ianshaloom
9f2e9afc63
All checks were successful
Deploy — Staging / Lint, Typecheck & Test (push) Successful in 1m31s
Deploy — Staging / Build & push — admin (push) Successful in 1m39s
Deploy — Staging / Build & push — storefront (push) Successful in 57s
Deploy — Staging / Deploy to staging VPS (push) Successful in 20s
NEXT_PUBLIC_CLOUDINARY_API_KEY and NEXT_PUBLIC_IMAGE_PROCESSING_API_URL are NEXT_PUBLIC_* vars that must be baked in at build time — added as ARG/ENV in admin Dockerfile and as --build-arg in the workflow build step. CLOUDINARY_API_SECRET is a server-side secret — added to the deploy step's env block, written to /opt/staging/.env via printf, and exposed to the admin container via compose.yml environment block. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
69 lines
2.8 KiB
Docker
69 lines
2.8 KiB
Docker
# Build context: ./out (turbo prune admin --docker)
|
|
# out/json/ — package.json files only → used by deps stage for layer caching
|
|
# out/full/ — full pruned monorepo → used by builder stage for source
|
|
# out/package-lock.json
|
|
|
|
# ── Stage 1: deps ────────────────────────────────────────────────────────────
|
|
FROM node:20-alpine AS deps
|
|
|
|
RUN apk add --no-cache libc6-compat
|
|
WORKDIR /app
|
|
|
|
# Upgrade npm to match the project's packageManager (npm@11). The package-lock.json
|
|
# was generated with npm 11 — npm 10 (bundled with node:20) can't fully parse it,
|
|
# causing turbo prune to generate an incomplete pruned lockfile and npm ci to miss
|
|
# packages.
|
|
RUN npm install -g npm@11 --quiet
|
|
|
|
COPY json/ .
|
|
COPY package-lock.json .
|
|
RUN npm ci
|
|
|
|
# ── Stage 2: builder ─────────────────────────────────────────────────────────
|
|
FROM node:20-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --from=deps /app/node_modules ./node_modules
|
|
COPY full/ .
|
|
|
|
# NEXT_PUBLIC_* vars are baked into the client bundle at build time by Next.js.
|
|
# They must be present here (not just at runtime) or SSG/prerender fails.
|
|
# Passed via --build-arg in CI. Note: Gitea secrets use a STAGING_/PROD_ prefix
|
|
# which is stripped by the workflow before being forwarded here as build args.
|
|
ARG NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
|
|
ARG NEXT_PUBLIC_CONVEX_URL
|
|
ARG NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME
|
|
ARG NEXT_PUBLIC_CLOUDINARY_API_KEY
|
|
ARG NEXT_PUBLIC_IMAGE_PROCESSING_API_URL
|
|
ENV NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=$NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY \
|
|
NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL \
|
|
NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME=$NEXT_PUBLIC_CLOUDINARY_CLOUD_NAME \
|
|
NEXT_PUBLIC_CLOUDINARY_API_KEY=$NEXT_PUBLIC_CLOUDINARY_API_KEY \
|
|
NEXT_PUBLIC_IMAGE_PROCESSING_API_URL=$NEXT_PUBLIC_IMAGE_PROCESSING_API_URL \
|
|
NEXT_TELEMETRY_DISABLED=1
|
|
|
|
RUN npx turbo build --filter=admin
|
|
|
|
# ── Stage 3: runner ──────────────────────────────────────────────────────────
|
|
FROM node:20-alpine AS runner
|
|
|
|
WORKDIR /app
|
|
|
|
ENV NODE_ENV=production \
|
|
NEXT_TELEMETRY_DISABLED=1 \
|
|
HOSTNAME=0.0.0.0 \
|
|
PORT=3001
|
|
|
|
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
|
|
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/admin/.next/standalone ./
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/admin/.next/static ./apps/admin/.next/static
|
|
COPY --from=builder --chown=nextjs:nodejs /app/apps/admin/public ./apps/admin/public
|
|
|
|
USER nextjs
|
|
|
|
EXPOSE 3001
|
|
|
|
CMD ["node", "apps/admin/server.js"]
|