WAIaaS/Dockerfile at dev · minhoyoo-iotrust/WAIaaS · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# =============================================================================
# WAIaaS Docker Image -- Multi-stage build
# Stage 1 (builder):   Install deps + build all packages via turbo
# Stage 2 (prod-deps): Production-only deps with build tools for native addons
# Stage 3 (runner):    Slim image with pre-built deps + dist artifacts
# =============================================================================

# ---------------------------------------------------------------------------
# Stage 1: builder
# ---------------------------------------------------------------------------
FROM node:22-slim AS builder

# Native addon build dependencies (sodium-native, better-sqlite3, argon2)
RUN apt-get update \
    && apt-get install -y python3 make g++ --no-install-recommends \
    && rm -rf /var/lib/apt/lists/*

RUN corepack enable && corepack prepare pnpm@9.15.4 --activate

WORKDIR /app

# 1) Copy workspace config + lock file (layer caching)
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml turbo.json ./

# 2) Copy each package's package.json only
COPY packages/shared/package.json packages/shared/package.json
COPY packages/core/package.json packages/core/package.json
COPY packages/daemon/package.json packages/daemon/package.json
COPY packages/admin/package.json packages/admin/package.json
COPY packages/adapters/solana/package.json packages/adapters/solana/package.json
COPY packages/adapters/evm/package.json packages/adapters/evm/package.json
COPY packages/adapters/ripple/package.json packages/adapters/ripple/package.json
COPY packages/cli/package.json packages/cli/package.json
COPY packages/sdk/package.json packages/sdk/package.json
COPY packages/mcp/package.json packages/mcp/package.json
COPY packages/push-relay/package.json packages/push-relay/package.json
COPY packages/actions/package.json packages/actions/package.json

# 3) Install all dependencies (frozen lockfile for reproducibility)
RUN pnpm install --frozen-lockfile

# 4) Copy full source
COPY . .

# 5) Build all packages included in Docker image
RUN pnpm turbo build --filter=@waiaas/daemon... --filter=@waiaas/cli... --filter=@waiaas/mcp... --filter=@waiaas/sdk...


# ---------------------------------------------------------------------------
# Stage 2: prod-deps
# Build tools (python3/make/g++) are inherited from builder, so native addon
# compilation always succeeds even when prebuilt binary download fails.
# ---------------------------------------------------------------------------
FROM builder AS prod-deps

WORKDIR /prod

RUN cp /app/package.json /app/pnpm-workspace.yaml /app/pnpm-lock.yaml /app/turbo.json ./ && \
    for dir in shared core daemon admin adapters/solana adapters/evm adapters/ripple cli sdk mcp push-relay actions; do \
      mkdir -p "packages/$dir" && \
      cp "/app/packages/$dir/package.json" "packages/$dir/"; \
    done

RUN pnpm install --frozen-lockfile --prod


# ---------------------------------------------------------------------------
# Stage 3: runner
# ---------------------------------------------------------------------------
FROM node:22-slim AS runner

# OCI standard labels (populated by docker/build-push-action --build-arg)
LABEL org.opencontainers.image.title="WAIaaS" \
      org.opencontainers.image.description="AI Agent Wallet-as-a-Service daemon" \
      org.opencontainers.image.url="https://github.com/minho-yoo/waiaas" \
      org.opencontainers.image.source="https://github.com/minho-yoo/waiaas" \
      org.opencontainers.image.vendor="WAIaaS" \
      org.opencontainers.image.licenses="MIT"

# Watchtower auto-update support
# Watchtower monitors containers with this label and auto-pulls new images.
# Users opt-in per container: docker run --label com.centurylinklabs.watchtower.enable=true
LABEL com.centurylinklabs.watchtower.enable="true"

# Runtime dependencies: curl for HEALTHCHECK
RUN apt-get update \
    && apt-get install -y curl --no-install-recommends \
    && rm -rf /var/lib/apt/lists/*

# Non-root user (UID 1001)
RUN groupadd -g 1001 waiaas && useradd -u 1001 -g waiaas -m -s /bin/sh waiaas

WORKDIR /app

# 1) Copy production dependencies (pre-compiled native addons from prod-deps stage)
COPY --from=prod-deps /prod/ ./

# 2) Copy build artifacts (dist directories)
COPY --from=builder /app/packages/shared/dist packages/shared/dist
COPY --from=builder /app/packages/core/dist packages/core/dist
COPY --from=builder /app/packages/daemon/dist packages/daemon/dist
COPY --from=builder /app/packages/daemon/public packages/daemon/public
COPY --from=builder /app/packages/adapters/solana/dist packages/adapters/solana/dist
COPY --from=builder /app/packages/adapters/evm/dist packages/adapters/evm/dist
COPY --from=builder /app/packages/adapters/ripple/dist packages/adapters/ripple/dist
COPY --from=builder /app/packages/cli/dist packages/cli/dist
COPY --from=builder /app/packages/cli/bin packages/cli/bin
COPY --from=builder /app/packages/sdk/dist packages/sdk/dist
COPY --from=builder /app/packages/mcp/dist packages/mcp/dist
COPY --from=builder /app/packages/actions/dist packages/actions/dist

# 3) Copy and prepare entrypoint
COPY docker/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh

# 4) Create data directory with correct ownership
RUN mkdir -p /data && chown -R waiaas:waiaas /data /app

# 5) Environment configuration
ENV NODE_ENV=production
ENV WAIAAS_DATA_DIR=/data
ENV WAIAAS_DAEMON_HOSTNAME=0.0.0.0

EXPOSE 3100

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
    CMD curl -f http://localhost:3100/health || exit 1

USER waiaas

ENTRYPOINT ["/app/entrypoint.sh"]