Marc Mintel
76e25d03b9
All checks were successful
Build & Deploy / 🔍 Prepare (push) Successful in 10s
Build & Deploy / 🏗️ Build (push) Successful in 23m32s
Build & Deploy / 🚀 Deploy (push) Successful in 2m25s
Build & Deploy / 🧪 QA (push) Successful in 3m50s
Build & Deploy / 🧪 Post-Deploy Verification (push) Successful in 4m49s
Build & Deploy / 🔔 Notify (push) Successful in 3s
71 lines
2.5 KiB
Docker
71 lines
2.5 KiB
Docker
# Stage 1: Builder
|
|
FROM git.infra.mintel.me/mmintel/nextjs:latest AS builder
|
|
WORKDIR /app
|
|
|
|
# Arguments for build-time configuration
|
|
ARG NEXT_PUBLIC_BASE_URL
|
|
ARG NEXT_PUBLIC_TARGET
|
|
ARG UMAMI_API_ENDPOINT
|
|
ARG NPM_TOKEN
|
|
ARG S3_ENDPOINT
|
|
ARG S3_ACCESS_KEY
|
|
ARG S3_SECRET_KEY
|
|
ARG S3_BUCKET
|
|
ARG S3_REGION
|
|
ARG S3_PREFIX
|
|
|
|
# Environment variables for Next.js build
|
|
ENV NEXT_PUBLIC_BASE_URL=$NEXT_PUBLIC_BASE_URL
|
|
ENV NEXT_PUBLIC_TARGET=$NEXT_PUBLIC_TARGET
|
|
ENV UMAMI_API_ENDPOINT=$UMAMI_API_ENDPOINT
|
|
ENV S3_ENDPOINT=$S3_ENDPOINT
|
|
ENV S3_ACCESS_KEY=$S3_ACCESS_KEY
|
|
ENV S3_SECRET_KEY=$S3_SECRET_KEY
|
|
ENV S3_BUCKET=$S3_BUCKET
|
|
ENV S3_REGION=$S3_REGION
|
|
ENV S3_PREFIX=$S3_PREFIX
|
|
ENV SKIP_RUNTIME_ENV_VALIDATION=true
|
|
ENV CI=true
|
|
|
|
# Copy manifest files specifically for better layer caching
|
|
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json .npmrc* ./
|
|
COPY apps/web/package.json ./apps/web/package.json
|
|
# Copy sibling monorepo for linked dependencies (cloned during CI)
|
|
# Placing it inside /app so relative links like ../../_at-mintel resolve correctly!
|
|
COPY _at-mintel* /app/_at-mintel/
|
|
|
|
|
|
# Install dependencies with cache mount and dynamic .npmrc (High Fidelity pattern)
|
|
RUN --mount=type=cache,id=pnpm,target=/pnpm/store \
|
|
--mount=type=secret,id=NPM_TOKEN \
|
|
export NPM_TOKEN=$(cat /run/secrets/NPM_TOKEN 2>/dev/null || echo $NPM_TOKEN) && \
|
|
echo "@mintel:registry=https://npm.infra.mintel.me" > .npmrc && \
|
|
echo "//npm.infra.mintel.me/:_authToken=\"\${NPM_TOKEN}\"" >> .npmrc && \
|
|
echo "always-auth=true" >> .npmrc && \
|
|
cd /app/_at-mintel && pnpm install --no-frozen-lockfile && pnpm build && \
|
|
cd /app && pnpm install --no-frozen-lockfile && \
|
|
rm .npmrc
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build application (monorepo filter)
|
|
ENV NODE_OPTIONS="--max_old_space_size=4096"
|
|
RUN pnpm --filter @mintel/web build
|
|
|
|
# Stage 2: Runner
|
|
FROM git.infra.mintel.me/mmintel/runtime:latest AS runner
|
|
WORKDIR /app
|
|
|
|
# Copy standalone output and static files (Monorepo paths)
|
|
# Note: Base image already handles the non-root user and basic env
|
|
COPY --from=builder /app/apps/web/public ./apps/web/public
|
|
COPY --from=builder /app/apps/web/.next/standalone ./
|
|
COPY --from=builder /app/apps/web/.next/static ./apps/web/.next/static
|
|
|
|
# Explicitly copy Payload dynamically generated importMap.js excluded by Standalone tracing
|
|
COPY --from=builder /app/apps/web/app/(payload)/admin/importMap.js ./apps/web/app/(payload)/admin/importMap.js
|
|
# Start from the app directory to ensure references solve correctly
|
|
WORKDIR /app/apps/web
|
|
CMD ["node", "server.js"]
|