singularity-forge/docker/Dockerfile.sf-server

# syntax=docker/dockerfile:1.7
#
# Source-built SF server image for Forgejo self-deploy.
#
# Purpose: package the exact repository revision Forgejo verified, including
# the staged Next.js standalone host and release manifest, instead of installing
# a mutable npm tag at runtime.
#
# Consumer: .forgejo/workflows/self-deploy.yml and GitOps deployments that run
# `sf server /workspace --host 0.0.0.0 --port 4000`.

FROM node:26.1-slim AS build

WORKDIR /src
ENV CI=1

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    git \
    libsecret-1-dev \
    make \
    g++ \
    python3 \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

COPY package.json package-lock.json ./
COPY packages ./packages
COPY web/package.json web/package-lock.json ./web/
RUN npm ci && npm --prefix web ci

COPY . .
ARG SF_GIT_SHA
ARG SF_GIT_REF
ARG SF_RELEASE_IMAGE
ARG SF_RELEASE_IMAGE_DIGEST
ARG SF_IMAGE_REPOSITORY
ENV SF_GIT_SHA=${SF_GIT_SHA}
ENV SF_GIT_REF=${SF_GIT_REF}
ENV SF_RELEASE_IMAGE=${SF_RELEASE_IMAGE}
ENV SF_RELEASE_IMAGE_DIGEST=${SF_RELEASE_IMAGE_DIGEST}
ENV SF_IMAGE_REPOSITORY=${SF_IMAGE_REPOSITORY}
RUN npm run build:core
RUN npm run build:web-host
RUN npm run release:manifest -- --out dist/sf-release-manifest.json

FROM node:26.1-slim AS sf-server

WORKDIR /opt/sf
ENV NODE_ENV=production
ENV SF_RELEASE_MANIFEST=/opt/sf/dist/sf-release-manifest.json
ENV SF_WEB_PREFER_SOURCE=0
ENV SF_WEB_HOST=0.0.0.0
ENV SF_WEB_PORT=4000

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    git \
    libsecret-1-0 \
    tini \
    && rm -rf /var/lib/apt/lists/*

COPY --from=build /src /opt/sf

WORKDIR /workspace
EXPOSE 4000
ENTRYPOINT ["tini", "--", "node", "/opt/sf/dist/loader.js"]
CMD ["server", "/workspace", "--host", "0.0.0.0", "--port", "4000"]