aaronrene / knowtation public
Dockerfile
44 lines 1.4 KB
Raw
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago
1 # Knowtation Hub — self-hosted API + auth. Phase 11.
2 # Build from repo root: docker build -f hub/Dockerfile .
3 # Run with vault and data mounted; set KNOWTATION_VAULT_PATH, HUB_JWT_SECRET, OAuth env.
4 #
5 # Base image pinned to a specific patch version to guarantee a reproducible build.
6 # Update the tag deliberately after reviewing the Node.js 20 LTS changelog.
7 FROM node:20.19.0-alpine3.21
8
9 # ffmpeg: auto-transcode oversized audio for Whisper import
10 RUN apk add --no-cache ffmpeg
11
12 # Create a non-root user and group for runtime security.
13 # All application files are owned by this user; the process never runs as root.
14 RUN addgroup -S knowtation && adduser -S -G knowtation knowtation
15
16 WORKDIR /app
17
18 # Copy package lock files first so Docker layer caching skips re-install
19 # when only source files change.
20 COPY package.json package-lock.json* ./
21 COPY hub/package.json hub/package-lock.json* ./hub/
22
23 # Use `npm ci` for reproducible, lock-file-exact installs (no silent upgrades).
24 RUN npm ci --omit=dev
25 RUN cd hub && npm ci --omit=dev
26
27 COPY lib ./lib
28 COPY hub ./hub
29 COPY web/hub ./web/hub
30 COPY config ./config
31
32 # Transfer ownership to the non-root user before switching context.
33 RUN chown -R knowtation:knowtation /app
34
35 USER knowtation
36
37 # Default: vault and data via mount; server runs from /app
38 ENV NODE_ENV=production
39 ENV HUB_PORT=3333
40 EXPOSE 3333
41
42 # Run from repo root so loadConfig and lib resolve
43 WORKDIR /app
44 CMD ["node", "hub/server.mjs"]
File History 2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor 1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 2 days ago