refactor: update pipeline to use Docker actions for registry login, build, and push.

.gitea/workflows/pipeline.yml

@@ -2,13 +2,8 @@ name: Monorepo Pipeline
 
 on:
   push:
-    branches:
-      - main
     tags:
       - 'v*'
-  pull_request:
-    branches:
-      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -80,3 +75,66 @@ jobs:
           echo "🏷️ Tag detected [${{ github.ref_name }}], performing sync release..."
           pnpm sync-versions
           pnpm release:tag
+
+  build-images:
+    name: 🐳 Build & Push Images
+    needs: qa
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: docker
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: 🐳 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: 🔐 Registry Login
+        uses: docker/login-action@v3
+        with:
+          registry: registry.infra.mintel.me
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
+
+      - name: 🏗️ Build & Push Nextjs Build-Base
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: packages/infra/docker/Dockerfile.nextjs
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.infra.mintel.me/mintel/nextjs:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/nextjs:latest
+
+      - name: 🏗️ Build & Push Production Runtime
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: packages/infra/docker/Dockerfile.runtime
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.infra.mintel.me/mintel/runtime:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/runtime:latest
+
+      - name: 🏗️ Build & Push Gatekeeper (Product)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: packages/infra/docker/Dockerfile.gatekeeper
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.infra.mintel.me/mintel/gatekeeper:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/gatekeeper:latest
+
+      - name: 🏗️ Build & Push Directus (Base)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: packages/infra/docker/Dockerfile.directus
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: |
+            registry.infra.mintel.me/mintel/directus:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/directus:latest

apps/sample-website/.env.example

@@ -0,0 +1,31 @@
+# Project
+PROJECT_NAME=sample-website
+PROJECT_COLOR=#82ed20
+
+# Authentication
+GATEKEEPER_PASSWORD=mintel
+AUTH_COOKIE_NAME=mintel_gatekeeper_session
+
+# Host Config (Local)
+TRAEFIK_HOST=sample-website.localhost
+DIRECTUS_HOST=cms.sample-website.localhost
+
+# Next.js
+NEXT_PUBLIC_BASE_URL=http://sample-website.localhost
+
+# Directus
+DIRECTUS_URL=http://localhost:8055
+DIRECTUS_KEY=sample-key-123
+DIRECTUS_SECRET=sample-secret-123
+DIRECTUS_ADMIN_EMAIL=admin@mintel.me
+DIRECTUS_ADMIN_PASSWORD=mintel-admin-pass
+DIRECTUS_DB_NAME=directus
+DIRECTUS_DB_USER=directus
+DIRECTUS_DB_PASSWORD=mintel-db-pass
+
+# Sentry / Glitchtip
+SENTRY_DSN=
+
+# Analytics (Umami)
+NEXT_PUBLIC_UMAMI_WEBSITE_ID=
+NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js

apps/sample-website/.gitignore

@@ -0,0 +1,34 @@
+# dependencies
+/node_modules
+/.pnpm-debug.log*
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env*.local
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts
+
+# directus
+/directus/uploads
+/directus/extensions
+/.env

apps/sample-website/Dockerfile

@@ -0,0 +1,38 @@
+# Start from the pre-built Nextjs Base image
+FROM registry.infra.mintel.me/mintel/nextjs:latest AS builder
+
+WORKDIR /app
+
+# Build-time environment variables for Next.js
+ARG NEXT_PUBLIC_BASE_URL
+ARG NEXT_PUBLIC_UMAMI_WEBSITE_ID
+ARG NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ARG NEXT_PUBLIC_TARGET
+ARG DIRECTUS_URL
+
+ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
+ENV NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
+ENV NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET
+ENV DIRECTUS_URL=$DIRECTUS_URL
+
+# Build the specific application
+RUN pnpm --filter sample-website build
+
+# Production runner image
+FROM registry.infra.mintel.me/mintel/runtime:latest AS runner
+WORKDIR /app
+
+COPY --from=builder /app/apps/sample-website/public ./apps/sample-website/public
+
+# Set the correct permission for prerender cache
+RUN mkdir -p apps/sample-website/.next && chown nextjs:nodejs apps/sample-website/.next
+
+# Copy standalone output and static files from the monorepo path
+COPY --from=builder --chown=nextjs:nodejs /app/apps/sample-website/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/apps/sample-website/.next/static ./apps/sample-website/.next/static
+
+USER nextjs
+
+# server.js in monorepo standalone is created for each app
+CMD ["node", "apps/sample-website/server.js"]

apps/sample-website/docker-compose.yml

@@ -0,0 +1,71 @@
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        NEXT_PUBLIC_BASE_URL: ${NEXT_PUBLIC_BASE_URL:-http://localhost:3000}
+        NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${NEXT_PUBLIC_UMAMI_WEBSITE_ID}
+        NEXT_PUBLIC_UMAMI_SCRIPT_URL: ${NEXT_PUBLIC_UMAMI_SCRIPT_URL}
+        NEXT_PUBLIC_TARGET: ${TARGET:-development}
+      DIRECTUS_URL: ${DIRECTUS_URL:-http://directus:8055}
+    restart: always
+    networks:
+      - infra
+    env_file:
+      - .env
+    ports:
+      - "3000:3000"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.sample-website.rule=Host(`${TRAEFIK_HOST:-sample-website.localhost}`)"
+      - "traefik.http.services.sample-website.loadbalancer.server.port=3000"
+
+  directus:
+    image: registry.infra.mintel.me/mintel/directus:latest
+    restart: always
+    networks:
+      - infra
+    env_file:
+      - .env
+    environment:
+      KEY: ${DIRECTUS_KEY:-mintel-key}
+      SECRET: ${DIRECTUS_SECRET:-mintel-secret}
+      ADMIN_EMAIL: ${DIRECTUS_ADMIN_EMAIL:-admin@mintel.me}
+      ADMIN_PASSWORD: ${DIRECTUS_ADMIN_PASSWORD:-mintel-admin}
+      DB_CLIENT: 'pg'
+      DB_HOST: 'directus-db'
+      DB_PORT: '5432'
+      DB_DATABASE: ${DIRECTUS_DB_NAME:-directus}
+      DB_USER: ${DIRECTUS_DB_USER:-directus}
+      DB_PASSWORD: ${DIRECTUS_DB_PASSWORD:-mintel-db-pass}
+      WEBSOCKETS_ENABLED: 'true'
+      PUBLIC_URL: ${DIRECTUS_URL:-http://localhost:8055}
+    ports:
+      - "8055:8055"
+    volumes:
+      - ./directus/uploads:/directus/uploads
+      - ./directus/extensions:/directus/extensions
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.sample-website-directus.rule=Host(`${DIRECTUS_HOST:-cms.sample-website.localhost}`)"
+      - "traefik.http.services.sample-website-directus.loadbalancer.server.port=8055"
+
+  directus-db:
+    image: postgres:15-alpine
+    restart: always
+    networks:
+      - infra
+    environment:
+      POSTGRES_DB: ${DIRECTUS_DB_NAME:-directus}
+      POSTGRES_USER: ${DIRECTUS_DB_USER:-directus}
+      POSTGRES_PASSWORD: ${DIRECTUS_DB_PASSWORD:-mintel-db-pass}
+    volumes:
+      - directus-db-data:/var/lib/postgresql/data
+
+networks:
+  infra:
+    external: true
+
+volumes:
+  directus-db-data:

apps/sample-website/package.json

@@ -4,11 +4,21 @@
   "private": true,
   "type": "module",
   "scripts": {
-    "dev": "next dev",
+    "dev": "mintel dev",
+    "dev:local": "mintel dev --local",
     "build": "next build",
     "start": "next start",
     "lint": "next lint",
-    "test": "vitest run"
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run --passWithNoTests",
+    "cms:bootstrap": "mintel directus bootstrap",
+    "cms:push:testing": "mintel directus sync push testing",
+    "cms:pull:testing": "mintel directus sync pull testing",
+    "cms:push:staging": "mintel directus sync push staging",
+    "cms:pull:staging": "mintel directus sync pull staging",
+    "cms:push:prod": "mintel directus sync push production",
+    "cms:pull:prod": "mintel directus sync pull production",
+    "pagespeed:test": "mintel pagespeed"
   },
   "dependencies": {
     "@mintel/next-utils": "workspace:*",

packages/cli/src/index.ts

@@ -10,7 +10,76 @@ const program = new Command();
 program
   .name("mintel")
   .description("CLI for Mintel monorepo management")
-  .version("1.0.0");
+  .version("1.0.1");
+
+program
+  .command("dev")
+  .description("Start the development environment (Docker stack)")
+  .option("-l, --local", "Run Next.js locally instead of in Docker")
+  .action(async (options) => {
+    const { execSync } = await import("child_process");
+    console.log(chalk.blue("🚀 Starting Development Environment..."));
+
+    if (options.local) {
+      console.log(chalk.cyan("Running Next.js locally..."));
+      execSync("next dev", { stdio: "inherit" });
+    } else {
+      console.log(chalk.cyan("Starting Docker stack (App, Directus, DB)..."));
+      // Ensure network exists
+      try {
+        execSync("docker network create infra", { stdio: "ignore" });
+      } catch (e) {}
+
+      console.log(
+        chalk.yellow(`
+📱 App:      http://localhost:3000
+🗄️  CMS:      http://localhost:8055/admin
+🚦 Traefik:  http://localhost:8080
+`),
+      );
+      execSync(
+        "docker-compose down --remove-orphans && docker-compose up app directus directus-db",
+        { stdio: "inherit" },
+      );
+    }
+  });
+
+const directus = program
+  .command("directus")
+  .description("Directus management commands");
+
+directus
+  .command("bootstrap")
+  .description("Setup Directus branding and settings")
+  .action(async () => {
+    const { execSync } = await import("child_process");
+    console.log(chalk.blue("🎨 Bootstrapping Directus..."));
+    execSync("npx tsx --env-file=.env scripts/setup-directus.ts", {
+      stdio: "inherit",
+    });
+  });
+
+directus
+  .command("sync <action> <env>")
+  .description("Sync Directus data (push/pull) for a specific environment")
+  .action(async (action, env) => {
+    const { execSync } = await import("child_process");
+    console.log(
+      chalk.blue(`📥 Executing Directus sync: ${action} -> ${env}...`),
+    );
+    execSync(`./scripts/sync-directus.sh ${action} ${env}`, {
+      stdio: "inherit",
+    });
+  });
+
+program
+  .command("pagespeed")
+  .description("Run PageSpeed (Lighthouse) tests")
+  .action(async () => {
+    const { execSync } = await import("child_process");
+    console.log(chalk.blue("⚡ Running PageSpeed tests..."));
+    execSync("npx tsx ./scripts/pagespeed-sitemap.ts", { stdio: "inherit" });
+  });
 
 program
   .command("init <path>")
@@ -34,10 +103,21 @@ program
         private: true,
         type: "module",
         scripts: {
-          dev: "next dev",
+          dev: "mintel dev",
+          "dev:local": "mintel dev --local",
           build: "next build",
           start: "next start",
           lint: "next lint",
+          typecheck: "tsc --noEmit",
+          test: "vitest run --passWithNoTests",
+          "directus:bootstrap": "mintel directus bootstrap",
+          "directus:push:testing": "mintel directus sync push testing",
+          "directus:pull:testing": "mintel directus sync pull testing",
+          "directus:push:staging": "mintel directus sync push staging",
+          "directus:pull:staging": "mintel directus sync pull staging",
+          "directus:push:prod": "mintel directus sync push production",
+          "directus:pull:prod": "mintel directus sync pull production",
+          "pagespeed:test": "mintel pagespeed",
         },
         dependencies: {
           next: "15.1.6",
@@ -238,34 +318,56 @@ export default function Home() {
       // Copy infra templates
       const infraPath = path.resolve(__dirname, "../../infra");
       if (await fs.pathExists(infraPath)) {
-        await fs.copy(
-          path.join(infraPath, "docker/Dockerfile.nextjs"),
-          path.join(fullPath, "Dockerfile"),
+        // Setup Dockerfile from template
+        const templatePath = path.join(
+          infraPath,
+          "docker/Dockerfile.app-template",
         );
-        await fs.copy(
-          path.join(infraPath, "docker/docker-compose.template.yml"),
-          path.join(fullPath, "docker-compose.yml"),
+        if (await fs.pathExists(templatePath)) {
+          let dockerfile = await fs.readFile(templatePath, "utf8");
+          dockerfile = dockerfile.replace(/\$\{APP_NAME:-app\}/g, projectName);
+          await fs.writeFile(path.join(fullPath, "Dockerfile"), dockerfile);
+        }
+
+        // Setup docker-compose from template
+        const composeTemplatePath = path.join(
+          infraPath,
+          "docker/docker-compose.template.yml",
         );
+        if (await fs.pathExists(composeTemplatePath)) {
+          let compose = await fs.readFile(composeTemplatePath, "utf8");
+          compose = compose.replace(/\$\{APP_NAME:-app\}/g, projectName);
+          compose = compose.replace(/\$\{PROJECT_NAME:-app\}/g, projectName);
+          await fs.writeFile(
+            path.join(fullPath, "docker-compose.yml"),
+            compose,
+          );
+        }
+
         await fs.ensureDir(path.join(fullPath, ".gitea/workflows"));
-        await fs.copy(
-          path.join(infraPath, "gitea/deploy-action.yml"),
-          path.join(fullPath, ".gitea/workflows/deploy.yml"),
+        const deployActionPath = path.join(
+          infraPath,
+          "gitea/deploy-action.yml",
         );
+        if (await fs.pathExists(deployActionPath)) {
+          await fs.copy(
+            deployActionPath,
+            path.join(fullPath, ".gitea/workflows/deploy.yml"),
+          );
+        }
+      }
 
-        // Create Directus structure
-        await fs.ensureDir(path.join(fullPath, "directus/uploads"));
-        await fs.ensureDir(path.join(fullPath, "directus/extensions"));
-        await fs.writeFile(
-          path.join(fullPath, "directus/uploads/.gitkeep"),
-          "",
-        );
-        await fs.writeFile(
-          path.join(fullPath, "directus/extensions/.gitkeep"),
-          "",
-        );
+      // Create Directus structure
+      await fs.ensureDir(path.join(fullPath, "directus/uploads"));
+      await fs.ensureDir(path.join(fullPath, "directus/extensions"));
+      await fs.writeFile(path.join(fullPath, "directus/uploads/.gitkeep"), "");
+      await fs.writeFile(
+        path.join(fullPath, "directus/extensions/.gitkeep"),
+        "",
+      );
 
-        // Create .env.example
-        const envExample = `# Project
+      // Create .env.example
+      const envExample = `# Project
 PROJECT_NAME=${projectName}
 PROJECT_COLOR=#82ed20
 
@@ -297,14 +399,13 @@ SENTRY_DSN=
 NEXT_PUBLIC_UMAMI_WEBSITE_ID=
 NEXT_PUBLIC_UMAMI_SCRIPT_URL=https://analytics.infra.mintel.me/script.js
 `;
-        await fs.writeFile(path.join(fullPath, ".env.example"), envExample);
+      await fs.writeFile(path.join(fullPath, ".env.example"), envExample);
 
-        // Copy premium templates (globals.css, lib/directus.ts, scripts/setup-directus.ts)
-        const templatePath = path.join(infraPath, "templates/website");
-        if (await fs.pathExists(templatePath)) {
-          console.log(chalk.blue("Applying premium templates..."));
-          await fs.copy(templatePath, fullPath, { overwrite: true });
-        }
+      // Copy premium templates (globals.css, lib/directus.ts, scripts/setup-directus.ts)
+      const templatePath = path.join(infraPath, "templates/website");
+      if (await fs.pathExists(templatePath)) {
+        console.log(chalk.blue("Applying premium templates..."));
+        await fs.copy(templatePath, fullPath, { overwrite: true });
       }
 
       console.log(

packages/eslint-config/next.js

@@ -13,10 +13,14 @@ export const nextConfig = [
   {
     ignores: [
       "**/dist/**",
+      "**/build/**",
+      "**/out/**",
+      "**/coverage/**",
       "**/.next/**",
       "**/node_modules/**",
       "**/.gitea/**",
       "**/.changeset/**",
+      "**/.vercel/**",
     ],
   },
   ...compat.extends("next/core-web-vitals", "next/typescript"),

packages/gatekeeper/package.json

@@ -15,7 +15,7 @@
     "clsx": "^2.1.1",
     "lucide-react": "^0.474.0",
     "next": "15.1.6",
-    "next-intl": "^3.26.5",
+    "next-intl": "^4.8.2",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "tailwind-merge": "^2.6.0"

packages/infra/docker/Dockerfile.app-template

@@ -0,0 +1,33 @@
+# Start from the pre-built Nextjs Base image
+FROM registry.infra.mintel.me/mintel/nextjs:latest AS builder
+
+WORKDIR /app
+
+# Build-time environment variables for Next.js
+ARG NEXT_PUBLIC_BASE_URL
+ARG NEXT_PUBLIC_UMAMI_WEBSITE_ID
+ARG NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ARG NEXT_PUBLIC_TARGET
+ARG DIRECTUS_URL
+
+ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
+ENV NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
+ENV NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
+ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET
+ENV DIRECTUS_URL=$DIRECTUS_URL
+
+# Build the specific application
+RUN pnpm --filter ${APP_NAME:-app} build
+
+# Production runner image
+FROM registry.infra.mintel.me/mintel/runtime:latest AS runner
+WORKDIR /app
+
+# Copy standalone output and static files
+COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/public ./apps/${APP_NAME:-app}/public
+COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/apps/${APP_NAME:-app}/.next/static ./apps/${APP_NAME:-app}/.next/static
+
+USER nextjs
+
+CMD ["node", "apps/${APP_NAME:-app}/server.js"]

packages/infra/docker/Dockerfile.directus

@@ -0,0 +1,12 @@
+FROM directus/directus:11
+
+# Add any custom extensions or configurations here if needed
+# COPY ./extensions /directus/extensions
+
+# Default environment for optimized production use
+ENV LOGGER_LEVEL="info"
+ENV WEBSOCKETS_ENABLED="true"
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8055/health || exit 1

packages/infra/docker/Dockerfile.gatekeeper

@@ -1,47 +1,42 @@
 FROM node:20-alpine AS base
 
-# Install dependencies only when needed
-FROM base AS deps
-RUN apk add --no-cache libc6-compat
+RUN apk add --no-cache libc6-compat curl
 WORKDIR /app
 
-# Install dependencies
-COPY package.json pnpm-lock.yaml* ./
-RUN corepack enable pnpm && pnpm i --frozen-lockfile
+# Enable pnpm
+RUN corepack enable pnpm
 
-# Rebuild the source code only when needed
-FROM base AS builder
-WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
+# Install dependencies (using monorepo root context)
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./
+COPY packages/gatekeeper/package.json ./packages/gatekeeper/
+COPY packages/next-utils/package.json ./packages/next-utils/
+COPY packages/tsconfig/package.json ./packages/tsconfig/
+COPY packages/eslint-config/package.json ./packages/eslint-config/
+COPY packages/next-config/package.json ./packages/next-config/
+
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
+    pnpm i --frozen-lockfile
+
+# Copy source
 COPY . .
 
-ENV NEXT_TELEMETRY_DISABLED=1
+# Build Gatekeeper
+RUN pnpm --filter @mintel/gatekeeper build
 
-# Build the application
-RUN corepack enable pnpm && pnpm run build
-
-# Production image, copy all the files and run next
+# Runner
 FROM base AS runner
 WORKDIR /app
-
-RUN apk add --no-cache curl
-
 ENV NODE_ENV=production
-ENV NEXT_TELEMETRY_DISABLED=1
-
 RUN addgroup --system --gid 1001 nodejs
 RUN adduser --system --uid 1001 nextjs
 
-# Automatically leverage output traces to reduce image size
-# https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --from=builder /app/packages/gatekeeper/public ./packages/gatekeeper/public
+COPY --from=builder /app/packages/gatekeeper/.next/standalone ./
+COPY --from=builder /app/packages/gatekeeper/.next/static ./packages/gatekeeper/.next/static
 
 USER nextjs
-
 EXPOSE 3000
-
 ENV PORT=3000
 ENV HOSTNAME="0.0.0.0"
 
-CMD ["node", "server.js"]
+CMD ["node", "packages/gatekeeper/server.js"]

packages/infra/docker/Dockerfile.nextjs

@@ -1,66 +1,24 @@
 FROM node:20-alpine AS base
 
-# Install dependencies only when needed
-FROM base AS deps
 RUN apk add --no-cache libc6-compat curl
 WORKDIR /app
 
-# Install dependencies based on the preferred package manager
-COPY package.json package-lock.json* pnpm-lock.yaml* ./
-RUN if [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
-    elif [ -f package-lock.json ]; then npm ci; \
-    else npm i; fi
+# Enable pnpm
+RUN corepack enable pnpm
 
-# Rebuild the source code only when needed
-FROM base AS builder
-WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
+# Copy root configurations
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./
+
+# Copy all package.json files to allow pnpm install to be cached
+COPY packages/*/package.json ./packages/
+COPY apps/*/package.json ./apps/
+
+# Install dependencies for the entire monorepo
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
+    pnpm i --frozen-lockfile
+
+# Copy the rest of the source code
 COPY . .
 
-# Next.js collects completely anonymous telemetry data about general usage.
-ENV NEXT_TELEMETRY_DISABLED=1
-
-# Build-time environment variables for Next.js
-ARG NEXT_PUBLIC_BASE_URL
-ARG NEXT_PUBLIC_UMAMI_WEBSITE_ID
-ARG NEXT_PUBLIC_UMAMI_SCRIPT_URL
-
-ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
-ENV NEXT_PUBLIC_UMAMI_WEBSITE_ID=$NEXT_PUBLIC_UMAMI_WEBSITE_ID
-ENV NEXT_PUBLIC_UMAMI_SCRIPT_URL=$NEXT_PUBLIC_UMAMI_SCRIPT_URL
-
-# Build the application
-RUN if [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
-    else npm run build; fi
-
-# Production image, copy all the files and run next
-FROM base AS runner
-WORKDIR /app
-
-# Install curl for health checks
-RUN apk add --no-cache curl
-
-ENV NODE_ENV=production
-ENV NEXT_TELEMETRY_DISABLED=1
-
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
-
-COPY --from=builder /app/public ./public
-
-# Set the correct permission for prerender cache
-RUN mkdir .next
-RUN chown nextjs:nodejs .next
-
-# Automatically leverage output traces to reduce image size
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
-COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-
-USER nextjs
-
-EXPOSE 3000
-
-ENV PORT=3000
-ENV HOSTNAME="0.0.0.0"
-
-CMD ["node", "server.js"]
+# Post-install/Build shared packages if needed
+RUN pnpm -r build --filter="./packages/*"

packages/infra/docker/Dockerfile.runtime

@@ -0,0 +1,19 @@
+FROM node:20-alpine
+
+# Install essential production utilities
+RUN apk add --no-cache curl libc6-compat
+
+# Set standard production environment
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+WORKDIR /app
+
+# Create non-root user for security
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
+
+# Expose the default Next.js port
+EXPOSE 3000

packages/infra/docker/docker-compose.template.yml

@@ -1,6 +1,5 @@
 services:
   app:
-    image: registry.infra.mintel.me/mintel/${APP_NAME:-app}:${IMAGE_TAG:-latest}
     restart: always
     networks:
       - infra
@@ -40,7 +39,6 @@ services:
 
   gatekeeper:
     image: registry.infra.mintel.me/mintel/gatekeeper:${IMAGE_TAG:-latest}
-    container_name: ${PROJECT_NAME}-gatekeeper
     restart: always
     networks:
       - infra
@@ -55,7 +53,7 @@ services:
       - "traefik.http.services.${PROJECT_NAME}-gatekeeper.loadbalancer.server.port=3000"
 
   directus:
-    image: directus/directus:11
+    image: registry.infra.mintel.me/mintel/directus:latest
     restart: always
     networks:
       - infra

packages/infra/gitea/deploy-action.yml

@@ -179,23 +179,24 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: 🔐 Registry Login
-        run: |
-          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+        uses: docker/login-action@v3
+        with:
+          registry: registry.infra.mintel.me
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
 
       - name: 🏗️ Docker Build & Push
-        env:
-          IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
-          NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_base_url }}
-        run: |
-          docker buildx build \
-            --pull \
-            --platform linux/arm64 \
-            --build-arg NEXT_PUBLIC_BASE_URL="$NEXT_PUBLIC_BASE_URL" \
-            --build-arg NEXT_PUBLIC_TARGET="${{ needs.prepare.outputs.target }}" \
-            -t registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:$IMAGE_TAG \
-            --cache-from type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache \
-            --cache-to type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache,mode=max \
-            --push .
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/arm64
+          build-args: |
+            NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }}
+            NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
+          push: true
+          tags: registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:${{ needs.prepare.outputs.image_tag }}
+          cache-from: type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache
+          cache-to: type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache,mode=max
 
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 4: Deploy

packages/infra/templates/website/.gitignore

@@ -27,3 +27,8 @@ yarn-error.log*
 # typescript
 *.tsbuildinfo
 next-env.d.ts
+
+# directus
+/directus/uploads
+/directus/extensions
+/.env

packages/next-config/index.js

@@ -1,7 +1,7 @@
 import createNextIntlPlugin from "next-intl/plugin";
 import { withSentryConfig } from "@sentry/nextjs";
-
-const withNextIntl = createNextIntlPlugin();
+import fs from "node:fs";
+import path from "node:path";
 
 /** @type {import('next').NextConfig} */
 export const baseNextConfig = {
@@ -34,10 +34,30 @@ export const baseNextConfig = {
 };
 
 const withMintelConfig = (config) => {
-  const nextIntlConfig = withNextIntl({ ...baseNextConfig, ...config });
+  const i18nPaths = [
+    "src/i18n/request.ts",
+    "src/i18n/request.tsx",
+    "i18n/request.ts",
+    "i18n/request.tsx",
+    "src/i18n.ts",
+    "src/i18n.tsx",
+    "i18n.ts",
+    "i18n.tsx",
+  ];
+
+  const hasI18nConfig = i18nPaths.some((p) =>
+    fs.existsSync(path.resolve(process.cwd(), p)),
+  );
+
+  let nextConfig = { ...baseNextConfig, ...config };
+
+  if (hasI18nConfig) {
+    const withNextIntl = createNextIntlPlugin();
+    nextConfig = withNextIntl(nextConfig);
+  }
 
   return withSentryConfig(
-    nextIntlConfig,
+    nextConfig,
     {
       silent: !process.env.CI,
       treeshake: { removeDebugLogging: true },

packages/next-config/package.json

@@ -15,7 +15,7 @@
     }
   },
   "dependencies": {
-    "next-intl": "^3.0.0",
+    "next-intl": "^4.8.2",
     "@sentry/nextjs": "^8.0.0"
   }
 }

packages/next-utils/package.json

@@ -17,7 +17,7 @@
   "dependencies": {
     "@directus/sdk": "^21.0.0",
     "next": "15.1.6",
-    "next-intl": "^3.0.0",
+    "next-intl": "^4.8.2",
     "zod": "^3.0.0"
   },
   "devDependencies": {

packages/next-utils/src/index.test.ts

@@ -1,5 +1,5 @@
 import { describe, it, expect } from "vitest";
-import { isValidLang } from "../src/index";
+import { isValidLang } from "./lang";
 
 describe("next-utils", () => {
   it("should validate languages correctly", () => {

packages/next-utils/src/index.ts

@@ -30,12 +30,7 @@ export async function rateLimit(
   submissions[identifier] = now;
 }
 
-export const languages = ["en", "de"] as const;
-export type Lang = (typeof languages)[number];
-
-export function isValidLang(lang: string): lang is Lang {
-  return (languages as readonly string[]).includes(lang);
-}
+export * from "./lang";
 
 export * from "./i18n";
 export * from "./env";

packages/next-utils/src/lang.ts

@@ -0,0 +1,6 @@
+export const languages = ["en", "de"] as const;
+export type Lang = (typeof languages)[number];
+
+export function isValidLang(lang: string): lang is Lang {
+  return (languages as readonly string[]).includes(lang);
+}

pnpm-lock.yaml

@@ -179,8 +179,8 @@ importers:
         specifier: 15.1.6
         version: 15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
       next-intl:
-        specifier: ^3.26.5
-        version: 3.26.5(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)
+        specifier: ^4.8.2
+        version: 4.8.2(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)(typescript@5.9.3)
       react:
         specifier: ^19.0.0
         version: 19.2.4
@@ -249,8 +249,8 @@ importers:
         specifier: ^8.0.0
         version: 8.55.0(@opentelemetry/context-async-hooks@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/core@1.30.1(@opentelemetry/api@1.9.0))(@opentelemetry/instrumentation@0.57.2(@opentelemetry/api@1.9.0))(@opentelemetry/sdk-trace-base@1.30.1(@opentelemetry/api@1.9.0))(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)(webpack@5.104.1)
       next-intl:
-        specifier: ^3.0.0
-        version: 3.26.5(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)
+        specifier: ^4.8.2
+        version: 4.8.2(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)(typescript@5.9.3)
 
   packages/next-utils:
     dependencies:
@@ -261,8 +261,8 @@ importers:
         specifier: 15.1.6
         version: 15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
       next-intl:
-        specifier: ^3.0.0
-        version: 3.26.5(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)
+        specifier: ^4.8.2
+        version: 4.8.2(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)(typescript@5.9.3)
       zod:
         specifier: ^3.0.0
         version: 3.25.76
@@ -764,36 +764,21 @@ packages:
       '@noble/hashes':
         optional: true
 
-  '@formatjs/ecma402-abstract@2.3.6':
-    resolution: {integrity: sha512-HJnTFeRM2kVFVr5gr5kH1XP6K0JcJtE7Lzvtr3FS/so5f1kpsqqqxy5JF+FRaO6H2qmcMfAUIox7AJteieRtVw==}
-
   '@formatjs/ecma402-abstract@3.1.1':
     resolution: {integrity: sha512-jhZbTwda+2tcNrs4kKvxrPLPjx8QsBCLCUgrrJ/S+G9YrGHWLhAyFMMBHJBnBoOwuLHd7L14FgYudviKaxkO2Q==}
 
-  '@formatjs/fast-memoize@2.2.7':
-    resolution: {integrity: sha512-Yabmi9nSvyOMrlSeGGWDiH7rf3a7sIwplbvo/dlz9WCIjzIQAfy1RMf4S0X3yG724n5Ghu2GmEl5NJIV6O9sZQ==}
-
   '@formatjs/fast-memoize@3.1.0':
     resolution: {integrity: sha512-b5mvSWCI+XVKiz5WhnBCY3RJ4ZwfjAidU0yVlKa3d3MSgKmH1hC3tBGEAtYyN5mqL7N0G5x0BOUYyO8CEupWgg==}
 
-  '@formatjs/icu-messageformat-parser@2.11.4':
-    resolution: {integrity: sha512-7kR78cRrPNB4fjGFZg3Rmj5aah8rQj9KPzuLsmcSn4ipLXQvC04keycTI1F7kJYDwIXtT2+7IDEto842CfZBtw==}
-
   '@formatjs/icu-messageformat-parser@3.5.1':
     resolution: {integrity: sha512-sSDmSvmmoVQ92XqWb499KrIhv/vLisJU8ITFrx7T7NZHUmMY7EL9xgRowAosaljhqnj/5iufG24QrdzB6X3ItA==}
 
-  '@formatjs/icu-skeleton-parser@1.8.16':
-    resolution: {integrity: sha512-H13E9Xl+PxBd8D5/6TVUluSpxGNvFSlN/b3coUp0e0JpuWXXnQDiavIpY3NnvSp4xhEMoXyyBvVfdFX8jglOHQ==}
-
   '@formatjs/icu-skeleton-parser@2.1.1':
     resolution: {integrity: sha512-PSFABlcNefjI6yyk8f7nyX1DC7NHmq6WaCHZLySEXBrXuLOB2f935YsnzuPjlz+ibhb9yWTdPeVX1OVcj24w2Q==}
 
   '@formatjs/intl-localematcher@0.5.10':
     resolution: {integrity: sha512-af3qATX+m4Rnd9+wHcjJ4w2ijq+rAVP3CCinJQvFv1kgSu1W6jypUmvleJxcewdxmutM8dmIRZFxO/IQBZmP2Q==}
 
-  '@formatjs/intl-localematcher@0.6.2':
-    resolution: {integrity: sha512-XOMO2Hupl0wdd172Y06h6kLpBz6Dv+J4okPLl4LPtzbr8f66WbIoy4ev98EBuZ6ZK4h5ydTN6XneT4QVpD7cdA==}
-
   '@formatjs/intl-localematcher@0.8.1':
     resolution: {integrity: sha512-xwEuwQFdtSq1UKtQnyTZWC+eHdv7Uygoa+H2k/9uzBVQjDyp9r20LNDNKedWXll7FssT3GRHvqsdJGYSUWqYFA==}
 
@@ -3060,9 +3045,6 @@ packages:
     resolution: {integrity: sha512-4gd7VpWNQNB4UKKCFFVcp1AVv+FMOgs9NKzjHKusc8jTMhd5eL1NqQqOpE0KzMds804/yHlglp3uxgluOqAPLw==}
     engines: {node: '>= 0.4'}
 
-  intl-messageformat@10.7.18:
-    resolution: {integrity: sha512-m3Ofv/X/tV8Y3tHXLohcuVuhWKo7BBq62cqY15etqmLxg2DZ34AGGgQDeR+SCta2+zICb1NX83af0GJmbQ1++g==}
-
   intl-messageformat@11.1.2:
     resolution: {integrity: sha512-ucSrQmZGAxfiBHfBRXW/k7UC8MaGFlEj4Ry1tKiDcmgwQm1y3EDl40u+4VNHYomxJQMJi9NEI3riDRlth96jKg==}
 
@@ -3497,12 +3479,6 @@ packages:
   next-intl-swc-plugin-extractor@4.8.2:
     resolution: {integrity: sha512-sHDs36L1VZmFHj3tPHsD+KZJtnsRudHlNvT0ieIe3iFVn5OpGLTxW3d/Zc/2LXSj5GpGuR6wQeikbhFjU9tMQQ==}
 
-  next-intl@3.26.5:
-    resolution: {integrity: sha512-EQlCIfY0jOhRldiFxwSXG+ImwkQtDEfQeSOEQp6ieAGSLWGlgjdb/Ck/O7wMfC430ZHGeUKVKax8KGusTPKCgg==}
-    peerDependencies:
-      next: ^10.0.0 || ^11.0.0 || ^12.0.0 || ^13.0.0 || ^14.0.0 || ^15.0.0
-      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0 || ^19.0.0
-
   next-intl@4.8.2:
     resolution: {integrity: sha512-GuuwyvyEI49/oehQbBXEoY8KSIYCzmfMLhmIwhMXTb+yeBmly1PnJcpgph3KczQ+HTJMXwXCmkizgtT8jBMf3A==}
     peerDependencies:
@@ -4377,11 +4353,6 @@ packages:
   uri-js@4.4.1:
     resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==}
 
-  use-intl@3.26.5:
-    resolution: {integrity: sha512-OdsJnC/znPvHCHLQH/duvQNXnP1w0hPfS+tkSi3mAbfjYBGh4JnyfdwkQBfIVf7t8gs9eSX/CntxUMvtKdG2MQ==}
-    peerDependencies:
-      react: ^16.8.0 || ^17.0.0 || ^18.0.0 || >=19.0.0-rc <19.0.0 || ^19.0.0
-
   use-intl@4.8.2:
     resolution: {integrity: sha512-3VNXZgDnPFqhIYosQ9W1Hc6K5q+ZelMfawNbexdwL/dY7BTHbceLUBX5Eeex9lgogxTp0pf1SjHuhYNAjr9H3g==}
     peerDependencies:
@@ -5168,13 +5139,6 @@ snapshots:
 
   '@exodus/bytes@1.10.0': {}
 
-  '@formatjs/ecma402-abstract@2.3.6':
-    dependencies:
-      '@formatjs/fast-memoize': 2.2.7
-      '@formatjs/intl-localematcher': 0.6.2
-      decimal.js: 10.6.0
-      tslib: 2.8.1
-
   '@formatjs/ecma402-abstract@3.1.1':
     dependencies:
       '@formatjs/fast-memoize': 3.1.0
@@ -5182,31 +5146,16 @@ snapshots:
       decimal.js: 10.6.0
       tslib: 2.8.1
 
-  '@formatjs/fast-memoize@2.2.7':
-    dependencies:
-      tslib: 2.8.1
-
   '@formatjs/fast-memoize@3.1.0':
     dependencies:
       tslib: 2.8.1
 
-  '@formatjs/icu-messageformat-parser@2.11.4':
-    dependencies:
-      '@formatjs/ecma402-abstract': 2.3.6
-      '@formatjs/icu-skeleton-parser': 1.8.16
-      tslib: 2.8.1
-
   '@formatjs/icu-messageformat-parser@3.5.1':
     dependencies:
       '@formatjs/ecma402-abstract': 3.1.1
       '@formatjs/icu-skeleton-parser': 2.1.1
       tslib: 2.8.1
 
-  '@formatjs/icu-skeleton-parser@1.8.16':
-    dependencies:
-      '@formatjs/ecma402-abstract': 2.3.6
-      tslib: 2.8.1
-
   '@formatjs/icu-skeleton-parser@2.1.1':
     dependencies:
       '@formatjs/ecma402-abstract': 3.1.1
@@ -5216,10 +5165,6 @@ snapshots:
     dependencies:
       tslib: 2.8.1
 
-  '@formatjs/intl-localematcher@0.6.2':
-    dependencies:
-      tslib: 2.8.1
-
   '@formatjs/intl-localematcher@0.8.1':
     dependencies:
       '@formatjs/fast-memoize': 3.1.0
@@ -7723,13 +7668,6 @@ snapshots:
       hasown: 2.0.2
       side-channel: 1.1.0
 
-  intl-messageformat@10.7.18:
-    dependencies:
-      '@formatjs/ecma402-abstract': 2.3.6
-      '@formatjs/fast-memoize': 2.2.7
-      '@formatjs/icu-messageformat-parser': 2.11.4
-      tslib: 2.8.1
-
   intl-messageformat@11.1.2:
     dependencies:
       '@formatjs/ecma402-abstract': 3.1.1
@@ -8151,14 +8089,6 @@ snapshots:
 
   next-intl-swc-plugin-extractor@4.8.2: {}
 
-  next-intl@3.26.5(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4):
-    dependencies:
-      '@formatjs/intl-localematcher': 0.5.10
-      negotiator: 1.0.0
-      next: 15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
-      react: 19.2.4
-      use-intl: 3.26.5(react@19.2.4)
-
   next-intl@4.8.2(next@15.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4))(react@19.2.4)(typescript@5.9.3):
     dependencies:
       '@formatjs/intl-localematcher': 0.5.10
@@ -9163,12 +9093,6 @@ snapshots:
     dependencies:
       punycode: 2.3.1
 
-  use-intl@3.26.5(react@19.2.4):
-    dependencies:
-      '@formatjs/fast-memoize': 2.2.7
-      intl-messageformat: 10.7.18
-      react: 19.2.4
-
   use-intl@4.8.2(react@19.2.4):
     dependencies:
       '@formatjs/fast-memoize': 3.1.0