From 2c043d3717920bed342a36c42b6788e3621d5f04 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Thu, 8 Jan 2026 15:02:53 -0600 Subject: [PATCH 1/8] Fix docker network inconsistencies in compose files --- docker/cli.yml | 4 +++- docker/docker-compose-dist.yml | 6 +++++- docker/docker-compose-rest.yml | 4 ++++ docker/docker-compose.yml | 6 +++++- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/docker/cli.yml b/docker/cli.yml index 11fe2ee662a..dbb4c3012bb 100644 --- a/docker/cli.yml +++ b/docker/cli.yml @@ -16,7 +16,7 @@ networks: # Default to using network named 'dspacenet' from docker-compose-rest.yml. # Its full name will be prepended with the project name (e.g. "-p d7" means it will be named "d7_dspacenet") # If COMPOSITE_PROJECT_NAME is missing, default value will be "docker" (name of folder this file is in) - default: + dspacenet: name: ${COMPOSE_PROJECT_NAME:-docker}_dspacenet external: true services: @@ -34,6 +34,8 @@ services: db__P__url: 'jdbc:postgresql://dspacedb:5432/dspace' # solr.server: Ensure we are using the 'dspacesolr' image for Solr solr__P__server: http://dspacesolr:8983/solr + networks: + - dspacenet volumes: # Keep DSpace assetstore directory between reboots - assetstore:/dspace/assetstore diff --git a/docker/docker-compose-dist.yml b/docker/docker-compose-dist.yml index 88e5be16a5d..5ec4411199d 100644 --- a/docker/docker-compose-dist.yml +++ b/docker/docker-compose-dist.yml @@ -9,7 +9,11 @@ # Docker Compose for running the DSpace Angular UI dist build # for previewing with the DSpace Demo site backend networks: + # Default to using network named 'dspacenet' from docker-compose.yml. + # Its full name will be prepended with the project name (e.g. "-p d7" means it will be named "d7_dspacenet") dspacenet: + name: ${COMPOSE_PROJECT_NAME}_dspacenet + external: true services: dspace-angular: container_name: dspace-angular @@ -31,7 +35,7 @@ services: context: .. dockerfile: Dockerfile.dist networks: - dspacenet: + - dspacenet ports: - published: 4000 target: 4000 diff --git a/docker/docker-compose-rest.yml b/docker/docker-compose-rest.yml index 19d4d3c604d..31fd0965b45 100644 --- a/docker/docker-compose-rest.yml +++ b/docker/docker-compose-rest.yml @@ -17,6 +17,10 @@ networks: # Define a custom subnet for our DSpace network, so that we can easily trust requests from host to container. # If you customize this value, be sure to customize the 'proxies.trusted.ipranges' env variable below. - subnet: 172.23.0.0/16 + # Explicitly set external=false because this script creates the network. + # NOTE: Because of how compose files are merged, this script should be specified LAST when passed + # to "docker compose" for the network to be created properly. + external: false services: # DSpace (backend) webapp container dspace: diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 90a1d0c21c9..e4e0e2b2bde 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -10,7 +10,11 @@ # Requires also running a REST API backend (either locally or remotely), # for example via 'docker-compose-rest.yml' networks: + # Default to using an existing external network named 'dspacenet' (created in docker-compose-rest.yml) + # Its full name will be prepended with the project name (e.g. "-p d7" means it will be named "d7_dspacenet") dspacenet: + name: ${COMPOSE_PROJECT_NAME}_dspacenet + external: true services: dspace-angular: container_name: dspace-angular @@ -28,7 +32,7 @@ services: context: .. dockerfile: Dockerfile networks: - dspacenet: + - dspacenet ports: - published: 4000 target: 4000 From 2e7ea745b5d202e3953a1f73684d113c24c2728d Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Thu, 8 Jan 2026 15:04:48 -0600 Subject: [PATCH 2/8] Minor cleanup to production Dockerfile. Update to Node v22. Add inline comments. Use Dockerfile best practices for ENTRYPOINT vs CMD. --- Dockerfile.dist | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/Dockerfile.dist b/Dockerfile.dist index c3ea539e049..75160c90eaf 100644 --- a/Dockerfile.dist +++ b/Dockerfile.dist @@ -4,28 +4,46 @@ # Test build: # docker build -f Dockerfile.dist -t dspace/dspace-angular:dspace-7_x-dist . -FROM docker.io/node:18-alpine AS build +# Step 1 - Build code for production +FROM docker.io/node:22-alpine AS build # Ensure Python and other build tools are available # These are needed to install some node modules, especially on linux/arm64 RUN apk add --update python3 make g++ && rm -rf /var/cache/apk/* WORKDIR /app + +# Copy over package files first, so this layer will only be rebuilt if those files change. COPY package.json yarn.lock ./ RUN yarn install --network-timeout 300000 -ADD . /app/ +# Around 4GB of memory is required to build the app for production. +# This default setting can be overridden as needed in your shell, via an env file or in docker-compose. +# See Docker environment var precedence: https://docs.docker.com/compose/environment-variables/envvars-precedence/ +ENV NODE_OPTIONS="--max_old_space_size=4096" + +COPY . /app/ RUN yarn build:prod -FROM node:18-alpine +# Step 2 - Start up UI via PM2 +FROM docker.io/node:22-alpine + +# Install PM2 RUN npm install --global pm2 +# Copy pre-built code from build image COPY --chown=node:node --from=build /app/dist /app/dist +# Copy configs and PM2 startup script from local machine COPY --chown=node:node config /app/config COPY --chown=node:node docker/dspace-ui.json /app/dspace-ui.json +# Start up UI in PM2 in production mode WORKDIR /app USER node ENV NODE_ENV=production EXPOSE 4000 -CMD pm2-runtime start dspace-ui.json --json + +# On startup, run start the DSpace UI in PM2 +ENTRYPOINT [ "pm2-runtime", "start", "dspace-ui.json" ] +# By default, pass param that specifies to use JSON format logs. +CMD ["--json"] \ No newline at end of file From 65f8de88d9630f0a77ca40412463e766353d6523 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Thu, 8 Jan 2026 15:07:06 -0600 Subject: [PATCH 3/8] Minor cleanup to Dockerfile. Update to Node v22. Create a staged build. Use best practices for ENTRYPOINT vs CMD --- Dockerfile | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index e395e4b90e2..b52441fc558 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,28 +1,35 @@ # This image will be published as dspace/dspace-angular # See https://github.com/DSpace/dspace-angular/tree/main/docker for usage details -FROM docker.io/node:18-alpine +FROM docker.io/node:22-alpine # Ensure Python and other build tools are available # These are needed to install some node modules, especially on linux/arm64 RUN apk add --update python3 make g++ && rm -rf /var/cache/apk/* WORKDIR /app -ADD . /app/ -EXPOSE 4000 + +# Copy over package files first, so this layer will only be rebuilt if those files change. +COPY package.json yarn.lock ./ # We run yarn install with an increased network timeout (5min) to avoid "ESOCKETTIMEDOUT" errors from hub.docker.com # See, for example https://github.com/yarnpkg/yarn/issues/5540 RUN yarn install --network-timeout 300000 +# Add the rest of the source code +COPY . /app/ + # When running in dev mode, 4GB of memory is required to build & launch the app. # This default setting can be overridden as needed in your shell, via an env file or in docker-compose. # See Docker environment var precedence: https://docs.docker.com/compose/environment-variables/envvars-precedence/ ENV NODE_OPTIONS="--max_old_space_size=4096" # On startup, run in DEVELOPMENT mode (this defaults to live reloading enabled, etc). -# Listen / accept connections from all IP addresses. -# NOTE: At this time it is only possible to run Docker container in Production mode -# if you have a public URL. See https://github.com/DSpace/dspace-angular/issues/1485 ENV NODE_ENV=development -CMD yarn serve --host 0.0.0.0 + +EXPOSE 4000 + +# On startup, run this command to start application in dev mode +ENTRYPOINT [ "yarn", "serve" ] +# By default set host to 0.0.0.0 to listen/accept connections from all IP addresses. +CMD ["--host 0.0.0.0"] \ No newline at end of file From b6b6d065d8b2a11ad90e3b0b4090ab2e7d8eab11 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Fri, 9 Jan 2026 15:28:19 -0600 Subject: [PATCH 4/8] Update production docker compose scripts to correct SSR configuration. This allows production mode to fully work again. --- docker/docker-compose-dist.yml | 12 +++++------- docker/docker-compose-rest.yml | 3 +++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/docker/docker-compose-dist.yml b/docker/docker-compose-dist.yml index 5ec4411199d..9c0fc4af656 100644 --- a/docker/docker-compose-dist.yml +++ b/docker/docker-compose-dist.yml @@ -22,14 +22,12 @@ services: DSPACE_UI_HOST: dspace-angular DSPACE_UI_PORT: '4000' DSPACE_UI_NAMESPACE: / - # NOTE: When running the UI in production mode (which the -dist image does), - # these DSPACE_REST_* variables MUST point at a public, HTTPS URL. - # This is because Server Side Rendering (SSR) currently requires a public URL, - # see this bug: https://github.com/DSpace/dspace-angular/issues/1485 - DSPACE_REST_SSL: 'true' - DSPACE_REST_HOST: demo.dspace.org - DSPACE_REST_PORT: 443 + DSPACE_REST_SSL: 'false' + DSPACE_REST_HOST: localhost + DSPACE_REST_PORT: 8080 DSPACE_REST_NAMESPACE: /server + # Ensure SSR can use the 'dspace' Docker image directly (see docker-compose-rest.yml) + DSPACE_REST_SSRBASEURL: http://dspace:8080/server image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-angular:${DSPACE_VER:-dspace-7_x}-dist" build: context: .. diff --git a/docker/docker-compose-rest.yml b/docker/docker-compose-rest.yml index 31fd0965b45..0e68d74539d 100644 --- a/docker/docker-compose-rest.yml +++ b/docker/docker-compose-rest.yml @@ -35,6 +35,9 @@ services: # Uncomment to set a non-default value for dspace.server.url or dspace.ui.url # dspace__P__server__P__url: http://localhost:8080/server # dspace__P__ui__P__url: http://localhost:4000 + # Set SSR URL to the Docker container name so that UI can contact container directly in Production mode. + # (This is necessary for docker-compose-dist.yml) + dspace__P__server__P__ssr__P__url: http://dspace:8080/server dspace__P__name: 'DSpace Started with Docker Compose' # db.url: Ensure we are using the 'dspacedb' image for our database db__P__url: 'jdbc:postgresql://dspacedb:5432/dspace' From b75a36825cf21a336dc5b8fdcad847648f56c6e8 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Fri, 9 Jan 2026 15:29:21 -0600 Subject: [PATCH 5/8] Remove unnecessary tty/stdin_open settings from several Docker Compose files. --- docker/cli.yml | 2 -- docker/docker-compose-ci.yml | 6 ------ docker/docker-compose-dist.yml | 2 -- docker/docker-compose-rest.yml | 6 ------ docker/docker-compose.yml | 2 -- 5 files changed, 18 deletions(-) diff --git a/docker/cli.yml b/docker/cli.yml index dbb4c3012bb..4b91b3ae6b1 100644 --- a/docker/cli.yml +++ b/docker/cli.yml @@ -41,8 +41,6 @@ services: - assetstore:/dspace/assetstore entrypoint: /dspace/bin/dspace command: help - tty: true - stdin_open: true volumes: assetstore: diff --git a/docker/docker-compose-ci.yml b/docker/docker-compose-ci.yml index e09d88b4726..66799a64ebc 100644 --- a/docker/docker-compose-ci.yml +++ b/docker/docker-compose-ci.yml @@ -41,8 +41,6 @@ services: ports: - published: 8080 target: 8080 - stdin_open: true - tty: true volumes: - assetstore:/dspace/assetstore # Ensure that the database is ready BEFORE starting tomcat @@ -73,8 +71,6 @@ services: ports: - published: 5432 target: 5432 - stdin_open: true - tty: true volumes: # Keep Postgres data directory between reboots - pgdata:/pgdata @@ -87,8 +83,6 @@ services: ports: - published: 8983 target: 8983 - stdin_open: true - tty: true working_dir: /var/solr/data volumes: # Keep Solr data directory between reboots diff --git a/docker/docker-compose-dist.yml b/docker/docker-compose-dist.yml index 9c0fc4af656..776776234b1 100644 --- a/docker/docker-compose-dist.yml +++ b/docker/docker-compose-dist.yml @@ -37,5 +37,3 @@ services: ports: - published: 4000 target: 4000 - stdin_open: true - tty: true diff --git a/docker/docker-compose-rest.yml b/docker/docker-compose-rest.yml index 0e68d74539d..726e82aeba9 100644 --- a/docker/docker-compose-rest.yml +++ b/docker/docker-compose-rest.yml @@ -55,8 +55,6 @@ services: ports: - published: 8080 target: 8080 - stdin_open: true - tty: true volumes: - assetstore:/dspace/assetstore # Ensure that the database is ready BEFORE starting tomcat @@ -83,8 +81,6 @@ services: ports: - published: 5432 target: 5432 - stdin_open: true - tty: true volumes: # Keep Postgres data directory between reboots - pgdata:/pgdata @@ -97,8 +93,6 @@ services: ports: - published: 8983 target: 8983 - stdin_open: true - tty: true working_dir: /var/solr/data volumes: # Keep Solr data directory between reboots diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index e4e0e2b2bde..fd28b9dad31 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -38,5 +38,3 @@ services: target: 4000 - published: 9876 target: 9876 - stdin_open: true - tty: true From 80fcab6f526fecee1fa54c9ad8e6d7b8ed030046 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Fri, 9 Jan 2026 16:46:40 -0600 Subject: [PATCH 6/8] Enable automatic reloading by mounting local 'src' directory and passing the `--poll` flag to serve command. --- Dockerfile | 3 ++- docker/docker-compose.yml | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b52441fc558..5a2ce5c5f2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,4 +32,5 @@ EXPOSE 4000 # On startup, run this command to start application in dev mode ENTRYPOINT [ "yarn", "serve" ] # By default set host to 0.0.0.0 to listen/accept connections from all IP addresses. -CMD ["--host 0.0.0.0"] \ No newline at end of file +# Poll for changes every 5 seconds (if any detected, app will rebuild/restart) +CMD ["--host 0.0.0.0", "--poll 5000"] diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index fd28b9dad31..227c453b458 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -38,3 +38,7 @@ services: target: 4000 - published: 9876 target: 9876 + volumes: + # Mount the local 'src' directory to the '/app' directory on the container. + # Allows the UI to "watch" this directory for changes and reload/rebuild when changes are detected. + - ../src:/app/src From c48dd6508c2f614392ae8515980f462b045551e0 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Mon, 12 Jan 2026 15:14:32 -0600 Subject: [PATCH 7/8] Enhance README to better describe image differences --- docker/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/README.md b/docker/README.md index 37d071a86f8..06408331d52 100644 --- a/docker/README.md +++ b/docker/README.md @@ -20,7 +20,8 @@ the Docker compose scripts in this 'docker' folder. ### Dockerfile -This Dockerfile is used to build a *development* DSpace 7 Angular UI image, published as 'dspace/dspace-angular' +This Dockerfile is used to build a *development* mode DSpace Angular UI image, published as 'dspace/dspace-angular'. Because it uses development mode, this image supports "live reloading" of the user interface +when local source code is modified. ``` docker build -t dspace/dspace-angular:dspace-7_x . @@ -35,7 +36,7 @@ docker push dspace/dspace-angular:dspace-7_x ### Dockerfile.dist -The `Dockerfile.dist` is used to generate a *production* build and runtime environment. +The `Dockerfile.dist` is used to build a *production* mode DSpace Angular UI image, published as 'dspace/dspace-angular' with a `*-dist` tag. Because it uses production mode, this image supports Server Side Rendering (SSR). ```bash # build the latest image From ea549c3889df8f548330fdc680da9287fb43b0bf Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Mon, 12 Jan 2026 10:25:40 -0600 Subject: [PATCH 8/8] Add basic Docker deployment tests in GitHub actions to verify that Docker images/scripts are working properly. --- .github/workflows/docker.yml | 115 ++++++++++++++++++++++++++++++++++- 1 file changed, 114 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c9671bcac02..fe994b6c3ed 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -57,4 +57,117 @@ jobs: # Enable redeploy of sandbox & demo if the branch for this image matches the deployment branch of # these sites as specified in reusable-docker-build.xml REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_URL }} - REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_URL }} \ No newline at end of file + REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_URL }} + + ################################################################################# + # Test Deployment via Docker to ensure newly built images are working properly + ################################################################################# + docker-deploy: + # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace-angular' + if: github.repository == 'dspace/dspace-angular' + runs-on: ubuntu-latest + # Must run after all major images are built + needs: [dspace-angular, dspace-angular-dist] + env: + # Override default dspace.server.url & REST 'host' because backend starts at http://127.0.0.1:8080 + dspace__P__server__P__url: http://127.0.0.1:8080/server + DSPACE_REST_HOST: 127.0.0.1 + # Override default dspace.ui.url to also use 127.0.0.1. + dspace__P__ui__P__url: http://127.0.0.1:4000 + # Docker Registry to use for Docker compose scripts below. + # If this is a PR, then we need to use docker.io (as the registry must be public), + # Otherwise we default to ghcr.io to avoid aggressive rate limits at DockerHub. + DOCKER_REGISTRY: ${{ github.event_name == 'pull_request' && 'docker.io' || 'ghcr.io' }} + steps: + # Checkout our codebase (to get access to Docker Compose scripts) + - name: Checkout codebase + uses: actions/checkout@v4 + # Download Docker image artifacts (which were just built by reusable-docker-build.yml) + - name: Download Docker image artifacts + uses: actions/download-artifact@v4 + with: + # Download all amd64 Docker images (TAR files) into the /tmp/docker directory + pattern: docker-image-*-linux-amd64 + path: /tmp/docker + merge-multiple: true + # Load each of the images into Docker by calling "docker image load" for each. + # This ensures we are using the images just built & not any prior versions on DockerHub + - name: Load all downloaded Docker images + run: | + find /tmp/docker -type f -name "*.tar" -exec docker image load --input "{}" \; + docker image ls -a + # Start backend using our compose script in the codebase. + - name: Start backend in Docker + run: | + docker compose -f docker/docker-compose-rest.yml up -d + sleep 10 + docker container ls + # Create a test admin account. Load test data from a simple set of AIPs as defined in cli.ingest.yml + - name: Load test data into Backend + run: | + docker compose -f docker/cli.yml run --rm dspace-cli create-administrator -e test@test.edu -f admin -l user -p admin -c en + docker compose -f docker/cli.yml -f docker/cli.ingest.yml run --rm dspace-cli + # Verify backend started successfully. + # 1. Make sure root endpoint is responding (check for dspace.name defined in docker-compose.yml) + # 2. Also check /collections endpoint to ensure the test data loaded properly (check for a collection name in AIPs) + - name: Verify backend is responding properly + run: | + result=$(wget -O- -q http://127.0.0.1:8080/server/api) + echo "$result" + echo "$result" | grep -oE "\"DSpace Started with Docker Compose\"" + result=$(wget -O- -q http://127.0.0.1:8080/server/api/core/collections) + echo "$result" + echo "$result" | grep -oE "\"Dog in Yard\"" + # Start production frontend using our compose script in the codebase. + - name: Start production frontend in Docker + # Specify the GHCR copy of the production frontend, so that we use the newly built image + env: + DOCKER_REGISTRY: ghcr.io + run: | + docker compose -f docker/docker-compose-dist.yml up -d + sleep 10 + docker container ls + # Verify production frontend started successfully. + # 1. Make sure /home path has "DSpace software" (this is in the footer of the page) + # 2. Also check /community-list page lists one of the test Communities in the loaded test data + - name: Verify production frontend is responding properly + run: | + result=$(wget -O- -q http://127.0.0.1:4000/home) + echo "$result" + echo "$result" | grep -oE "DSpace software" + - name: Error logs of production frontend (if error in startup) + if: ${{ failure() }} + run: | + docker compose -f docker/docker-compose-dist.yml logs + # Now shutdown the production frontend image and startup the development frontend image + - name: Shutdown production frontend + run: | + docker compose -f docker/docker-compose-dist.yml down + sleep 10 + docker container ls + - name: Startup development frontend + # Specify the GHCR copy of the development frontend, so that we use the newly built image + env: + DOCKER_REGISTRY: ghcr.io + run: | + docker compose -f docker/docker-compose.yml up -d + sleep 10 + docker container ls + # Verify development frontend started successfully. + # 1. First, keep requesting the frontend every 10 seconds to wait until its up. Timeout after 10 minutes. + # 2. Once it's responding, check to see if the word "DSpace" appears. + # We cannot check for anything more specific because development mode doesn't have SSR. + - name: Verify development frontend is responding properly + run: | + timeout 10m wget --retry-connrefused -t 0 --waitretry=10 http://127.0.0.1:4000 + result=$(wget -O- -q http://127.0.0.1:4000) + echo "$result" + echo "$result" | grep -oE "DSpace" + - name: Error logs of development frontend (if error in startup) + if: ${{ failure() }} + run: | + docker compose -f docker/docker-compose.yml logs + # Shutdown our containers + - name: Shutdown running Docker containers + run: | + docker compose -f docker/docker-compose.yml -f docker/docker-compose-rest.yml down \ No newline at end of file