# [doc->REQ-DEP-01] # Source: 05-RESEARCH.md §Pattern 1 + 05-CONTEXT.md D-01..D-21 # ---- Stage 1: builder ---- FROM node:22-bookworm-slim AS builder RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential python3 ca-certificates git \ && rm -rf /var/lib/apt/lists/* RUN corepack enable && corepack prepare pnpm@10 --activate WORKDIR /app # Copy manifest files first for cache-friendly layer ordering COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./ COPY apps/server/package.json apps/server/ COPY packages/protocol/package.json packages/protocol/ COPY packages/game-logic/package.json packages/game-logic/ COPY packages/db/package.json packages/db/ RUN pnpm install --frozen-lockfile \ && pnpm rebuild better-sqlite3 argon2 # Copy full source after deps are installed COPY . . # Build workspace packages to dist/ — ensures @colyseus/schema decorators are # emitted as legacy TS __decorate (not TC39 __decorateElement) which Schema needs. # apps/server stays tsx-runtime; only the packages need pre-compiled .js. RUN pnpm --filter @rebno/protocol prebuild \ && pnpm --filter @rebno/protocol --filter @rebno/game-logic --filter @rebno/db exec tsc # Prune to production deps only, output to /tmp/server-prod. # tsx is a runtime dependency, so it survives --prod pruning. RUN pnpm --filter @rebno/server deploy --prod --legacy /tmp/server-prod # ---- Stage 2: litestream binary ---- FROM litestream/litestream:0.3.13 AS litestream # ---- Stage 3: runtime ---- FROM node:22-bookworm-slim AS runtime RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates dumb-init \ && rm -rf /var/lib/apt/lists/* # Copy Litestream binary from litestream stage COPY --from=litestream /usr/local/bin/litestream /usr/local/bin/litestream # Copy pruned server production build from builder in stability-ordered layers: # dependencies first, then runtime TS/config, then mutable room/static content. # This keeps small client/public changes from invalidating the large dependency # layer in the pushed runtime image. COPY --from=builder --chown=node:node /tmp/server-prod/package.json /app/package.json COPY --from=builder --chown=node:node /tmp/server-prod/node_modules /app/node_modules COPY --from=builder --chown=node:node /tmp/server-prod/tsconfig.json /app/tsconfig.json COPY --from=builder --chown=node:node /tmp/server-prod/scripts /app/scripts COPY --from=builder --chown=node:node /tmp/server-prod/src /app/src COPY --from=builder --chown=node:node /tmp/server-prod/rooms /app/rooms COPY --from=builder --chown=node:node /tmp/server-prod/public /app/public # Litestream config (produced by Plan 03; COPY will fail if file is absent) COPY --chown=node:node apps/server/litestream.yml /etc/litestream.yml # Container entrypoint script COPY apps/server/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh RUN sed -i 's/\r$//' /usr/local/bin/docker-entrypoint.sh \ && chmod +x /usr/local/bin/docker-entrypoint.sh # Persistent data volume mount point (Fly.io mounts /data) RUN mkdir -p /data && chown node:node /data ENV NODE_ENV=production # tsx loader honors this — applies one tsconfig to ALL .ts files (incl. node_modules # workspace pkgs), so experimentalDecorators reaches @colyseus/schema decorator users. ENV TSX_TSCONFIG_PATH=/app/tsconfig.json # Run as non-root (ASVS V12/V10 L1) USER node WORKDIR /app EXPOSE 2567 ENTRYPOINT ["dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"] # Runtime via tsx CLI with explicit --tsconfig so experimentalDecorators reaches # esbuild (Colyseus Schema needs legacy TS decorator emit, not TC39 stage-3). CMD ["node_modules/.bin/tsx", "--tsconfig", "/app/tsconfig.json", "--import", "./src/otel-init.ts", "src/index.ts"]