fix(docker): pass placeholder DATABASE_URL/AUTH_SECRET during web build

Setting the route's `dynamic = "force-dynamic"` only stops Next from
calling the GET handler — not from evaluating the route module. The
bundled route.js inlines lib/db.ts's top-level
createClient(env.DATABASE_URL); next build's "Collecting page data"
pass imports the bundle, env access fires, and Zod throws because
the build container has no DATABASE_URL.

Same story for AUTH_SECRET via actions/auth.ts.

Export both as placeholders inside the RUN layer. pg.Pool is lazy
(stores URL, only connects on first query) and AUTH_SECRET only
matters at sign/verify time, so neither placeholder runs during
build. Each Dockerfile RUN is its own shell — nothing leaks into
the runtime image.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docker/web.Dockerfile

@@ -18,7 +18,20 @@ COPY tsconfig.base.json turbo.json ./
 COPY apps/web apps/web
 COPY packages/db packages/db
 COPY packages/shared packages/shared
-RUN pnpm --filter @cmbot/shared build && \
+# Placeholder env values during `next build`'s "Collecting page data"
+# pass. Next bundles `lib/db.ts` (`createClient(env.DATABASE_URL)`) and
+# `actions/auth.ts` (uses AUTH_SECRET) into route bundles; their
+# top-level env access fires when Next imports the route to inspect
+# its config (the route's own `export const dynamic = "force-dynamic"`
+# stops handler execution, NOT module evaluation).
+#
+# pg.Pool is lazy — it stores the URL and only connects on the first
+# query — so a build-time placeholder never opens a socket. The
+# placeholders are scoped to this RUN layer (each Dockerfile RUN is
+# its own shell); nothing leaks into the runtime image.
+RUN export DATABASE_URL=postgres://build:build@localhost:5432/build && \
+    export AUTH_SECRET=build-time-placeholder-not-used-at-runtime && \
+    pnpm --filter @cmbot/shared build && \
     pnpm --filter @cmbot/db build && \
     pnpm --filter @cmbot/web build