# Stage 1: Builder FROM registry.infra.mintel.me/mintel/nextjs:v1.8.21 AS builder WORKDIR /app # Arguments for build-time configuration ARG NEXT_PUBLIC_BASE_URL ARG NEXT_PUBLIC_TARGET ARG UMAMI_API_ENDPOINT ARG NPM_TOKEN # Environment variables for Next.js build ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET ENV UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT ENV SKIP_RUNTIME_ENV_VALIDATION=true ENV CI=true # Copy manifest files specifically for better layer caching COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./ COPY apps/web/package.json ./apps/web/package.json # Copy sibling monorepo for linked dependencies (cloned during CI) COPY _at-mintel* /at-mintel/ # Install dependencies with cache mount and dynamic .npmrc (High Fidelity pattern) RUN --mount=type=cache,id=pnpm,target=/pnpm/store \ --mount=type=secret,id=NPM_TOKEN \ export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN 2>/dev/null || echo $NPM_TOKEN) && \ echo "@mintel:registry=https://npm.infra.mintel.me" > /at-mintel/.npmrc && \ echo "//npm.infra.mintel.me/:_authToken=\${NPM_TOKEN}" >> /at-mintel/.npmrc && \ cp /at-mintel/.npmrc .npmrc && \ cd /at-mintel && pnpm install --no-frozen-lockfile && pnpm build && \ cd /app && pnpm install --no-frozen-lockfile && \ rm /at-mintel/.npmrc .npmrc # Copy source code COPY . . # Build application (monorepo filter) ENV NODE_OPTIONS="--max_old_space_size=4096" RUN pnpm --filter @mintel/web build # Stage 2: Runner FROM registry.infra.mintel.me/mintel/runtime:latest AS runner WORKDIR /app # Copy standalone output and static files (Monorepo paths) # Note: Base image already handles the non-root user and basic env COPY --from=builder /app/apps/web/public ./apps/web/public COPY --from=builder /app/apps/web/.next/standalone ./ COPY --from=builder /app/apps/web/.next/static ./apps/web/.next/static COPY --from=builder /app/apps/web/.next/cache ./apps/web/.next/cache # Start from the app directory to ensure references solve correctly WORKDIR /app/apps/web CMD ["node", "server.js"]