ianshaloom
6b63cbb6cd
Some checks failed
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 2m6s
Deploy — Staging / Build & push — admin (push) Failing after 2m7s
Deploy — Staging / Build & push — storefront (push) Failing after 1m35s
Deploy — Staging / Deploy to staging VPS (push) Has been skipped
- Added NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME to both admin and storefront Dockerfiles to ensure it is available during the build process. - Updated deploy-staging.yml to pass the new Cloudinary variable as a build argument. - Clarified comments regarding the handling of NEXT_PUBLIC_* variables and Gitea secret prefixes. This change enhances the build configuration for both applications, ensuring all necessary environment variables are correctly passed during the Docker build process.
74 lines
3.2 KiB
Docker
74 lines
3.2 KiB
Docker
# Build context: ./out (turbo prune storefront --docker)
|
|
# out/json/ — package.json files only → used by deps stage for layer caching
|
|
# out/full/ — full pruned monorepo → used by builder stage for source
|
|
# out/package-lock.json
|
|
|
|
# ── Stage 1: deps ────────────────────────────────────────────────────────────
|
|
# Install ALL dependencies (dev + prod) using only the package.json tree.
|
|
# This layer is shared with the builder stage and only rebuilds when
|
|
# a package.json or the lock file changes — not when source code changes.
|
|
FROM node:20-alpine AS deps
|
|
|
|
RUN apk add --no-cache libc6-compat
|
|
WORKDIR /app
|
|
|
|
# Upgrade npm to match the project's packageManager (npm@11). The package-lock.json
|
|
# was generated with npm 11 — npm 10 (bundled with node:20) can't fully parse it,
|
|
# causing turbo prune to generate an incomplete pruned lockfile and npm ci to miss
|
|
# packages like @heroui/react.
|
|
RUN npm install -g npm@11 --quiet
|
|
|
|
COPY json/ .
|
|
COPY package-lock.json .
|
|
RUN npm ci
|
|
|
|
# ── Stage 2: builder ─────────────────────────────────────────────────────────
|
|
# Full monorepo source + build artifact.
|
|
# next build produces .next/standalone/ because output: "standalone" is set
|
|
# in next.config.js — that's what makes the runner stage small.
|
|
FROM node:20-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
COPY full/ .
|
|
|
|
# NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js.
|
|
# They must be present here (not just at runtime) or SSG/prerender fails.
|
|
# Passed via --build-arg in CI. Note: Gitea secrets use a STAGING_/PROD_ prefix
|
|
# which is stripped by the workflow before being forwarded here as build args.
|
|
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
|
|
ARG NEXT_PUBLIC_CONVEX_URL
|
|
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
|
|
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
|
|
NEXT_TELEMETRY_DISABLED=1
|
|
|
|
RUN npx turbo build --filter=storefront
|
|
|
|
# ── Stage 3: runner ──────────────────────────────────────────────────────────
|
|
# Minimal runtime image — only the standalone bundle, static assets, and public dir.
|
|
# No source code, no dev dependencies, no build tools.
|
|
FROM node:20-alpine AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
ENV NODE_ENV=production \
|
|
NEXT_TELEMETRY_DISABLED=1 \
|
|
HOSTNAME=0.0.0.0 \
|
|
PORT=3000
|
|
|
|
# Non-root user for security
|
|
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
|
|
|
|
# standalone output mirrors the monorepo tree, so server.js lands at /app/server.js
|
|
# Static files and public/ must be copied separately — they are not in standalone/
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/storefront/.next/standalone ./
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/storefront/.next/static ./apps/storefront/.next/static
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/storefront/public ./apps/storefront/public
|
|
|
|
USER nextjs
|
|
|
|
EXPOSE 3000
|
|
|
|
CMD ["node", "server.js"]
|