From a4ad1d8645df897f386b878b0f060d64cc47475b Mon Sep 17 00:00:00 2001
From: Vladimir nett00n Budylnikov <git@nett00n.org>
Date: Tue, 16 Sep 2025 09:38:53 +0400
Subject: [PATCH 1/5] add dockerfile

---
 .gitea/workflows/docker-build.yaml | 39 ++++++++++++++++++++++++++++++
 Dockerfile                         | 28 +++++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 .gitea/workflows/docker-build.yaml
 create mode 100644 Dockerfile

diff --git a/.gitea/workflows/docker-build.yaml b/.gitea/workflows/docker-build.yaml
new file mode 100644
index 0000000..bc8ef20
--- /dev/null
+++ b/.gitea/workflows/docker-build.yaml
@@ -0,0 +1,39 @@
+name: Docker Build
+
+on:
+  push:
+    branches:
+      - "**"
+  pull_request:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to registry
+        if: env.REGISTRY != '' && env.REGISTRY_USER != '' && env.REGISTRY_PASSWORD != ''
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: ${{ env.REGISTRY != '' }}
+          tags: ${{ env.REGISTRY }}/vitrify-me:${{ github.sha }}
+
+    env:
+      REGISTRY: ${{ secrets.REGISTRY }}
+      REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..f93c140
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# cat Dockerfile
+# Stage 1: Builder
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+# Install pnpm
+RUN npm install -g pnpm@9.0.0
+
+# Copy files
+COPY pnpm-lock.yaml ./
+COPY package.json ./
+COPY turbo.json ./
+COPY . .
+
+# Install deps and build
+RUN pnpm install --frozen-lockfile
+RUN pnpm build
+
+# Stage 2: Runtime
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY --from=builder /app ./
+
+CMD ["node", "apps/web/server.js"]
+

From c7f6ad43c46fd6450d7f18f1466f6d01bcceca4a Mon Sep 17 00:00:00 2001
From: Vladimir nett00n Budylnikov <git@nett00n.org>
Date: Tue, 16 Sep 2025 10:35:19 +0400
Subject: [PATCH 2/5] 2025-09-16 10:35:19+04:00

---
 .gitea/workflows/docker-build.yaml |  3 +--
 .pre-commit-config.yaml            | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 .pre-commit-config.yaml

diff --git a/.gitea/workflows/docker-build.yaml b/.gitea/workflows/docker-build.yaml
index bc8ef20..b534180 100644
--- a/.gitea/workflows/docker-build.yaml
+++ b/.gitea/workflows/docker-build.yaml
@@ -30,10 +30,9 @@ jobs:
         with:
           context: .
           push: ${{ env.REGISTRY != '' }}
-          tags: ${{ env.REGISTRY }}/vitrify-me:${{ github.sha }}
+          tags: ${{ env.REGISTRY }}5mdt/vitrify-me:${{ github.sha }}
 
     env:
       REGISTRY: ${{ secrets.REGISTRY }}
       REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
       REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..5853afe
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,14 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-merge-conflict
+      - id: detect-private-key
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-json
+      - id: check-toml
+      - id: check-xml

From a4a95e8649fad40edd96c9d57dcc08327f68bc58 Mon Sep 17 00:00:00 2001
From: Vladimir nett00n Budylnikov <git@nett00n.org>
Date: Tue, 16 Sep 2025 13:59:28 +0400
Subject: [PATCH 3/5] 2025-09-16 13:59:28+04:00

---
 .gitea/workflows/docker-build.yaml | 47 +++++++++++++++++++++++-------
 .pre-commit-config.yaml            |  2 ++
 pnpm-lock.yaml                     |  2 ++
 pnpm-workspace.yaml                |  2 ++
 4 files changed, 42 insertions(+), 11 deletions(-)

diff --git a/.gitea/workflows/docker-build.yaml b/.gitea/workflows/docker-build.yaml
index b534180..c6fcdd7 100644
--- a/.gitea/workflows/docker-build.yaml
+++ b/.gitea/workflows/docker-build.yaml
@@ -1,10 +1,15 @@
+# docker-build.yaml
+
 name: Docker Build
 
 on:
   push:
     branches:
       - "**"
+    tags:
+      - "**"
   pull_request:
+  workflow_dispatch:
 
 jobs:
   docker:
@@ -17,22 +22,42 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
+      - name: Extract tag name
+        if: startsWith(github.ref, 'refs/tags/')
+        run: echo "GIT_TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+
       - name: Log in to registry
-        if: env.REGISTRY != '' && env.REGISTRY_USER != '' && env.REGISTRY_PASSWORD != ''
+        if: secrets.REGISTRY != '' && secrets.REGISTRY_USER != '' && secrets.REGISTRY_PASSWORD != ''
         uses: docker/login-action@v3
         with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ env.REGISTRY_USER }}
-          password: ${{ env.REGISTRY_PASSWORD }}
+          registry: ${{ secrets.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
 
-      - name: Build and push Docker image
+      - name: Check if SHA image exists
+        if: env.GIT_TAG != '' && secrets.REGISTRY != ''
+        id: check_image
+        run: |
+          if docker manifest inspect ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ github.sha }} > /dev/null 2>&1; then
+            echo "image_exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "image_exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Pull existing image
+        if: env.GIT_TAG != '' && steps.check_image.outputs.image_exists == 'true'
+        run: docker pull ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ github.sha }}
+
+      - name: Build Docker image
+        if: env.GIT_TAG == '' || steps.check_image.outputs.image_exists == 'false'
         uses: docker/build-push-action@v6
         with:
           context: .
-          push: ${{ env.REGISTRY != '' }}
-          tags: ${{ env.REGISTRY }}5mdt/vitrify-me:${{ github.sha }}
+          push: ${{ secrets.REGISTRY != '' }}
+          tags: ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ github.sha }}
 
-    env:
-      REGISTRY: ${{ secrets.REGISTRY }}
-      REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
-      REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+      - name: Tag and push with git tag
+        if: env.GIT_TAG != '' && secrets.REGISTRY != ''
+        run: |
+          docker tag ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ github.sha }} ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ env.GIT_TAG }}
+          docker push ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ env.GIT_TAG }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5853afe..47f118b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,3 +1,5 @@
+# .pre-commit-config.yaml
+
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
     rev: v4.5.0
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 088ae00..b1289c9 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -1,3 +1,5 @@
+# pnpm-lock.yaml
+
 lockfileVersion: '9.0'
 
 settings:
diff --git a/pnpm-workspace.yaml b/pnpm-workspace.yaml
index 3ff5faa..8465e20 100644
--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@@ -1,3 +1,5 @@
+# pnpm-workspace.yaml
+
 packages:
   - "apps/*"
   - "packages/*"

From 9d8ef03feac6344d94139859da97e29f6ebda4f0 Mon Sep 17 00:00:00 2001
From: Vladimir nett00n Budylnikov <git@nett00n.org>
Date: Tue, 16 Sep 2025 15:51:23 +0400
Subject: [PATCH 4/5] 2025-09-16 15:51:23+04:00

---
 .gitea/workflows/docker-build.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitea/workflows/docker-build.yaml b/.gitea/workflows/docker-build.yaml
index c6fcdd7..0ee14b1 100644
--- a/.gitea/workflows/docker-build.yaml
+++ b/.gitea/workflows/docker-build.yaml
@@ -53,6 +53,7 @@ jobs:
         uses: docker/build-push-action@v6
         with:
           context: .
+          platforms: linux/amd64,linux/arm64
           push: ${{ secrets.REGISTRY != '' }}
           tags: ${{ secrets.REGISTRY }}5mdt/vitrify-me:${{ github.sha }}
 

From 7ff599aae0e26a84c3f46bc4058a1837bae9e32c Mon Sep 17 00:00:00 2001
From: Vladimir nett00n Budylnikov <git@nett00n.org>
Date: Tue, 16 Sep 2025 16:10:10 +0400
Subject: [PATCH 5/5] 2025-09-16 16:10:10+04:00

---
 Dockerfile | 59 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 17 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f93c140..fa7abae 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,53 @@
-# cat Dockerfile
-# Stage 1: Builder
-FROM node:20-alpine AS builder
-
+# Stage 1: Dependencies
+FROM node:20-alpine AS deps
 WORKDIR /app
-
-# Install pnpm
 RUN npm install -g pnpm@9.0.0
 
-# Copy files
-COPY pnpm-lock.yaml ./
-COPY package.json ./
-COPY turbo.json ./
+# Copy dependency files first for better caching
+COPY package.json pnpm-lock.yaml turbo.json ./
+COPY apps/web/package.json ./apps/web/
+# Add other app package.json files as needed
+
+RUN pnpm install --frozen-lockfile
+
+# Stage 2: Builder
+FROM node:20-alpine AS builder
+WORKDIR /app
+RUN npm install -g pnpm@9.0.0
+
+# Copy dependencies from previous stage
+COPY --from=deps /app/node_modules ./node_modules
+COPY --from=deps /app/package.json /app/pnpm-lock.yaml /app/turbo.json ./
+
+# Copy source code
 COPY . .
 
-# Install deps and build
-RUN pnpm install --frozen-lockfile
+# Build the application
 RUN pnpm build
 
-# Stage 2: Runtime
-FROM node:20-alpine
-
+# Stage 3: Runtime
+FROM node:20-alpine AS runtime
 WORKDIR /app
 
-COPY --from=builder /app ./
+# Install pnpm for production
+RUN npm install -g pnpm@9.0.0
 
+# Copy package files
+COPY package.json pnpm-lock.yaml turbo.json ./
+COPY apps/web/package.json ./apps/web/
+
+# Install only production dependencies
+RUN pnpm install --prod --frozen-lockfile
+
+# Copy built application from builder
+COPY --from=builder /app/apps/web/dist ./apps/web/dist
+COPY --from=builder /app/apps/web/server.js ./apps/web/
+# Copy other necessary runtime files
+
+# Create non-root user for security
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nextjs -u 1001
+USER nextjs
+
+EXPOSE 3000
 CMD ["node", "apps/web/server.js"]
-