# Stage 1: Base FROM node:22.12.0-alpine AS base ENV PNPM_HOME="/pnpm" ENV PATH="$PNPM_HOME:$PATH" RUN apk update && apk add --no-cache bind-tools protobuf-dev \ && npm install -g pnpm@10.0.0 # Stage 2A: Deps-Dev (all dependencies for compilation) FROM base AS deps-dev WORKDIR /usr COPY .nx/key/key.ini ./.nx/key/key.ini COPY .npmrc package.json pnpm-lock.yaml pnpm-workspace.yaml tsconfig.build.json nx.json ./ COPY humand-packages/ ./humand-packages/ RUN --mount=type=secret,id=codeartifact_auth_token,env=CODEARTIFACT_AUTH_TOKEN \ pnpm install --frozen-lockfile # Stage 2B: Deps-Prod (production dependencies only, runs in parallel with 2A) FROM base AS deps-prod WORKDIR /usr COPY .npmrc package.json pnpm-lock.yaml pnpm-workspace.yaml nx.json ./ COPY humand-packages/monolith/package.json ./humand-packages/monolith/package.json COPY humand-packages/common/package.json ./humand-packages/common/package.json COPY humand-packages/migrations-runner/package.json ./humand-packages/migrations-runner/package.json COPY humand-packages/linter/package.json ./humand-packages/linter/package.json COPY humand-packages/app-ratings/package.json ./humand-packages/app-ratings/package.json COPY humand-packages/scheduled-actions/package.json ./humand-packages/scheduled-actions/package.json COPY humand-packages/community-features/package.json ./humand-packages/community-features/package.json RUN --mount=type=secret,id=codeartifact_auth_token,env=CODEARTIFACT_AUTH_TOKEN \ pnpm install --frozen-lockfile --prod # Stage 3: Builder (compiles TypeScript using deps-dev) FROM deps-dev AS builder ARG NODE_OPTIONS # Bumped to 8192 for the build only: TS compilation hits ~4GB after recent # module additions and OOMs at the 4096 default. Runner stage stays at 4096 # (matches Fargate task memory in prd; Node would be OOM-killed if higher). ENV NODE_OPTIONS=${NODE_OPTIONS:-"--max_old_space_size=8192"} ENV NX_VERBOSE_LOGGING=true RUN --mount=type=secret,id=aws_access_key_id,env=AWS_ACCESS_KEY_ID,required=false \ --mount=type=secret,id=aws_secret_access_key,env=AWS_SECRET_ACCESS_KEY,required=false \ --mount=type=secret,id=aws_session_token,env=AWS_SESSION_TOKEN,required=false \ pnpm nx run monolith:build --parallel=1 # Stage 4: Runner (production image with only prod deps + compiled output) FROM base AS runner WORKDIR /usr RUN chown node:node /usr ARG RUN_MIGRATIONS ENV RUN_MIGRATIONS=${RUN_MIGRATIONS} ARG NODE_OPTIONS ENV NODE_OPTIONS=${NODE_OPTIONS:-"--max_old_space_size=4096"} ADD https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.11/grpc_health_probe-linux-amd64 /bin/grpc_health_probe RUN chmod +x /bin/grpc_health_probe COPY --from=deps-prod --chown=node:node /usr/node_modules ./node_modules COPY --from=deps-prod --chown=node:node /usr/package.json /usr/pnpm-lock.yaml /usr/pnpm-workspace.yaml /usr/nx.json ./ COPY --from=deps-prod --chown=node:node /usr/humand-packages ./humand-packages COPY --from=builder --chown=node:node /usr/humand-packages/monolith/build ./humand-packages/monolith/build COPY --from=builder --chown=node:node /usr/humand-packages/monolith/config ./humand-packages/monolith/config COPY --from=builder --chown=node:node /usr/humand-packages/monolith/postman ./humand-packages/monolith/postman COPY --from=builder --chown=node:node /usr/humand-packages/common/build ./humand-packages/common/build COPY --from=builder --chown=node:node /usr/humand-packages/migrations-runner/build ./humand-packages/migrations-runner/build COPY --from=builder --chown=node:node /usr/humand-packages/app-ratings/build ./humand-packages/app-ratings/build COPY --from=builder --chown=node:node /usr/humand-packages/scheduled-actions/build ./humand-packages/scheduled-actions/build COPY --from=builder --chown=node:node /usr/humand-packages/community-features/build ./humand-packages/community-features/build EXPOSE 8080 50051 USER node CMD ["sh", "-c", "if [ \"$RUN_MIGRATIONS\" = \"true\" ]; then pnpm --filter migrations-runner run migrate-on-main && node ./humand-packages/monolith/build/index.js; else node ./humand-packages/monolith/build/index.js; fi"]