# NOTE there is an additional build stage below that should match FROM node:20.20-alpine3.23 AS build RUN corepack enable WORKDIR /app COPY ./package.json ./ RUN corepack prepare --activate # Move files into the image and install COPY ./*.* ./ COPY ./tsconfig ./tsconfig COPY ./lexicons ./lexicons COPY ./packages/internal ./packages/internal COPY ./packages/lex ./packages/lex # NOTE pds's transitive dependencies go here: if that changes, this needs to be updated. # pnpm list --filter '@atproto/pds...' --depth 0 --json | jq '.[].path' | grep -v "/lex/" | grep -v "/internal/" | sort -u COPY ./packages/api ./packages/api COPY ./packages/aws ./packages/aws COPY ./packages/bsky ./packages/bsky COPY ./packages/common-web ./packages/common-web COPY ./packages/common ./packages/common COPY ./packages/crypto ./packages/crypto COPY ./packages/did ./packages/did COPY ./packages/identity ./packages/identity COPY ./packages/lex-cli ./packages/lex-cli COPY ./packages/lexicon ./packages/lexicon COPY ./packages/oauth/jwk-jose ./packages/oauth/jwk-jose COPY ./packages/oauth/jwk-webcrypto ./packages/oauth/jwk-webcrypto COPY ./packages/oauth/jwk ./packages/oauth/jwk COPY ./packages/oauth/oauth-client-browser-example ./packages/oauth/oauth-client-browser-example COPY ./packages/oauth/oauth-client-browser ./packages/oauth/oauth-client-browser COPY ./packages/oauth/oauth-client ./packages/oauth/oauth-client COPY ./packages/oauth/oauth-provider-api ./packages/oauth/oauth-provider-api COPY ./packages/oauth/oauth-provider-ui ./packages/oauth/oauth-provider-ui COPY ./packages/oauth/oauth-provider ./packages/oauth/oauth-provider COPY ./packages/oauth/oauth-scopes ./packages/oauth/oauth-scopes COPY ./packages/oauth/oauth-types ./packages/oauth/oauth-types COPY ./packages/pds ./packages/pds COPY ./packages/repo ./packages/repo COPY ./packages/sync ./packages/sync COPY ./packages/syntax ./packages/syntax COPY ./packages/ws-client ./packages/ws-client COPY ./packages/xrpc-server ./packages/xrpc-server COPY ./packages/xrpc ./packages/xrpc COPY ./services/pds ./services/pds # install all deps RUN PUPPETEER_SKIP_DOWNLOAD=true pnpm install --frozen-lockfile # build all packages with external node_modules RUN pnpm run --recursive --stream --filter '@atproto/pds...' build # install only prod deps, hoisted to root node_modules dir RUN pnpm install --prod --shamefully-hoist --frozen-lockfile --prefer-offline --config.confirmModulesPurge=false WORKDIR services/pds # Uses assets from build stage to reduce build size FROM node:20.20-alpine3.23 RUN apk add --update dumb-init # Avoid zombie processes, handle signal forwarding ENTRYPOINT ["dumb-init", "--"] WORKDIR /app/services/pds COPY --from=build /app /app RUN mkdir /app/data && chown node /app/data VOLUME /app/data EXPOSE 3000 ENV PDS_PORT=3000 ENV NODE_ENV=production # potential perf issues w/ io_uring on this version of node ENV UV_USE_IO_URING=0 # https://github.com/nodejs/docker-node/blob/master/docs/BestPractices.md#non-root-user USER node CMD ["node", "--heapsnapshot-signal=SIGUSR2", "--enable-source-maps", "--require=./tracer.js", "index.js"] LABEL org.opencontainers.image.source=https://github.com/bluesky-social/atproto LABEL org.opencontainers.image.description="ATP Personal Data Server (PDS)" LABEL org.opencontainers.image.licenses=MIT