mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Merge branch 'develop' into fix/auth-frontend-remediation
Some checks failed
ci/woodpecker/push/infra Pipeline was successful
Details
ci/woodpecker/push/orchestrator Pipeline was successful
Details
ci/woodpecker/push/coordinator Pipeline was successful
Details
ci/woodpecker/push/web Pipeline failed
Details
ci/woodpecker/push/api Pipeline was successful
Details

Browse Source
This commit is contained in:
jason.woltje
2026-02-17 20:35:59 +00:00
parent 57d0f5d2a3 027fee1afa
commit af113707d9
32 changed files with 464 additions and 2488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/orchestrator/Dockerfile
View File

@@ -1,6 +1,3 @@
# syntax=docker/dockerfile:1
# Enable BuildKit features for cache mounts
# Base image for all stages
# Uses Debian slim (glibc) instead of Alpine (musl) for native addon compatibility.
FROM node:24-slim AS base
@@ -26,9 +23,8 @@ COPY packages/config/package.json ./packages/config/
COPY apps/orchestrator/package.json ./apps/orchestrator/
# Install ALL dependencies (not just production)
# This ensures NestJS packages and other required deps are available
RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm/store \
pnpm install --frozen-lockfile
# No cache mount — Kaniko builds are ephemeral in CI
RUN pnpm install --frozen-lockfile
# ======================
# Builder stage
@@ -69,15 +65,14 @@ LABEL org.opencontainers.image.vendor="Mosaic Stack"
LABEL org.opencontainers.image.title="Mosaic Orchestrator"
LABEL org.opencontainers.image.description="Agent orchestration service for Mosaic Stack"
# Remove npm (unused in production — we use pnpm) to reduce attack surface
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx
# Install dumb-init for proper signal handling (static binary from GitHub,
# avoids apt-get which fails under Kaniko with bookworm GPG signature errors)
ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 /usr/local/bin/dumb-init
# Install wget and dumb-init
RUN apt-get update && apt-get install -y --no-install-recommends wget dumb-init \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs
# Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
&& chmod 755 /usr/local/bin/dumb-init \
&& groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nestjs
WORKDIR /app
@@ -105,7 +100,7 @@ EXPOSE 3001
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:3001/health || exit 1
CMD node -e "require('http').get('http://localhost:3001/health', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
# Use dumb-init to handle signals properly
ENTRYPOINT ["dumb-init", "--"]