FROM node:20-bullseye AS base # Install system dependencies RUN apt-get update && apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* WORKDIR /app # The repo root .npmrc sets legacy-peer-deps=true, but this build copies only # package*.json (not .npmrc) before running npm, so npm would fall back to # strict peer resolution and fail ERESOLVE (e.g. nodemailer@^8 vs next-auth's # peerOptional nodemailer@^7). Set it via env so every npm step (ci + install, # in any WORKDIR) honors it — matching the repo .npmrc and the EE image build. ENV NPM_CONFIG_LEGACY_PEER_DEPS=true # Development stage - build everything FROM base AS development # First, copy root package files to install shared dependencies COPY package*.json ./ COPY tsconfig.base.json ./ RUN npm ci # Build shared packages COPY shared ./shared WORKDIR /app/shared RUN npm install # Now build temporal-workflows WORKDIR /app/ee/temporal-workflows COPY ee/temporal-workflows/package*.json ./ RUN npm install COPY ee/temporal-workflows/ ./ RUN npm run build # Production stage FROM base AS production # Copy the shared module and install its production dependencies COPY --from=development /app/shared /app/shared WORKDIR /app/shared RUN npm install --omit=dev # Copy temporal-workflows with its dependencies COPY --from=development /app/ee/temporal-workflows/dist /app/ee/temporal-workflows/dist COPY --from=development /app/ee/temporal-workflows/package*.json /app/ee/temporal-workflows/ COPY --from=development /app/ee/temporal-workflows/node_modules /app/ee/temporal-workflows/node_modules # Set working directory to temporal-workflows WORKDIR /app/ee/temporal-workflows # Create non-root user RUN groupadd -r temporal && useradd -r -g temporal temporal RUN chown -R temporal:temporal /app USER temporal # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \ CMD node -e "console.log('Health check: OK')" || exit 1 # Expose health check port EXPOSE 8080 # Default command runs the worker CMD ["npm", "run", "start"]