From b47c0409aeaafb96abdc5c0dd60cbe385e25aca4 Mon Sep 17 00:00:00 2001 From: yiekheng Date: Sun, 10 May 2026 22:23:49 +0800 Subject: [PATCH] fix(docker): pass placeholder DATABASE_URL/AUTH_SECRET during web build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Setting the route's `dynamic = "force-dynamic"` only stops Next from calling the GET handler — not from evaluating the route module. The bundled route.js inlines lib/db.ts's top-level createClient(env.DATABASE_URL); next build's "Collecting page data" pass imports the bundle, env access fires, and Zod throws because the build container has no DATABASE_URL. Same story for AUTH_SECRET via actions/auth.ts. Export both as placeholders inside the RUN layer. pg.Pool is lazy (stores URL, only connects on first query) and AUTH_SECRET only matters at sign/verify time, so neither placeholder runs during build. Each Dockerfile RUN is its own shell — nothing leaks into the runtime image. Co-Authored-By: Claude Opus 4.7 (1M context) --- docker/web.Dockerfile | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/docker/web.Dockerfile b/docker/web.Dockerfile index 8f87a51..70e9cb0 100644 --- a/docker/web.Dockerfile +++ b/docker/web.Dockerfile @@ -18,7 +18,20 @@ COPY tsconfig.base.json turbo.json ./ COPY apps/web apps/web COPY packages/db packages/db COPY packages/shared packages/shared -RUN pnpm --filter @cmbot/shared build && \ +# Placeholder env values during `next build`'s "Collecting page data" +# pass. Next bundles `lib/db.ts` (`createClient(env.DATABASE_URL)`) and +# `actions/auth.ts` (uses AUTH_SECRET) into route bundles; their +# top-level env access fires when Next imports the route to inspect +# its config (the route's own `export const dynamic = "force-dynamic"` +# stops handler execution, NOT module evaluation). +# +# pg.Pool is lazy — it stores the URL and only connects on the first +# query — so a build-time placeholder never opens a socket. The +# placeholders are scoped to this RUN layer (each Dockerfile RUN is +# its own shell); nothing leaks into the runtime image. +RUN export DATABASE_URL=postgres://build:build@localhost:5432/build && \ + export AUTH_SECRET=build-time-placeholder-not-used-at-runtime && \ + pnpm --filter @cmbot/shared build && \ pnpm --filter @cmbot/db build && \ pnpm --filter @cmbot/web build