Notes/apps/server/Dockerfile.rootless

FROM node:22.15.0-bullseye-slim AS builder
RUN corepack enable

# Install native dependencies since we might be building cross-platform.
WORKDIR /usr/src/app/build
COPY ./docker/package.json ./docker/pnpm-workspace.yaml /usr/src/app/
# We have to use --no-frozen-lockfile due to CKEditor patches
RUN pnpm install --no-frozen-lockfile --prod && pnpm rebuild

FROM node:22.15.0-bullseye-slim
# Create a non-root user with configurable UID/GID
ARG USER=trilium
ARG UID=1001
ARG GID=1001
ENV USER=${USER}
ENV UID=${UID}
ENV GID=${GID}

# Install only runtime dependencies
RUN rm -rf \
    /var/lib/apt/lists/* \
    /var/cache/apt/* && \
    # Create the user/group with the default UID/GID
    groupadd -g ${GID} ${USER} && \
    useradd -u ${UID} -g ${USER} -s /bin/sh -m ${USER}

WORKDIR /home/${USER}/app
COPY ./dist /home/${USER}/app
# Also copy the rootless entrypoint script
COPY rootless-entrypoint.sh /home/${USER}/app/
RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh
RUN rm -rf /home/${USER}/app/node_modules/better-sqlite3
COPY --from=builder /usr/src/app/node_modules/better-sqlite3 /home/${USER}/app/node_modules/better-sqlite3
RUN chown -R ${USER}:${USER} /home/${USER}

# Configure container
USER ${USER}
EXPOSE 8080

# By default, use UID/GID that was set during build
# These can be overridden at runtime
ENV TRILIUM_UID=${UID}
ENV TRILIUM_GID=${GID}
ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data

# Use the entrypoint script
CMD /home/${USER}/app/rootless-entrypoint.sh

HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js
feat(ci): add rootless dockerfiles 2025-05-13 18:51:18 +00:00			`FROM node:22.15.0-bullseye-slim AS builder`
			`RUN corepack enable`

			`# Install native dependencies since we might be building cross-platform.`
			`WORKDIR /usr/src/app/build`
fix(docker/rootless): copy sequence after switch to esbuild 2025-05-25 21:47:35 +03:00			`COPY ./docker/package.json ./docker/pnpm-workspace.yaml /usr/src/app/`
feat(ci): add rootless dockerfiles 2025-05-13 18:51:18 +00:00			`# We have to use --no-frozen-lockfile due to CKEditor patches`
			`RUN pnpm install --no-frozen-lockfile --prod && pnpm rebuild`

			`FROM node:22.15.0-bullseye-slim`
			`# Create a non-root user with configurable UID/GID`
			`ARG USER=trilium`
			`ARG UID=1001`
			`ARG GID=1001`
			`ENV USER=${USER}`
			`ENV UID=${UID}`
			`ENV GID=${GID}`

			`# Install only runtime dependencies`
			`RUN rm -rf \`
			`/var/lib/apt/lists/* \`
			`/var/cache/apt/* && \`
			`# Create the user/group with the default UID/GID`
			`groupadd -g ${GID} ${USER} && \`
			`useradd -u ${UID} -g ${USER} -s /bin/sh -m ${USER}`

			`WORKDIR /home/${USER}/app`
			`COPY ./dist /home/${USER}/app`
fix(docker): fix when we copy and chmod the entrypoint for rootless images 2025-05-22 12:49:38 -07:00			`# Also copy the rootless entrypoint script`
			`COPY rootless-entrypoint.sh /home/${USER}/app/`
			`RUN chmod +x /home/${USER}/app/rootless-entrypoint.sh`
feat(ci): add rootless dockerfiles 2025-05-13 18:51:18 +00:00			`RUN rm -rf /home/${USER}/app/node_modules/better-sqlite3`
			`COPY --from=builder /usr/src/app/node_modules/better-sqlite3 /home/${USER}/app/node_modules/better-sqlite3`
			`RUN chown -R ${USER}:${USER} /home/${USER}`

			`# Configure container`
			`USER ${USER}`
			`EXPOSE 8080`

			`# By default, use UID/GID that was set during build`
			`# These can be overridden at runtime`
			`ENV TRILIUM_UID=${UID}`
			`ENV TRILIUM_GID=${GID}`
			`ENV TRILIUM_DATA_DIR=/home/${USER}/trilium-data`

feat(docker): move from inline script to entrypoint 2025-05-21 15:40:21 -07:00			`# Use the entrypoint script`
fix(docker): have the container fill in the user variable 2025-05-22 22:47:29 +00:00			`CMD /home/${USER}/app/rootless-entrypoint.sh`
feat(ci): add rootless dockerfiles 2025-05-13 18:51:18 +00:00
			`HEALTHCHECK --start-period=10s CMD node /home/${USER}/app/docker_healthcheck.js`