Padreug
053357899d
Upstream Dockerfile sets `ENTRYPOINT [ "node", "./dist/index.js" ]`, which boots the daemon directly and silently bypasses `scripts/start.js` — the only place that runs `prisma migrate deploy`. On a clean install, the SQLite db file at $DATABASE_URL is created empty (0 bytes) and every Policy / KeyUser / Token / SigningCondition operation throws "table does not exist." `ping` / `get_keys` / `create_new_key` happen to survive because they only touch the JSON config, not the db. Two changes: 1. ENTRYPOINT switches to `node ./scripts/start.js`. The CMD arg (`start`) and any additional argv pass through to the daemon unchanged via process.argv. 2. Runtime pnpm install drops `--prod`. The prisma CLI lives in devDependencies; with `--prod`, `npx prisma migrate deploy` tries to download prisma@latest at runtime, which OOMs in modest containers. Including devDeps at runtime adds modest image bulk for correctness. Validated end-to-end against the local regtest stack — after the rebuild the SQLite db boots populated with 22 migrations, and the lnbits-side admin spike harness passes all 9 steps including NIP-46 sign_event with Schnorr-valid signatures. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
58 lines
2 KiB
Docker
58 lines
2 KiB
Docker
# Patched from upstream kind-0/nsecbunkerd Dockerfile to use pnpm — the
|
|
# upstream version uses `npm install` but package.json declares
|
|
# `@nostr-dev-kit/ndk` as `workspace:*`, which only pnpm understands.
|
|
# A clean clone of upstream fails to build with `EUNSUPPORTEDPROTOCOL`
|
|
# under npm. Switching to pnpm matches the lockfile that ships in-repo.
|
|
# Also drops `--frozen-lockfile` because the upstream pnpm-lock.yaml is
|
|
# out of date vs. package.json (ERR_PNPM_OUTDATED_LOCKFILE) — bug to
|
|
# file upstream once we've verified the rest of the stack works.
|
|
|
|
FROM node:20.11-bullseye AS build
|
|
|
|
WORKDIR /app
|
|
|
|
RUN npm install -g pnpm@9
|
|
|
|
# Copy lockfile + manifest first so the install layer caches across
|
|
# source changes.
|
|
COPY package.json pnpm-lock.yaml ./
|
|
RUN pnpm install --no-frozen-lockfile
|
|
|
|
# Copy application files
|
|
COPY . .
|
|
|
|
# Generate prisma client and build the application
|
|
RUN npx prisma generate
|
|
RUN pnpm run build
|
|
|
|
# Runtime stage
|
|
FROM node:20.11-alpine AS runtime
|
|
|
|
WORKDIR /app
|
|
|
|
RUN apk update && \
|
|
apk add --no-cache openssl && \
|
|
rm -rf /var/cache/apk/*
|
|
|
|
RUN npm install -g pnpm@9
|
|
|
|
# Copy built files from the build stage
|
|
COPY --from=build /app .
|
|
|
|
# Install all dependencies (including devDeps). The prisma CLI lives in
|
|
# devDependencies but scripts/start.js invokes `prisma migrate deploy`
|
|
# at boot, so it must be available at runtime. Dropping --prod adds the
|
|
# CLI tooling to the runtime image — a modest size cost for the
|
|
# correctness of the migration step.
|
|
RUN pnpm install --no-frozen-lockfile
|
|
|
|
EXPOSE 3000
|
|
|
|
# Run via scripts/start.js so `prisma migrate deploy` applies pending
|
|
# migrations before the daemon spawns. The upstream Dockerfile invokes
|
|
# ./dist/index.js directly, which silently bypasses the migration step
|
|
# and leaves the SQLite db empty on first boot — every command that
|
|
# touches Policy/KeyUser/Token/etc. then throws "table does not exist."
|
|
# Caught during aiolabs/nsecbunkerd#7 diagnosis 2026-05-27.
|
|
ENTRYPOINT [ "node", "./scripts/start.js" ]
|
|
CMD ["start"]
|