From ae724ab4c2c596c95e2100b8eadb9ec255c9f4b3 Mon Sep 17 00:00:00 2001
From: gitworkflows <118260833+gitworkflows@users.noreply.github.com>
Date: Wed, 11 Dec 2024 06:37:37 +0600
Subject: [PATCH] feat: update Dockerfile to improve dependency management and
 security

- Changed `pnpm install` to use `--frozen-lockfile` to ensure deterministic installs.
- Updated environment variable names to use consistent casing (e.g., `HUGGINGFACE_API_KEY`).
- Fixed development image to create the run directory with proper permissions (`chown node:node`).
- Switched to a non-root user (`node`) in the development image for better security practices.
---
 Dockerfile | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 06541d30..c0395572 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,7 +6,7 @@ WORKDIR /app
 # Install dependencies (this step is cached as long as the dependencies don't change)
 COPY package.json pnpm-lock.yaml ./
 
-RUN corepack enable pnpm && pnpm install
+RUN corepack enable pnpm && pnpm install --frozen-lockfile
 
 # Copy the rest of your app's source code
 COPY . .
@@ -19,7 +19,7 @@ FROM base AS bolt-ai-production
 
 # Define environment variables with default values or let them be overridden
 ARG GROQ_API_KEY
-ARG HuggingFace_API_KEY
+ARG HUGGINGFACE_API_KEY
 ARG OPENAI_API_KEY
 ARG ANTHROPIC_API_KEY
 ARG OPEN_ROUTER_API_KEY
@@ -32,7 +32,7 @@ ARG DEFAULT_NUM_CTX
 
 ENV WRANGLER_SEND_METRICS=false \
     GROQ_API_KEY=${GROQ_API_KEY} \
-    HuggingFace_KEY=${HuggingFace_API_KEY} \
+    HUGGINGFACE_API_KEY=${HUGGINGFACE_API_KEY} \
     OPENAI_API_KEY=${OPENAI_API_KEY} \
     ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} \
     OPEN_ROUTER_API_KEY=${OPEN_ROUTER_API_KEY} \
@@ -47,16 +47,16 @@ ENV WRANGLER_SEND_METRICS=false \
 RUN mkdir -p /root/.config/.wrangler && \
     echo '{"enabled":false}' > /root/.config/.wrangler/metrics.json
 
-RUN npm run build
+RUN pnpm run build
 
-CMD [ "pnpm", "run", "dockerstart"]
+CMD ["pnpm", "run", "dockerstart"]
 
 # Development image
 FROM base AS bolt-ai-development
 
 # Define the same environment variables for development
 ARG GROQ_API_KEY
-ARG HuggingFace 
+ARG HUGGINGFACE_API_KEY
 ARG OPENAI_API_KEY
 ARG ANTHROPIC_API_KEY
 ARG OPEN_ROUTER_API_KEY
@@ -68,7 +68,7 @@ ARG VITE_LOG_LEVEL=debug
 ARG DEFAULT_NUM_CTX
 
 ENV GROQ_API_KEY=${GROQ_API_KEY} \
-    HuggingFace_API_KEY=${HuggingFace_API_KEY} \
+    HUGGINGFACE_API_KEY=${HUGGINGFACE_API_KEY} \
     OPENAI_API_KEY=${OPENAI_API_KEY} \
     ANTHROPIC_API_KEY=${ANTHROPIC_API_KEY} \
     OPEN_ROUTER_API_KEY=${OPEN_ROUTER_API_KEY} \
@@ -79,5 +79,10 @@ ENV GROQ_API_KEY=${GROQ_API_KEY} \
     VITE_LOG_LEVEL=${VITE_LOG_LEVEL} \
     DEFAULT_NUM_CTX=${DEFAULT_NUM_CTX}
 
-RUN mkdir -p ${WORKDIR}/run
-CMD pnpm run dev --host
+# Create run directory with proper permissions
+RUN mkdir -p /app/run && chown node:node /app/run
+
+# Switch to non-root user for better security
+USER node
+
+CMD ["pnpm", "run", "dev", "--host"]