| # Base image with Bun | |
| FROM oven/bun:1.3.9 AS base | |
| # Install turbo CLI globally | |
| FROM base AS turbo-cli | |
| RUN bun add -g turbo | |
| # Builder stage - prune API workspace | |
| FROM turbo-cli AS builder | |
| WORKDIR /app | |
| COPY . . | |
| RUN echo "unknown" > .git-commit-sha | |
| RUN turbo prune @midday/api --docker | |
| # Installer stage - install deps and build | |
| FROM base AS installer | |
| WORKDIR /app | |
| # Install dependencies | |
| COPY --from=builder /app/out/json/ . | |
| COPY bunfig.toml . | |
| RUN bun install | |
| # Copy full source | |
| COPY --from=builder /app/out/full/ . | |
| # Build engine types | |
| RUN bunx turbo run build --filter=@midday/engine --only | |
| # Runner stage - clean image | |
| FROM oven/bun:1.3.9 AS runner | |
| WORKDIR /app | |
| # Install python and uv just to follow instructions | |
| RUN apt-get update && apt-get install -y python3 python3-pip curl adduser && \ | |
| curl -LsSf https://astral.sh/uv/install.sh | sh && \ | |
| apt-get clean && rm -rf /var/lib/apt/lists/* | |
| ENV NODE_ENV=production | |
| ENV PORT=7860 | |
| # Copy only what's needed at runtime | |
| COPY --from=installer /app/node_modules ./node_modules | |
| COPY --from=installer /app/apps/api ./apps/api | |
| COPY --from=installer /app/apps/engine ./apps/engine | |
| COPY --from=installer /app/packages ./packages | |
| COPY --from=installer /app/package.json ./package.json | |
| # Carry the git SHA into the runtime container | |
| COPY --from=builder /app/.git-commit-sha /tmp/git-sha.txt | |
| COPY --from=builder /app/scripts/docker-entrypoint.sh /app/entrypoint.sh | |
| RUN chmod +x /app/entrypoint.sh | |
| # HF Specific: Create a non-root user | |
| RUN adduser --disabled-password --gecos "" hfuser | |
| RUN chown -R hfuser:hfuser /app | |
| USER hfuser | |
| WORKDIR /app/apps/api | |
| EXPOSE 7860 | |
| ENTRYPOINT ["/app/entrypoint.sh"] | |
| CMD ["bun", "src/index.ts"] | |