Dockerfile

# ============================================
# Base stage for shared configuration
# ============================================
FROM node:20.11-alpine3.19 AS base

# Configure build environment with optimized settings
ENV NODE_OPTIONS="--max_old_space_size=3072" \
    NEXT_TELEMETRY_DISABLED=1 \
    NODE_ENV=production \
    PYTHONDONTWRITEBYTECODE=1

# ============================================
# Dependencies stage - caches node_modules
# ============================================
FROM base AS deps

WORKDIR /app

# Copy only package files for better caching
COPY package.json yarn.lock ./

# Use yarn with cache for faster installs
RUN --mount=type=cache,target=/usr/local/share/.cache/yarn \
    yarn config set cache-folder /usr/local/share/.cache/yarn && \
    yarn install --frozen-lockfile --network-timeout 300000

# ============================================
# Builder stage - builds Next.js application
# ============================================
FROM deps AS web-builder

WORKDIR /app

# Copy source files
COPY . .

# Install dev dependencies needed for build
RUN yarn add --dev autoprefixer postcss tailwindcss code-inspector-plugin

# Build with standalone output
RUN yarn build

# ============================================
# Python builder stage - builds Python deps
# ============================================
FROM python:3.10-slim-bookworm AS python-builder

# Install build dependencies
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    build-essential \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

# Use BuildKit's cache mount for pip
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install --no-cache-dir poetry

# Copy and install Python dependencies
COPY pyproject.toml poetry.lock ./
RUN poetry config virtualenvs.create false && \
    poetry install --no-dev --no-interaction --no-ansi

# ============================================
# Final stage - minimal production image
# ============================================
FROM python:3.10-slim-bookworm

# Create non-root user for HF security
RUN useradd -m -u 1000 user

# Install only required runtime packages
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
    nodejs \
    npm \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Set up directory structure
WORKDIR /app
RUN mkdir -p api web && chown -R user:user /app

# Install core Python packages
RUN --mount=type=cache,target=/root/.cache/pip \
    pip install --no-cache-dir \
    gunicorn \
    gevent \
    flask \
    cloudscraper \
    transformers

# Copy built files from previous stages
COPY --from=python-builder --chown=user /usr/local/lib/python3.10/site-packages /usr/local/lib/python3.10/site-packages
COPY --chown=user . /app/

# Copy Next.js standalone build
COPY --from=web-builder --chown=user /app/.next/standalone /app/web
COPY --from=web-builder --chown=user /app/.next/static /app/web/.next/static
COPY --from=web-builder --chown=user /app/public /app/web/public

# Set environment variables
ENV FLASK_APP=app.py \
    EDITION=SELF_HOSTED \
    DEPLOY_ENV=PRODUCTION \
    CONSOLE_API_URL=http://127.0.0.1:7860 \
    CONSOLE_WEB_URL=http://127.0.0.1:3000 \
    SERVICE_API_URL=http://127.0.0.1:7860 \
    APP_WEB_URL=http://127.0.0.1:3000 \
    NODE_ENV=production \
    HOME=/app \
    PATH="/usr/local/bin:${PATH}" \
    PYTHONPATH=/app/api \
    MAIL_TYPE=resend \
    MAIL_RESEND_API_KEY=null

# Switch to non-root user
USER user

# Expose HF Spaces port
EXPOSE 7860

# Copy and set up entrypoint
COPY --chown=user docker/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

WORKDIR /app

# Add healthcheck
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:7860/health || exit 1

CMD ["./entrypoint.sh"]