VisionFlow/Dockerfile.unified at main · rooz-live/VisionFlow · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
# =============================================================================
# VisionFlow Unified Dockerfile - Multi-Stage Build
# =============================================================================
# This Dockerfile provides a unified build process for both development and
# production environments using multi-stage builds and build arguments.
#
# Build Targets:
#   - development: Full toolchain with hot-reload, debugging tools
#   - production:  Optimized, minimal runtime with security hardening
#
# Build Arguments:
#   BUILD_TARGET:  development|production (default: development)
#   CUDA_ARCH:     CUDA compute capability (default: 86 for RTX A6000)
#
# Usage Examples:
#   Development:  docker build --target development -t visionflow:dev .
#   Production:   docker build --target production -t visionflow:prod .
#   Custom CUDA:  docker build --build-arg CUDA_ARCH=75 --target production .
# =============================================================================

# =============================================================================
# STAGE 1: Base - Common foundation for all targets
# =============================================================================
FROM nvidia/cuda:12.4.1-devel-ubuntu22.04 AS base

# Build arguments
ARG CUDA_ARCH=86
ARG BUILD_TARGET=development

# Environment variables common to all stages
ENV DEBIAN_FRONTEND=noninteractive \
    RUST_LOG=${RUST_LOG:-warn} \
    NVIDIA_DRIVER_CAPABILITIES=all \
    CUDA_HOME=/usr/local/cuda \
    CUDA_PATH=/usr/local/cuda \
    LD_LIBRARY_PATH="/usr/local/cuda/lib64:${LD_LIBRARY_PATH}" \
    PATH="/root/.cargo/bin:${PATH}"

# Install base system dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
    # Core build tools
    curl \
    git \
    ca-certificates \
    # Compilers (gcc-11 required for CUDA 12.x compatibility)
    gcc-11 \
    g++-11 \
    build-essential \
    pkg-config \
    # Libraries
    libssl-dev \
    # Network utilities
    netcat-openbsd \
    lsof \
    # Utilities
    gzip \
    expect \
    && rm -rf /var/lib/apt/lists/*

# Set gcc-11 as default compiler (CUDA 12.4.1 compatibility)
RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 && \
    update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 100

# Install Rust toolchain (stable channel)
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
    sh -s -- -y --default-toolchain stable --profile minimal

# Install Node.js 20.x LTS
RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
    apt-get install -y nodejs && \
    rm -rf /var/lib/apt/lists/*

WORKDIR /app

# =============================================================================
# STAGE 2: Rust Dependencies - Cache Rust dependency compilation
# =============================================================================
FROM base AS rust-deps

# Copy only dependency manifests first for better layer caching
COPY Cargo.toml build.rs ./
COPY Cargo.lock* ./
COPY whelk-rs ./whelk-rs

# Create dummy source to build dependencies without real code
RUN mkdir -p src && \
    echo "fn main() {}" > src/main.rs && \
    echo "pub fn lib() {}" > src/lib.rs

# Fetch and build dependencies (this layer is cached unless deps change)
RUN cargo fetch && \
    cargo build --release --features gpu && \
    rm -rf src

# =============================================================================
# STAGE 3: Rust Builder - Compile Rust backend with GPU support
# =============================================================================
FROM rust-deps AS rust-builder

# Copy actual source code
COPY src ./src
COPY data/schema ./data/schema

# Build Rust backend with GPU features
# This compiles the actual application code
RUN cargo build --release --features gpu && \
    strip target/release/webxr && \
    # Verify binary was created
    ls -lh target/release/webxr

# =============================================================================
# STAGE 4: Node Dependencies - Install and cache Node.js dependencies
# =============================================================================
FROM base AS node-deps

WORKDIR /app/client

# Copy only package files and scripts for better layer caching
COPY client/package*.json ./
COPY client/scripts ./scripts

# Install Node.js dependencies
# --production flag is added later in production stage
RUN npm ci --prefer-offline --no-audit

# =============================================================================
# STAGE 5: Node Builder - Build frontend assets (production only)
# =============================================================================
FROM node-deps AS node-builder

# Copy frontend source code
COPY client ./

# Build optimized production bundle
# This is only used in the production target
RUN npm run build && \
    # Verify build output
    ls -lh dist/

# =============================================================================
# STAGE 6: Development Target - Full development environment
# =============================================================================
FROM base AS development

# Install development-specific tools
RUN apt-get update && apt-get install -y --no-install-recommends \
    docker.io \
    supervisor \
    nginx \
    vim \
    && rm -rf /var/lib/apt/lists/*

# Create Nginx directories
RUN mkdir -p /var/log/nginx /var/run/nginx && \
    chown -R www-data:www-data /var/run/nginx

# Create application directories
RUN mkdir -p \
    /app/user_settings \
    /app/client \
    /app/logs \
    /app/scripts \
    /app/target

# Copy source code for hot-reload development
COPY Cargo.toml build.rs ./
COPY Cargo.lock* ./
COPY src ./src
COPY data/schema ./data/schema
COPY whelk-rs ./whelk-rs

# Copy client source (not built, will use dev server)
COPY client ./client

WORKDIR /app/client
# Copy node_modules from node-deps stage
COPY --from=node-deps /app/client/node_modules ./node_modules

WORKDIR /app

# Pre-fetch Rust dependencies for faster rebuilds
RUN cargo fetch

# Copy development configuration files
COPY nginx.dev.conf /etc/nginx/nginx.conf
COPY data/settings.yaml /app/settings.yaml
COPY supervisord.dev.conf ./supervisord.dev.conf

# Copy entrypoint scripts
COPY scripts/dev-entrypoint.sh ./
COPY scripts/rust-backend-wrapper.sh ./scripts/
RUN chmod +x ./dev-entrypoint.sh ./scripts/rust-backend-wrapper.sh

# Development environment variables
ENV NODE_ENV=development \
    RUST_LOG=debug \
    DOCKER_ENV=1 \
    VITE_DEV_SERVER_PORT=5173 \
    VITE_API_PORT=4000 \
    VITE_HMR_PORT=24678 \
    SYSTEM_NETWORK_PORT=4000

# Expose development ports
# 3001: Nginx entry point
# 4000: Rust backend API (direct access)
# 5173: Vite dev server (proxied via Nginx)
# 24678: Vite HMR websocket (proxied via Nginx)
EXPOSE 3001 4000 5173 24678

# Development entrypoint rebuilds Rust on startup for code changes
ENTRYPOINT ["./dev-entrypoint.sh"]

# =============================================================================
# STAGE 7: Production Target - Optimized runtime environment
# =============================================================================
FROM nvidia/cuda:12.4.1-runtime-ubuntu22.04 AS production

# Install only runtime dependencies (smaller image)
RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    libssl3 \
    supervisor \
    nginx \
    curl \
    && rm -rf /var/lib/apt/lists/* && \
    # Create non-root user for security
    useradd -m -u 1000 -s /bin/bash appuser && \
    # Create Nginx directories
    mkdir -p /var/log/nginx /var/run/nginx && \
    chown -R www-data:www-data /var/run/nginx /var/log/nginx

# Copy CUDA libraries (only runtime, not development files)
COPY --from=base /usr/local/cuda/lib64/libcudart.so* /usr/local/cuda/lib64/
COPY --from=base /usr/local/cuda/lib64/libnvrtc.so* /usr/local/cuda/lib64/

ENV CUDA_HOME=/usr/local/cuda \
    LD_LIBRARY_PATH="/usr/local/cuda/lib64:${LD_LIBRARY_PATH}" \
    NVIDIA_DRIVER_CAPABILITIES=compute,utility

WORKDIR /app

# Create application directories with proper ownership
RUN mkdir -p \
    /app/data \
    /app/data/markdown \
    /app/data/metadata \
    /app/user_settings \
    /app/logs \
    /app/client/dist \
    && chown -R appuser:appuser /app

# Copy compiled Rust binary from builder
COPY --from=rust-builder --chown=appuser:appuser /app/target/release/webxr ./webxr

# Copy built frontend assets from node-builder
COPY --from=node-builder --chown=appuser:appuser /app/client/dist ./client/dist

# Copy production configuration
COPY --chown=appuser:appuser nginx.production.conf /etc/nginx/nginx.conf
COPY --chown=appuser:appuser data/settings.yaml ./settings.yaml
COPY --chown=appuser:appuser supervisord.production.conf ./supervisord.production.conf

# Copy production entrypoint
COPY --chown=appuser:appuser scripts/prod-entrypoint.sh ./
RUN chmod +x ./prod-entrypoint.sh

# Production environment variables
ENV NODE_ENV=production \
    RUST_LOG=warn \
    DOCKER_ENV=1 \
    SYSTEM_NETWORK_PORT=4000

# Switch to non-root user for security
USER appuser

# Expose only production port (Nginx entry point)
EXPOSE 4000

# Health check for production readiness
HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=40s \
    CMD curl -f http://localhost:4000/ || exit 1

# Production entrypoint uses pre-built binaries
ENTRYPOINT ["./prod-entrypoint.sh"]

# =============================================================================
# Default target selection based on BUILD_TARGET argument
# =============================================================================
# Note: Use --target flag to explicitly select build stage
# =============================================================================