FROM node:20-alpine3.20 AS base RUN apk add --no-cache bash curl libc6-compat wget coreutils COPY ./infrastructure/docker/common/wait-for-it.sh /usr/local/bin/wait-for-it COPY ./infrastructure/docker/common/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh RUN chmod +x /usr/local/bin/wait-for-it /usr/local/bin/docker-entrypoint.sh RUN npm install -g pnpm FROM base AS deps WORKDIR /app COPY package.json pnpm-lock.yaml ./ RUN pnpm install --frozen-lockfile --prod --dangerously-allow-all-builds FROM base AS builder WORKDIR /app COPY package.json pnpm-lock.yaml ./ RUN pnpm install --frozen-lockfile --dangerously-allow-all-builds COPY . . # Railway only injects service variables into Docker builds when matching ARGs # exist. Keep that list tight and limited to values that affect the built # artifact. The rest should stay runtime-only and come from the service env. ARG NEXT_PUBLIC_APP_URL ARG NEXT_PUBLIC_GOOGLE_CLIENT_ID ARG NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY ARG NEXT_PUBLIC_CITYCHANGE_API_URL ARG SENTRY_DSN ARG NEXT_PUBLIC_SENTRY_DISABLED # This app validates env eagerly during build via src/config/env.ts. Supply # build-safe placeholders for server-only runtime secrets so the compiler can # finish without baking the whole runtime environment into the image. ENV NODE_ENV=production \ NEXT_TELEMETRY_DISABLED=1 RUN NEXT_PUBLIC_APP_URL="${NEXT_PUBLIC_APP_URL}" \ NEXT_PUBLIC_GOOGLE_CLIENT_ID="${NEXT_PUBLIC_GOOGLE_CLIENT_ID:-}" \ NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY="${NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY}" \ NEXT_PUBLIC_CITYCHANGE_API_URL="${NEXT_PUBLIC_CITYCHANGE_API_URL:-}" \ SENTRY_DSN="${SENTRY_DSN:-}" \ NEXT_PUBLIC_SENTRY_DISABLED="${NEXT_PUBLIC_SENTRY_DISABLED:-}" \ DATABASE_URL="postgresql://build:build@127.0.0.1:5432/build" \ BETTER_AUTH_SECRET="build_only_secret_0123456789abcdef0123456789abcdef" \ BETTER_AUTH_URL="${NEXT_PUBLIC_APP_URL:-http://localhost:3000}" \ BETTER_AUTH_EMAIL="build@magasinetkbh.invalid" \ STRIPE_SECRET_KEY="sk_test_build_placeholder" \ STRIPE_WEBHOOK_SECRET="whsec_build_placeholder" \ MOBILE_PAY_BASE_URL="https://example.com" \ MOBILE_PAY_CLIENT_ID="build-mobilepay-client-id" \ MOBILE_PAY_CLIENT_SECRET="build-mobilepay-client-secret" \ MOBILE_PAY_SUBSCRIPTION_KEY="build-mobilepay-subscription-key" \ MOBILE_PAY_MERCHANT_SERIAL_NUMBER="build-mobilepay-merchant" \ MOBILE_PAY_WEBHOOK_ID="build-mobilepay-webhook-id" \ MOBILE_PAY_WEBHOOK_SECRET="build-mobilepay-webhook-secret" \ pnpm exec next build FROM base AS runner WORKDIR /app ENV NODE_ENV=production \ NEXT_TELEMETRY_DISABLED=1 \ PORT=3000 \ HOSTNAME=0.0.0.0 RUN addgroup --system --gid 1001 nodejs && \ adduser --system --uid 1001 nextjs # Automatically leverage output traces to reduce image size # https://nextjs.org/docs/advanced-features/output-file-tracing COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/public ./public COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static # Copy migration files and package.json for migrations COPY --from=builder --chown=nextjs:nodejs /app/drizzle ./drizzle COPY --from=builder --chown=nextjs:nodejs /app/tsconfig.json ./tsconfig.json COPY --from=builder --chown=nextjs:nodejs /app/package.json ./package.json COPY --from=builder --chown=nextjs:nodejs /app/pnpm-lock.yaml ./pnpm-lock.yaml COPY --from=builder --chown=nextjs:nodejs /app/migrate.js ./migrate.js COPY --from=builder --chown=nextjs:nodejs /app/drizzle.config.ts ./drizzle.config.ts # Copy source files needed for migrations COPY --from=builder --chown=nextjs:nodejs /app/src/lib ./src/lib COPY --from=builder --chown=nextjs:nodejs /app/src/features ./src/features COPY --from=builder --chown=nextjs:nodejs /app/src/server ./src/server COPY --from=builder --chown=nextjs:nodejs /app/src/config ./src/config COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules # Install pnpm and dependencies for migrations RUN pnpm install --frozen-lockfile --prod --dangerously-allow-all-builds # Set the correct permission for prerender cache RUN mkdir -p .next && chown nextjs:nodejs .next USER nextjs EXPOSE 3000 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"] CMD ["node", "server.js"]