chore: Reorder pnpm build arguments in Dockerfile.nextjs.

.dockerignore

@@ -0,0 +1,12 @@
+node_modules
+.next
+.git
+.npmrc
+dist
+build
+out
+coverage
+.vercel
+.turbo
+*.log
+.DS_Store

.gitea/workflows/pipeline.yml

@@ -2,13 +2,8 @@ name: Monorepo Pipeline
 
 on:
   push:
-    branches:
-      - main
     tags:
       - 'v*'
-  pull_request:
-    branches:
-      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -18,6 +13,8 @@ jobs:
   qa:
     name: 🧪 Quality Assurance
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -31,7 +28,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node_version: 20
-          cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -52,6 +48,8 @@ jobs:
     needs: qa
     if: startsWith(github.ref, 'refs/tags/v')
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     env:
       NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -70,7 +68,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node_version: 20
-          cache: 'pnpm'
 
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
@@ -86,6 +83,8 @@ jobs:
     needs: qa
     if: startsWith(github.ref, 'refs/tags/v')
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -94,49 +93,60 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: 🔐 Registry Login
-        run: |
+        uses: docker/login-action@v3
-          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+        with:
+          registry: registry.infra.mintel.me
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
 
       - name: 🏗️ Build & Push Nextjs Build-Base
-        env:
+        uses: docker/build-push-action@v5
-          TAG: ${{ github.ref_name }}
+        with:
-        run: |
+          context: .
-          docker buildx build \
+          file: packages/infra/docker/Dockerfile.nextjs
-            --platform linux/amd64,linux/arm64 \
+          platforms: linux/amd64,linux/arm64
-            -t registry.infra.mintel.me/mintel/nextjs:$TAG \
+          push: true
-            -t registry.infra.mintel.me/mintel/nextjs:latest \
+          secrets: |
-            -f packages/infra/docker/Dockerfile.nextjs \
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-            --push .
+          tags: |
+            registry.infra.mintel.me/mintel/nextjs:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/nextjs:latest
 
       - name: 🏗️ Build & Push Production Runtime
-        env:
+        uses: docker/build-push-action@v5
-          TAG: ${{ github.ref_name }}
+        with:
-        run: |
+          context: .
-          docker buildx build \
+          file: packages/infra/docker/Dockerfile.runtime
-            --platform linux/amd64,linux/arm64 \
+          platforms: linux/amd64,linux/arm64
-            -t registry.infra.mintel.me/mintel/runtime:$TAG \
+          push: true
-            -t registry.infra.mintel.me/mintel/runtime:latest \
+          secrets: |
-            -f packages/infra/docker/Dockerfile.runtime \
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-            --push .
+          tags: |
+            registry.infra.mintel.me/mintel/runtime:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/runtime:latest
 
       - name: 🏗️ Build & Push Gatekeeper (Product)
-        env:
+        uses: docker/build-push-action@v5
-          TAG: ${{ github.ref_name }}
+        with:
-        run: |
+          context: .
-          docker buildx build \
+          file: packages/infra/docker/Dockerfile.gatekeeper
-            --platform linux/amd64,linux/arm64 \
+          platforms: linux/amd64,linux/arm64
-            -t registry.infra.mintel.me/mintel/gatekeeper:$TAG \
+          push: true
-            -t registry.infra.mintel.me/mintel/gatekeeper:latest \
+          secrets: |
-            -f packages/infra/docker/Dockerfile.gatekeeper \
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-            --push .
+          tags: |
+            registry.infra.mintel.me/mintel/gatekeeper:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/gatekeeper:latest
 
       - name: 🏗️ Build & Push Directus (Base)
-        env:
+        uses: docker/build-push-action@v5
-          TAG: ${{ github.ref_name }}
+        with:
-        run: |
+          context: .
-          docker buildx build \
+          file: packages/infra/docker/Dockerfile.directus
-            --platform linux/amd64,linux/arm64 \
+          platforms: linux/amd64,linux/arm64
-            -t registry.infra.mintel.me/mintel/directus:$TAG \
+          push: true
-            -t registry.infra.mintel.me/mintel/directus:latest \
+          secrets: |
-            -f packages/infra/docker/Dockerfile.directus \
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-            --push .
+          tags: |
+            registry.infra.mintel.me/mintel/directus:${{ github.ref_name }}
+            registry.infra.mintel.me/mintel/directus:latest

packages/infra/docker/Dockerfile.gatekeeper

@@ -6,15 +6,15 @@ WORKDIR /app
 # Enable pnpm
 RUN corepack enable pnpm
 
-# Install dependencies (using monorepo root context)
+# Step 2: Install dependencies
-COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./
+# We copy everything first because we have a .dockerignore
-COPY packages/gatekeeper/package.json ./packages/gatekeeper/
+# and we need the workspace structure for pnpm to work correctly
-COPY packages/next-utils/package.json ./packages/next-utils/
+COPY . .
-COPY packages/tsconfig/package.json ./packages/tsconfig/
-COPY packages/eslint-config/package.json ./packages/eslint-config/
-COPY packages/next-config/package.json ./packages/next-config/
 
+# Use a secret for NPM_TOKEN to authenticate with private registry
 RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
+    --mount=type=secret,id=NPM_TOKEN \
+    export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN) && \
     pnpm i --frozen-lockfile
 
 # Copy source

packages/infra/docker/Dockerfile.nextjs

@@ -1,24 +1,19 @@
+# Step 1: Base image
 FROM node:20-alpine AS base
-
 RUN apk add --no-cache libc6-compat curl
 WORKDIR /app
-
-# Enable pnpm
 RUN corepack enable pnpm
 
-# Copy root configurations
+# Step 2: Install dependencies
-COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./
+# We copy everything first because we have a .dockerignore
-
+# and we need the workspace structure for pnpm to work correctly
-# Copy all package.json files to allow pnpm install to be cached
-COPY packages/*/package.json ./packages/
-COPY apps/*/package.json ./apps/
-
-# Install dependencies for the entire monorepo
-RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
-    pnpm i --frozen-lockfile
-
-# Copy the rest of the source code
 COPY . .
 
-# Post-install/Build shared packages if needed
+# Use a secret for NPM_TOKEN to authenticate with private registry
-RUN pnpm -r build --filter="./packages/*"
+RUN --mount=type=cache,target=/root/.local/share/pnpm/store/v3 \
+    --mount=type=secret,id=NPM_TOKEN \
+    export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN) && \
+    pnpm i --frozen-lockfile
+
+# Step 3: Build shared packages
+RUN pnpm --filter "./packages/*" -r build

packages/infra/gitea/deploy-action.yml

@@ -24,6 +24,8 @@ jobs:
   prepare:
     name: 🔍 Prepare Environment
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     outputs:
       target:           ${{ steps.determine.outputs.target }}
       image_tag:        ${{ steps.determine.outputs.image_tag }}
@@ -136,6 +138,8 @@ jobs:
     needs: prepare
     if: needs.prepare.outputs.target != 'skip'
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -144,7 +148,6 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-          cache: 'npm'
 
       - name: Install dependencies
         run: npm ci
@@ -171,6 +174,8 @@ jobs:
     needs: prepare
     if: needs.prepare.outputs.target != 'skip'
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -179,23 +184,26 @@ jobs:
         uses: docker/setup-buildx-action@v3
 
       - name: 🔐 Registry Login
-        run: |
+        uses: docker/login-action@v3
-          echo "${{ secrets.REGISTRY_PASS }}" | docker login registry.infra.mintel.me -u "${{ secrets.REGISTRY_USER }}" --password-stdin
+        with:
+          registry: registry.infra.mintel.me
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
 
       - name: 🏗️ Docker Build & Push
-        env:
+        uses: docker/build-push-action@v5
-          IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
+        with:
-          NEXT_PUBLIC_BASE_URL: ${{ needs.prepare.outputs.next_public_base_url }}
+          context: .
-        run: |
+          platforms: linux/arm64
-          docker buildx build \
+          build-args: |
-            --pull \
+            NEXT_PUBLIC_BASE_URL=${{ needs.prepare.outputs.next_public_base_url }}
-            --platform linux/arm64 \
+            NEXT_PUBLIC_TARGET=${{ needs.prepare.outputs.target }}
-            --build-arg NEXT_PUBLIC_BASE_URL="$NEXT_PUBLIC_BASE_URL" \
+          push: true
-            --build-arg NEXT_PUBLIC_TARGET="${{ needs.prepare.outputs.target }}" \
+          secrets: |
-            -t registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:$IMAGE_TAG \
+            NPM_TOKEN=${{ secrets.NPM_TOKEN }}
-            --cache-from type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache \
+          tags: registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:${{ needs.prepare.outputs.image_tag }}
-            --cache-to type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache,mode=max \
+          cache-from: type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache
-            --push .
+          cache-to: type=registry,ref=registry.infra.mintel.me/mintel/${{ github.event.repository.name }}:buildcache,mode=max
 
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 4: Deploy
@@ -205,6 +213,8 @@ jobs:
     needs: [prepare, build, qa]
     if: needs.prepare.outputs.target != 'skip'
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     env:
       TARGET: ${{ needs.prepare.outputs.target }}
       IMAGE_TAG: ${{ needs.prepare.outputs.image_tag }}
@@ -271,6 +281,8 @@ jobs:
     needs: [prepare, deploy]
     if: always()
     runs-on: docker
+    container:
+      image: catthehacker/ubuntu:act-latest
     steps:
       - name: 🔔 Gotify - Success
         if: needs.deploy.result == 'success'

packages/next-utils/src/index.test.ts

@@ -1,5 +1,5 @@
 import { describe, it, expect } from "vitest";
-import { isValidLang } from "../src/index";
+import { isValidLang } from "./lang";
 
 describe("next-utils", () => {
   it("should validate languages correctly", () => {

packages/next-utils/src/index.ts

@@ -30,12 +30,7 @@ export async function rateLimit(
   submissions[identifier] = now;
 }
 
-export const languages = ["en", "de"] as const;
+export * from "./lang";
-export type Lang = (typeof languages)[number];
-
-export function isValidLang(lang: string): lang is Lang {
-  return (languages as readonly string[]).includes(lang);
-}
 
 export * from "./i18n";
 export * from "./env";

packages/next-utils/src/lang.ts

@@ -0,0 +1,6 @@
+export const languages = ["en", "de"] as const;
+export type Lang = (typeof languages)[number];
+
+export function isValidLang(lang: string): lang is Lang {
+  return (languages as readonly string[]).includes(lang);
+}