-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
83 lines (66 loc) · 2.47 KB
/
Dockerfile
File metadata and controls
83 lines (66 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# Stage 1: Install dependencies
FROM node:22-alpine AS deps
WORKDIR /app
# Enable corepack for pnpm
RUN corepack enable && corepack prepare pnpm@latest --activate
# Copy package files
COPY package.json pnpm-lock.yaml ./
# Install dependencies
RUN pnpm install --frozen-lockfile
# Stage 2: Build application
FROM node:22-alpine AS builder
WORKDIR /app
# Enable corepack for pnpm
RUN corepack enable && corepack prepare pnpm@latest --activate
# Build-time environment variables (Coolify passes these as --build-arg)
ARG NEXT_PUBLIC_MW_URL
ARG NEXT_PUBLIC_FRONTEND_URL
ARG NEXT_PUBLIC_PRIVY_APP_ID
ARG NEXT_PUBLIC_ALLOW_INDEXING=false
ARG NEXT_PUBLIC_GA_MEASUREMENT_ID=G-VBP2TL6RJ0
ENV NEXT_PUBLIC_MW_URL=$NEXT_PUBLIC_MW_URL
ENV NEXT_PUBLIC_FRONTEND_URL=$NEXT_PUBLIC_FRONTEND_URL
ENV NEXT_PUBLIC_PRIVY_APP_ID=$NEXT_PUBLIC_PRIVY_APP_ID
ENV NEXT_PUBLIC_ALLOW_INDEXING=$NEXT_PUBLIC_ALLOW_INDEXING
ENV NEXT_PUBLIC_GA_MEASUREMENT_ID=$NEXT_PUBLIC_GA_MEASUREMENT_ID
# Sentry — withSentryConfig uploads source maps during build
ARG SENTRY_AUTH_TOKEN
ARG SENTRY_ORG
ARG SENTRY_PROJECT
ARG NEXT_PUBLIC_SENTRY_DSN
ENV SENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN
ENV SENTRY_ORG=$SENTRY_ORG
ENV SENTRY_PROJECT=$SENTRY_PROJECT
ENV NEXT_PUBLIC_SENTRY_DSN=$NEXT_PUBLIC_SENTRY_DSN
# Server env stubs — only needed to pass Zod validation during build
# Real secrets injected at runtime by Coolify
ENV SESSION_SECRET="build-time-placeholder-not-used-at-runtime-"
ENV PRIVY_APP_SECRET="build-time-placeholder"
ENV R2_ENDPOINT="https://placeholder.test"
ENV R2_ACCESS_KEY_ID="build-time-placeholder"
ENV R2_SECRET_ACCESS_KEY="build-time-placeholder"
ENV R2_BUCKET_NAME="build-time-placeholder"
ENV OPENAI_API_KEY="build-time-placeholder"
ENV UPSTASH_REDIS_REST_URL="https://placeholder.test"
ENV UPSTASH_REDIS_REST_TOKEN="build-time-placeholder"
# Copy dependencies from deps stage
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# Build Next.js (withSentryConfig uploads source maps during build)
RUN pnpm build
# Stage 3: Production runner
FROM node:22-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"
# Create non-root user for security
RUN addgroup --system --gid 1001 nodejs && \
adduser --system --uid 1001 nextjs
# Copy standalone build output
COPY --from=builder /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
USER nextjs
EXPOSE 3000
CMD ["node", "server.js"]