67 - target: packages/theme-store/package.json 99 68 source: packages/theme-store/package.json 69 + docker: 70 + fromImage: 71 + path: oven/bun 72 + digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 73 + label: 74 + org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 75 + org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 76 + workdir: /app/apps/workflows 77 + copy: 78 + - paths: 79 + - . 80 + target: /app/ 81 + run: 82 + - bun run src/build-docker.ts 100 83 ca-certs: 101 84 fromImage: 102 85 path: debian ··· 104 87 label: 105 88 org.opencontainers.image.base.digest: sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b 106 89 org.opencontainers.image.base.name: docker.io/debian:bullseye-slim 107 - org.opencontainers.image.stage: ca-certs 90 + run: 91 + - apt update && apt install -y ca-certificates && update-ca-certificates 92 + libsql: 93 + fromImage: 94 + path: oven/bun 95 + digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 96 + label: 97 + org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 98 + org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 99 + workdir: /app/ 100 + copy: 101 + - fromBuilder: docker 102 + paths: 103 + - /app/apps/build-docker/package.json 104 + target: /app/package.json 108 105 run: 109 - - apt-get update && apt-get install -y --no-install-recommends ca-certificates && update-ca-certificates && rm -rf /var/lib/apt/lists/* 106 + - bun install 110 107 build: 111 108 fromImage: 112 109 path: oven/bun 113 110 digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 114 111 label: 112 + org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 115 113 org.opencontainers.image.base.digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 116 114 org.opencontainers.image.stage: build 117 - org.opencontainers.image.base.name: docker.io/oven/bun:1.3.3 118 115 workdir: /app/apps/workflows 119 116 env: 120 117 NODE_ENV: production ··· 133 130 digest: sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b 134 131 label: 135 132 io.dofigen.version: 2.5.1 136 - org.opencontainers.image.vendor: OpenStatus 137 133 org.opencontainers.image.base.name: docker.io/debian:bullseye-slim 138 - org.opencontainers.image.authors: OpenStatus Team 134 + org.opencontainers.image.base.digest: sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b 139 135 org.opencontainers.image.title: OpenStatus Workflows 140 - org.opencontainers.image.base.digest: sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b 136 + org.opencontainers.image.vendor: OpenStatus 141 137 org.opencontainers.image.description: Background job processing and probe scheduling for OpenStatus 138 + org.opencontainers.image.authors: OpenStatus Team 142 139 org.opencontainers.image.source: https://github.com/openstatusHQ/openstatus 143 - user: 144 - user: '1000' 145 - group: '1000' 146 140 workdir: /app/ 147 141 copy: 148 142 - fromBuilder: build ··· 150 144 - /app/apps/workflows/app 151 145 target: /app/apps/workflows/ 152 146 chmod: '555' 153 - - fromBuilder: build 154 - paths: 155 - - /app/data 156 - target: /app/data 157 147 - fromBuilder: libsql 158 148 paths: 159 149 - /app/node_modules ··· 166 156 paths: 167 157 - /etc/ssl/certs/ca-certificates.crt 168 158 target: /etc/ssl/certs/ 169 - root: 170 - run: 171 - - apt-get update 172 - - apt-get install -y --no-install-recommends curl 173 - - rm -rf /var/lib/apt/lists/* 174 159 entrypoint: 175 160 - /app/apps/workflows/app 176 161 expose: 177 162 - port: 3000 178 - healthcheck: 179 - cmd: curl -f http://localhost:3000/ping || exit 1 180 - interval: 30s 181 - timeout: 10s 182 - start: 30s 183 - retries: 3 184 163 images: 185 164 docker.io: 186 - oven: 187 - bun: 188 - 1.3.3: 189 - digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 190 165 library: 191 166 debian: 192 167 bullseye-slim: 193 168 digest: sha256:530a3348fc4b5734ffe1a137ddbcee6850154285251b53c3425c386ea8fac77b 169 + oven: 170 + bun: 171 + 1.3.3: 172 + digest: sha256:fbf8e67e9d3b806c86be7a2f2e9bae801f2d9212a21db4dcf8cc9889f5a3c9c4 194 173 resources: 195 174 dofigen.yml: 196 - hash: 472e3606f77fb44e6ea0e59ab4cc632df9efaa6938fe3979197eebc12697b023 175 + hash: 3544a43f3fd756222397a837650af396178e9fde624ba9b1b32bc1943324cc02 197 176 content: | 198 - # Files to exclude from Docker context 199 177 ignore: 200 178 - node_modules 201 179 - /apps/docs ··· 208 186 - /packages/api 209 187 - /packages/error 210 188 - /packages/tracker 211 - 212 189 builders: 213 - # Stage 1: CA Certificates 214 - ca-certs: 215 - fromImage: debian:bullseye-slim 216 - labels: 217 - org.opencontainers.image.stage: ca-certs 218 - run: apt-get update && apt-get install -y --no-install-recommends ca-certificates && update-ca-certificates && rm -rf /var/lib/apt/lists/* 219 - 220 - # Stage 2: Docker-specific build artifacts (no dependencies) 221 - docker: 222 - fromImage: oven/bun:1.3.3 223 - workdir: /app/apps/workflows 224 - labels: 225 - org.opencontainers.image.stage: docker 226 - copy: 227 - - . /app/ 228 - run: bun run src/build-docker.ts 229 - 230 - # Stage 3: Install production dependencies 231 190 install: 232 191 fromImage: oven/bun:1.3.3 233 192 workdir: /app/ ··· 254 213 - packages/tinybird/package.json 255 214 - packages/upstash/package.json 256 215 - packages/theme-store/package.json 257 - run: bun install --production --frozen-lockfile --verbose 216 + # Install dependencies 217 + run: bun install --production --frozen-lockfile --verbose 258 218 cache: 259 219 - /root/.bun/install/cache 260 220 ··· 264 224 workdir: /app/apps/workflows 265 225 labels: 266 226 org.opencontainers.image.stage: build 267 - env: 268 - NODE_ENV: production 269 227 copy: 270 228 - . /app/ 271 229 - fromBuilder: install ··· 273 231 target: /app/node_modules 274 232 # Should set env to production here 275 233 # Compile the TypeScript application 234 + env: 235 + NODE_ENV: production 276 236 run: bun build --compile --target bun --sourcemap --format=cjs src/index.ts --outfile=app --external '@libsql/*' --external libsql 277 237 278 - # Stage 5: LibSQL dependencies 238 + docker: 239 + fromImage: oven/bun:1.3.3 240 + workdir: /app/apps/workflows 241 + copy: 242 + - . /app/ 243 + run: bun run src/build-docker.ts 244 + 279 245 libsql: 280 246 fromImage: oven/bun:1.3.3 281 247 workdir: /app/ 282 - labels: 283 - org.opencontainers.image.stage: libsql 284 248 copy: 285 249 - fromBuilder: docker 286 250 source: /app/apps/build-docker/package.json 287 251 target: /app/package.json 288 252 run: bun install 289 253 290 - # Runtime 254 + ca-certs: 255 + fromImage: debian:bullseye-slim 256 + run: apt update && apt install -y ca-certificates && update-ca-certificates 257 + 291 258 fromImage: debian:bullseye-slim 292 259 workdir: /app/ 293 260 ··· 305 272 source: /app/apps/workflows/app 306 273 target: /app/apps/workflows/ 307 274 chmod: "555" 308 - - fromBuilder: build 309 - source: /app/data 310 - target: /app/data 311 275 - fromBuilder: libsql 312 276 source: /app/node_modules 313 277 target: /app/packages/db/node_modules ··· 317 281 - fromBuilder: ca-certs 318 282 source: /etc/ssl/certs/ca-certificates.crt 319 283 target: /etc/ssl/certs/ 320 - 321 - # Install curl for health checks 322 - root: 323 - run: 324 - - apt-get update 325 - - apt-get install -y --no-install-recommends curl 326 - - rm -rf /var/lib/apt/lists/* 327 - 328 - # Security: run as non-root user 329 - user: "1000:1000" 330 - 331 - # Expose port 332 - expose: "3000" 333 - 334 - # Health check 335 - healthcheck: 336 - interval: 30s 337 - timeout: 10s 338 - start: 30s 339 - retries: 3 340 - cmd: curl -f http://localhost:3000/ping || exit 1 341 - 342 - # Start application 284 + expose: 3000 343 285 entrypoint: /app/apps/workflows/app

+16 -53

apps/workflows/dofigen.yml

··· 1 - # Files to exclude from Docker context 2 1 ignore: 3 2 - node_modules 4 3 - /apps/docs ··· 11 10 - /packages/api 12 11 - /packages/error 13 12 - /packages/tracker 14 - 15 13 builders: 16 - # Stage 1: CA Certificates 17 - ca-certs: 18 - fromImage: debian:bullseye-slim 19 - labels: 20 - org.opencontainers.image.stage: ca-certs 21 - run: apt-get update && apt-get install -y --no-install-recommends ca-certificates && update-ca-certificates && rm -rf /var/lib/apt/lists/* 22 - 23 - # Stage 2: Docker-specific build artifacts (no dependencies) 24 - docker: 25 - fromImage: oven/bun:1.3.3 26 - workdir: /app/apps/workflows 27 - labels: 28 - org.opencontainers.image.stage: docker 29 - copy: 30 - - . /app/ 31 - run: bun run src/build-docker.ts 32 - 33 - # Stage 3: Install production dependencies 34 14 install: 35 15 fromImage: oven/bun:1.3.3 36 16 workdir: /app/ ··· 57 37 - packages/tinybird/package.json 58 38 - packages/upstash/package.json 59 39 - packages/theme-store/package.json 60 - run: bun install --production --frozen-lockfile --verbose 40 + # Install dependencies 41 + run: bun install --production --frozen-lockfile --verbose 61 42 cache: 62 43 - /root/.bun/install/cache 63 44 ··· 67 48 workdir: /app/apps/workflows 68 49 labels: 69 50 org.opencontainers.image.stage: build 70 - env: 71 - NODE_ENV: production 72 51 copy: 73 52 - . /app/ 74 53 - fromBuilder: install ··· 76 55 target: /app/node_modules 77 56 # Should set env to production here 78 57 # Compile the TypeScript application 58 + env: 59 + NODE_ENV: production 79 60 run: bun build --compile --target bun --sourcemap --format=cjs src/index.ts --outfile=app --external '@libsql/*' --external libsql 80 61 81 - # Stage 5: LibSQL dependencies 62 + docker: 63 + fromImage: oven/bun:1.3.3 64 + workdir: /app/apps/workflows 65 + copy: 66 + - . /app/ 67 + run: bun run src/build-docker.ts 68 + 82 69 libsql: 83 70 fromImage: oven/bun:1.3.3 84 71 workdir: /app/ 85 - labels: 86 - org.opencontainers.image.stage: libsql 87 72 copy: 88 73 - fromBuilder: docker 89 74 source: /app/apps/build-docker/package.json 90 75 target: /app/package.json 91 76 run: bun install 92 77 93 - # Runtime 78 + ca-certs: 79 + fromImage: debian:bullseye-slim 80 + run: apt update && apt install -y ca-certificates && update-ca-certificates 81 + 94 82 fromImage: debian:bullseye-slim 95 83 workdir: /app/ 96 84 ··· 108 96 source: /app/apps/workflows/app 109 97 target: /app/apps/workflows/ 110 98 chmod: "555" 111 - - fromBuilder: build 112 - source: /app/data 113 - target: /app/data 114 99 - fromBuilder: libsql 115 100 source: /app/node_modules 116 101 target: /app/packages/db/node_modules ··· 120 105 - fromBuilder: ca-certs 121 106 source: /etc/ssl/certs/ca-certificates.crt 122 107 target: /etc/ssl/certs/ 123 - 124 - # Install curl for health checks 125 - root: 126 - run: 127 - - apt-get update 128 - - apt-get install -y --no-install-recommends curl 129 - - rm -rf /var/lib/apt/lists/* 130 - 131 - # Security: run as non-root user 132 - user: "1000:1000" 133 - 134 - # Expose port 135 - expose: "3000" 136 - 137 - # Health check 138 - healthcheck: 139 - interval: 30s 140 - timeout: 10s 141 - start: 30s 142 - retries: 3 143 - cmd: curl -f http://localhost:3000/ping || exit 1 144 - 145 - # Start application 108 + expose: 3000 146 109 entrypoint: /app/apps/workflows/app