zitadel/apps/api/Dockerfile

# Builder stage: Sets up the environment, installs dependencies, copies the Zitadel binary, and configures permissions for the application.
# This stage produces a runnable image that can be used for debugging.
FROM debian:latest AS builder
ARG TARGETPLATFORM

RUN apt-get update && apt-get install ca-certificates -y

COPY apps/api/entrypoint.sh /app/entrypoint.sh
COPY ./.artifacts/bin/${TARGETPLATFORM}/zitadel /app/zitadel

RUN useradd -s "" --home / zitadel && \
    chown zitadel /app/zitadel && \
    chmod +x /app/zitadel && \
    chown zitadel /app/entrypoint.sh && \
    chmod +x /app/entrypoint.sh

WORKDIR /app
ENV PATH="/app:${PATH}"

USER zitadel
ENTRYPOINT ["/app/entrypoint.sh"]

# Final stage: Creates a minimal container image with just the Zitadel binary and necessary files
FROM scratch AS final

COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/ssl/certs /etc/ssl/certs
COPY --from=builder /app/zitadel /app/zitadel

HEALTHCHECK NONE
EXPOSE 8080

USER zitadel
ENTRYPOINT ["/app/zitadel"]
chore: rehaul DevX (#10571) # Which Problems Are Solved Replaces Turbo by Nx and lays the foundation for the next CI improvements. It enables using Nx Cloud to speed the up the pipelines that affect any node package. It streamlines the dev experience for frontend and backend developers by providing the following commands: \| Task \| Command \| Notes \| \|------\|---------\|--------\| \| Production \| `nx run PROJECT:prod` \| Production server \| \| Develop \| `nx run PROJECT:dev` \| Hot reloading development server \| \| Test \| `nx run PROJECT:test` \| Run all tests \| \| Lint \| `nx run PROJECT:lint` \| Check code style \| \| Lint Fix \| `nx run PROJECT:lint-fix` \| Auto-fix style issues \| The following values can be used for PROJECT: - @zitadel/zitadel (root commands) - @zitadel/api, - @zitadel/login, - @zitadel/console, - @zitadel/docs, - @zitadel/client - @zitadel/proto The project names and folders are streamlined: \| Old Folder \| New Folder \| \| --- \| --- \| \| ./e2e \| ./tests/functional-ui \| \| ./load-test \| ./benchmark \| \| ./build/zitadel \| ./apps/api \| \| ./console \| ./apps/console (postponed so the PR is reviewable) \| Also, all references to the TypeScript repo are removed so we can archive it. # How the Problems Are Solved - Ran `npx nx@latest init` - Replaced all turbo.json by project.json and fixed the target configs - Removed Turbo dependency - All JavaScript related code affected by a PRs changes is quality-checked using the `nx affected` command - We move PR checks that are runnable using Nx into the `check` workflow. For workflows where we don't use Nx, yet, we restore previously built dependency artifacts from Nx. - We only use a single and easy to understand dev container - The CONTRIBUTING.md is streamlined - The setup with a generated client pat is orchestrated with Nx - Everything related to the TypeScript repo is updated or removed. A Deploy with Vercel button is added to the docs and the CONTRIBUTING.md. # Additional Changes - NPM package names have a consistent pattern. - Docker bake is removed. The login container is built and released like the core container. - The integration tests build the login container before running, so they don't rely on the login container action anymore. This fixes consistently failing checks on PRs from forks. - The docs build in GitHub actions is removed, as we already build on Vercel. # Additional Context - Internal discussion: https://zitadel.slack.com/archives/C087ADF8LRX/p1756277884928169 - Workflow dispatch test: https://github.com/zitadel/zitadel/actions/runs/17760122959 --------- Co-authored-by: Florian Forster <florian@zitadel.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> (cherry picked from commit f69a6ed4f316aeaa1b1375f71d3d67efb18d5a92) # Conflicts: # .github/workflows/build.yml # .github/workflows/console.yml # .github/workflows/core.yml # CONTRIBUTING.md # Makefile # backend/v3/storage/database/events_testing/events_test.go # backend/v3/storage/database/events_testing/id_provider_instance_test.go # backend/v3/storage/database/events_testing/instance_test.go # console/README.md # console/package.json # internal/api/grpc/group/v2/integration_test/query_test.go # pnpm-lock.yaml 2025-10-08 10:27:02 +02:00			`# Builder stage: Sets up the environment, installs dependencies, copies the Zitadel binary, and configures permissions for the application.`
			`# This stage produces a runnable image that can be used for debugging.`
			`FROM debian:latest AS builder`
			`ARG TARGETPLATFORM`

			`RUN apt-get update && apt-get install ca-certificates -y`

			`COPY apps/api/entrypoint.sh /app/entrypoint.sh`
			`COPY ./.artifacts/bin/${TARGETPLATFORM}/zitadel /app/zitadel`

			`RUN useradd -s "" --home / zitadel && \`
			`chown zitadel /app/zitadel && \`
			`chmod +x /app/zitadel && \`
			`chown zitadel /app/entrypoint.sh && \`
			`chmod +x /app/entrypoint.sh`

			`WORKDIR /app`
			`ENV PATH="/app:${PATH}"`

			`USER zitadel`
			`ENTRYPOINT ["/app/entrypoint.sh"]`

			`# Final stage: Creates a minimal container image with just the Zitadel binary and necessary files`
			`FROM scratch AS final`

			`COPY --from=builder /etc/passwd /etc/passwd`
			`COPY --from=builder /etc/ssl/certs /etc/ssl/certs`
			`COPY --from=builder /app/zitadel /app/zitadel`

			`HEALTHCHECK NONE`
			`EXPOSE 8080`

			`USER zitadel`
			`ENTRYPOINT ["/app/zitadel"]`