Update to node 24 (#314)

Upgrade project to Node 24 & Update Dockerfiles to multi-stage build

Author: HarmlessHarm

.github/workflows/build_main.yml

@@ -6,43 +6,38 @@ name: Deploy Live
 on:
   push:
     branches: [main]
-#   pull_request:
-#     branches: [ main ]
+  workflow_dispatch:
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Node.js 16
-        uses: actions/setup-node@v4
-        with:
-          node-version: "16"
-          cache: "npm"
-      - run: npm i -g @quasar/cli@latest
-      - run: npm ci
 
       - name: Create env file
         run: |
           cat << EOF >> .env.production.local
           ${{ secrets.ENV_FILE }}
           EOF
 
-      - run: quasar build -m ssr --if-present
-
       - # Login against GitHub Container Registry
         name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
       - # Build and push Docker image
         name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           push: true
           tags: ghcr.io/harmlesskey/harmlesskey
+          cache-from: type=gha,scope=live
+          cache-to: type=gha,scope=live,mode=max

.github/workflows/build_staging.yml

@@ -16,34 +16,30 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Node.js 16
-        uses: actions/setup-node@v4
-        with:
-          node-version: "16"
-          cache: "npm"
-      - run: npm i -g @quasar/cli@latest
-      - run: npm ci
 
-      - name: Create public env file
+      - name: Create env file
         run: |
           cat << EOF >> .env.production.local
           ${{ secrets.STAGING_ENV_FILE }}
           EOF
 
-      - run: quasar build -m ssr -d --if-present
-
       - # Login against GitHub Container Registry
         name: Log in to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+
       - # Build and push Docker image
         name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
         with:
           context: .
           push: true
           tags: ghcr.io/harmlesskey/harmlesskey_staging
+          cache-from: type=gha,scope=staging
+          cache-to: type=gha,scope=staging,mode=max

Dockerfile

@@ -1,11 +1,44 @@
-FROM node:16
+# --------- Build Stage ---------
+FROM node:24-slim AS build
 
 WORKDIR /app
 
-COPY ./dist/ssr .
-COPY .env.production.local .
+# Install deps first (for better caching)
+COPY package*.json ./
+RUN npm ci
 
-RUN npm i
-RUN npm install pm2 -g
+# Copy source and env
+COPY . .
+
+# Build Quasar SSR
+RUN npx quasar build -m ssr
+
+# --------- Runtime Stage ---------
+FROM node:24-slim AS runtime
+
+WORKDIR /app
+
+# Copy SSR dist from build stage
+COPY --from=build /app/dist/ssr ./
+
+# Install only production dependencies
+RUN npm install --ignore-scripts
+
+# Install PM2 globally
+RUN npm install -g pm2
+
+# Set PM2 home to app directory
+ENV PM2_HOME=/app/.pm2
+
+# Create non-root user and set ownership
+RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser \
+    && mkdir -p /app/.pm2 \
+    && chown -R nodeuser:nodeuser /app
+
+USER nodeuser
+
+EXPOSE 3000
+
+ENV UV_THREADPOOL_SIZE=1
 
 ENTRYPOINT ["pm2-runtime", "index.js"]