Merge pull request #431 from CodeForAfrica/ft/docker-image

feat(docker): add docker support with apache tika integration

Author: kelvinkipruto

.dockerignore

@@ -0,0 +1,34 @@
+# Exclude version control and dependency directories
+.git
+.gitignore
+node_modules
+.next
+out
+build
+coverage
+temp
+old
+# Ignore local env and config overrides
+.env*
+.env.local
+.env.*
+
+# OS / editor files
+.DS_Store
+.idea
+
+# Test artifacts
+playwright-report
+blob-report
+test-results
+
+# vscode
+.vscode
+
+# Misc
+script.js
+documents
+media
+old
+temp
+tests

.env.example

@@ -3,6 +3,7 @@ NEXT_PUBLIC_APP_URL=http://localhost:3000
 # Payload
 DATABASE_URI=mongodb://127.0.0.1/your-database-name
 PAYLOAD_SECRET=YOUR_SECRET_HERE
+AX_APACHE_TIKA_URL=http://127.0.0.1:9998/
 
 #Sentry
 NEXT_PUBLIC_SENTRY_DSN=
@@ -13,3 +14,16 @@ SENTRY_PROJECT=promisetracker
 #Locales
 NEXT_PUBLIC_DEFAULT_LOCALE=en
 NEXT_PUBLIC_LOCALES="en, fr"
+
+# S3
+S3_BUCKET=
+S3_ACCESS_KEY_ID=
+S3_SECRET_ACCESS_KEY=
+S3_REGION=
+
+# SMTP
+SMTP_USER=
+SMTP_HOST=
+SMTP_PASS=
+SMTP_FROM_ADDRESS=
+SMTP_FROM_NAME=

.github/workflows/deploy-dev.yml

@@ -0,0 +1,71 @@
+name: Promise Tracker | Deploy | Dev
+
+on:
+  push:
+    branches: [main]
+
+concurrency:
+  group: "${{ github.workflow }} @ ${{ github.ref }}"
+  cancel-in-progress: true
+
+env:
+  APP_NAME: promisetracker-v2
+  DOKKU_REMOTE_BRANCH: "master"
+  DOKKU_REMOTE_URL: "ssh://[email protected]"
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  IMAGE_NAME: "codeforafrica/promisetracker-v2"
+  NEXT_PUBLIC_APP_URL: "https://promisetracker-v2.dev.codeforafrica.org"
+  SENTRY_ENVIRONMENT: "development"
+
+jobs:
+  deploy:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        node-version: [20.16]
+        os: [ubuntu-latest]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # Add support for more platforms with QEMU (optional)
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v3
+        with:
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          build-args: |
+            NEXT_PUBLIC_APP_URL=${{ env.NEXT_PUBLIC_APP_URL }}
+            NEXT_PUBLIC_SENTRY_DSN=${{ secrets.SENTRY_DSN }}
+            SENTRY_ENVIRONMENT=${{ env.SENTRY_ENVIRONMENT }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          context: .
+          platforms: linux/arm64
+          push: true
+          secrets: |
+            "database_uri=${{ secrets.DATABASE_URI }}"
+            "payload_secret=${{ secrets.PAYLOAD_SECRET }}"
+            "sentry_auth_token=${{ secrets.SENTRY_AUTH_TOKEN }}"
+            "sentry_org=${{ secrets.SENTRY_ORG }}"
+            "sentry_project=${{ secrets.SENTRY_PROJECT }}"
+          tags: "${{ env.IMAGE_NAME }}:${{ github.sha }}"
+
+      - name: Push to Dokku
+        uses: dokku/[email protected]
+        with:
+          git_remote_url: ${{ env.DOKKU_REMOTE_URL }}/${{ env.APP_NAME }}
+          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
+          deploy_docker_image: ${{ env.IMAGE_NAME }}:${{ github.sha }}

Dockerfile

@@ -1,71 +1,80 @@
 # To use this Dockerfile, you have to set `output: 'standalone'` in your next.config.mjs file.
-# From https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
+# Based on https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
+
+ARG PNPM_VERSION=10.16.1
 
 FROM node:22.12.0-alpine AS base
+ARG PNPM_VERSION
+RUN npm install -g pnpm@${PNPM_VERSION}
 
 # Install dependencies only when needed
 FROM base AS deps
-# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
-# Install dependencies based on the preferred package manager
-COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
-RUN \
-  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
-  elif [ -f package-lock.json ]; then npm ci; \
-  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
-  else echo "Lockfile not found." && exit 1; \
-  fi
-
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
 
 # Rebuild the source code only when needed
 FROM base AS builder
 WORKDIR /app
+
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 
-# Next.js collects completely anonymous telemetry data about general usage.
-# Learn more here: https://nextjs.org/telemetry
-# Uncomment the following line in case you want to disable telemetry during the build.
-# ENV NEXT_TELEMETRY_DISABLED 1
+ENV NODE_ENV=production \
+    NEXT_TELEMETRY_DISABLED=1 \
+    NEXT_PUBLIC_APP_URL=http://localhost:3000
 
-RUN \
-  if [ -f yarn.lock ]; then yarn run build; \
-  elif [ -f package-lock.json ]; then npm run build; \
-  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
-  else echo "Lockfile not found." && exit 1; \
-  fi
+RUN --mount=type=secret,id=database_uri,env=DATABASE_URI \
+    --mount=type=secret,id=payload_secret,env=PAYLOAD_SECRET \
+    --mount=type=secret,id=sentry_auth_token,env=SENTRY_AUTH_TOKEN \
+    --mount=type=secret,id=sentry_org,env=SENTRY_ORG \
+    --mount=type=secret,id=sentry_project,env=SENTRY_PROJECT \
+    NODE_OPTIONS="--no-deprecation" pnpm exec next build
 
 # Production image, copy all the files and run next
 FROM base AS runner
+ARG TIKA_VERSION=3.2.3
 WORKDIR /app
 
-ENV NODE_ENV production
-# Uncomment the following line in case you want to disable telemetry during runtime.
-# ENV NEXT_TELEMETRY_DISABLED 1
+ENV NODE_ENV=production \
+    TIKA_VERSION=${TIKA_VERSION} \
+    TIKA_PORT=9998 \
+    TIKA_HOST=0.0.0.0 \
+    TIKA_SERVER_JAR=/opt/tika/tika-server.jar \
+    TIKA_ENABLED=1 \
+    AX_APACHE_TIKA_URL=http://127.0.0.1:9998/ \
+    HOSTNAME=0.0.0.0 \
+    PORT=3000
+
+RUN apk add --no-cache openjdk17-jre-headless curl
 
 RUN addgroup --system --gid 1001 nodejs
 RUN adduser --system --uid 1001 nextjs
 
-# Remove this line if you do not have this folder
+RUN mkdir -p /opt/tika \
+  && curl -fsSL "https://archive.apache.org/dist/tika/${TIKA_VERSION}/tika-server-standard-${TIKA_VERSION}.jar" -o "${TIKA_SERVER_JAR}" \
+  && chmod 644 "${TIKA_SERVER_JAR}"
+
 COPY --from=builder /app/public ./public
 
-# Set the correct permission for prerender cache
 RUN mkdir .next
 RUN chown nextjs:nodejs .next
 
-# Automatically leverage output traces to reduce image size
-# https://nextjs.org/docs/advanced-features/output-file-tracing
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
 
+COPY docker/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+RUN mkdir -p /app/temp /app/media \
+  && chown nextjs:nodejs /app/temp /app/media \
+  && chmod 775 /app/temp /app/media
+
 USER nextjs
 
 EXPOSE 3000
 
-ENV PORT 3000
-
-# server.js is created by next build from the standalone output
-# https://nextjs.org/docs/pages/api-reference/next-config-js/output
-CMD HOSTNAME="0.0.0.0" node server.js
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["node", "server.js"]

README.md

@@ -18,3 +18,17 @@
 4. Update settings in admin
    [/admin/globals/settings]
 5. When testing multitenant app, use a domain that resolves to localhost, similar to `localtest.me`, for example `ken.localtest.me:3000`
+
+## Docker Image
+
+- Build the production image (bundles Apache Tika 3.2.3, no database services) using Docker BuildKit secrets:
+  ```
+  docker build -t promisetracker:latest \
+    --secret id=database_uri,env=DATABASE_URI \
+    --secret id=payload_secret,env=PAYLOAD_SECRET \
+    .
+  ```
+  Provide `DATABASE_URI` and `PAYLOAD_SECRET` (build fails if they’re missing); Sentry secrets are optional. You can also point secrets at files via `--secret id=…,src=path/to/file`.
+- Run the container against an external database:
+  `docker run -p 3000:3000 -e DATABASE_URI="<your-database-uri>" -e PAYLOAD_SECRET="<secret>" promisetracker:latest`
+- The bundled Apache Tika server listens on `http://127.0.0.1:9998/`. Override `AX_APACHE_TIKA_URL`, `TIKA_PORT`, or `TIKA_ENABLED=0` if you prefer an external Tika service.