ci: fix private registry access in Docker build stage

.gitea/workflows/deploy.yml

@@ -37,6 +37,13 @@ jobs:
     container:
       image: catthehacker/ubuntu:act-latest
     steps:
+      - name: 🧹 Maintenance (High Density Cleanup)
+        shell: bash
+        run: |
+          echo "Purging old build layers and dangling images..."
+          docker image prune -f
+          docker builder prune -f --filter "until=6h"
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
@@ -284,6 +291,10 @@ jobs:
           
           ssh root@alpha.mintel.me "docker system prune -f --filter 'until=24h'"
 
+      - name: 🧹 Post-Deploy Cleanup (Runner)
+        if: always()
+        run: docker builder prune -f --filter "until=1h"
+
   # ──────────────────────────────────────────────────────────────────────────────
   # JOB 5: Notifications
   # ──────────────────────────────────────────────────────────────────────────────

Dockerfile

@@ -1,8 +1,8 @@
 # Stage 1: Builder
-FROM registry.infra.mintel.me/mintel/nextjs:latest AS builder
+FROM node:20-alpine AS builder
 WORKDIR /app
 
-# Clean the workspace in case the base image is dirty
+# Clean the workspace
 RUN rm -rf ./*
 
 # Arguments for build-time configuration
@@ -18,17 +18,20 @@ ENV DIRECTUS_URL=$DIRECTUS_URL
 ENV SKIP_RUNTIME_ENV_VALIDATION=true
 ENV CI=true
 
-# Enable pnpm
-RUN corepack enable
+# Enable pnpm v10
+RUN corepack enable && corepack prepare pnpm@10.3.0 --activate
 
 # Copy lockfile and manifest for dependency installation caching
 COPY pnpm-lock.yaml package.json .npmrc* ./
 
-# Install dependencies with cache mount
+# Configure private registry and install dependencies
 RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
     --mount=type=secret,id=NPM_TOKEN \
     export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN 2>/dev/null || echo $NPM_TOKEN) && \
-    pnpm install --frozen-lockfile
+    echo "@mintel:registry=https://npm.infra.mintel.me" > .npmrc && \
+    echo "//npm.infra.mintel.me/:_authToken=\${NPM_TOKEN}" >> .npmrc && \
+    pnpm install --frozen-lockfile && \
+    rm .npmrc
 
 # Copy source code
 COPY . .
@@ -37,9 +40,17 @@ COPY . .
 RUN pnpm build
 
 # Stage 2: Runner
-FROM registry.infra.mintel.me/mintel/runtime:latest AS runner
+FROM node:20-alpine AS runner
 WORKDIR /app
 
+# Install curl for health checks
+RUN apk add --no-cache curl
+
+# Create nextjs user and group
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs && \
+    chown nextjs:nodejs /app
+
 ENV HOSTNAME="0.0.0.0"
 ENV PORT=3000
 ENV NODE_ENV=production