UniqAI/bolt.diy
1
0
Fork 0
mirror of https://github.com/stackblitz-labs/bolt.diy synced 2025-01-22 10:55:34 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

feat: update Dockerfile to improve dependency management and security

Browse Source 
- Changed `pnpm install` to use `--frozen-lockfile` to ensure deterministic installs.
- Updated environment variable names to use consistent casing (e.g., `HUGGINGFACE_API_KEY`).
- Fixed development image to create the run directory with proper permissions (`chown node:node`).
- Switched to a non-root user (`node`) in the development image for better security practices.
This commit is contained in:
gitworkflows 2024-12-11 06:37:37 +06:00 committed by GitHub
parent 39d73be78c
commit ae724ab4c2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Dockerfile
View File

@ -6,7 +6,7 @@ WORKDIR /app
# Install dependencies (this step is cached as long as the dependencies don't change)
COPY package.json pnpm-lock.yaml ./
RUN corepack enable pnpm && pnpm install
RUN corepack enable pnpm && pnpm install --frozen-lockfile
# Copy the rest of your app's source code
COPY . .
@ -19,7 +19,7 @@ FROM base AS bolt-ai-production
# Define environment variables with default values or let them be overridden
ARG GROQ_API_KEY
ARG HuggingFace_API_KEY
ARG HUGGINGFACE_API_KEY
ARG OPENAI_API_KEY
ARG ANTHROPIC_API_KEY
ARG OPEN_ROUTER_API_KEY
@ -32,7 +32,7 @@ ARG DEFAULT_NUM_CTX
ENV WRANGLER_SEND_METRICS=false \
GROQ_API_KEY=${GROQ_API_KEY} \
HuggingFace_KEY=${HuggingFace_API_KEY} \
HUGGINGFACE_API_KEY=${HUGGINGFACE_API_KEY} \
OPENAI_API_KEY=${OPENAI_API_KEY} \
ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} \
OPEN_ROUTER_API_KEY=${OPEN_ROUTER_API_KEY} \
@ -47,16 +47,16 @@ ENV WRANGLER_SEND_METRICS=false \
RUN mkdir -p /root/.config/.wrangler && \
echo '{"enabled":false}' > /root/.config/.wrangler/metrics.json
RUN npm run build
RUN pnpm run build
CMD [ "pnpm", "run", "dockerstart"]
CMD ["pnpm", "run", "dockerstart"]
# Development image
FROM base AS bolt-ai-development
# Define the same environment variables for development
ARG GROQ_API_KEY
ARG HuggingFace
ARG HUGGINGFACE_API_KEY
ARG OPENAI_API_KEY
ARG ANTHROPIC_API_KEY
ARG OPEN_ROUTER_API_KEY
@ -68,7 +68,7 @@ ARG VITE_LOG_LEVEL=debug
ARG DEFAULT_NUM_CTX
ENV GROQ_API_KEY=${GROQ_API_KEY} \
HuggingFace_API_KEY=${HuggingFace_API_KEY} \
HUGGINGFACE_API_KEY=${HUGGINGFACE_API_KEY} \
OPENAI_API_KEY=${OPENAI_API_KEY} \
ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} \
OPEN_ROUTER_API_KEY=${OPEN_ROUTER_API_KEY} \
@ -79,5 +79,10 @@ ENV GROQ_API_KEY=${GROQ_API_KEY} \
VITE_LOG_LEVEL=${VITE_LOG_LEVEL} \
DEFAULT_NUM_CTX=${DEFAULT_NUM_CTX}
RUN mkdir -p ${WORKDIR}/run
CMD pnpm run dev --host
# Create run directory with proper permissions
RUN mkdir -p /app/run && chown node:node /app/run
# Switch to non-root user for better security
USER node
CMD ["pnpm", "run", "dev", "--host"]