FROM node:22-alpine AS base RUN npm install -g pnpm@9.12.0 WORKDIR /app FROM base AS deps COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./ COPY apps/web/package.json apps/web/ COPY packages/db/package.json packages/db/ COPY packages/shared/package.json packages/shared/ RUN pnpm install --frozen-lockfile FROM base AS build COPY --from=deps /app/node_modules /app/node_modules COPY --from=deps /app/apps/web/node_modules /app/apps/web/node_modules COPY --from=deps /app/packages/db/node_modules /app/packages/db/node_modules COPY --from=deps /app/packages/shared/node_modules /app/packages/shared/node_modules COPY tsconfig.base.json turbo.json ./ COPY apps/web apps/web COPY packages/db packages/db COPY packages/shared packages/shared # Placeholder env values during `next build`'s "Collecting page data" # pass. Next bundles `lib/db.ts` (`createClient(env.DATABASE_URL)`) and # `actions/auth.ts` (uses AUTH_SECRET) into route bundles; their # top-level env access fires when Next imports the route to inspect # its config (the route's own `export const dynamic = "force-dynamic"` # stops handler execution, NOT module evaluation). # # pg.Pool is lazy — it stores the URL and only connects on the first # query — so a build-time placeholder never opens a socket. The # placeholders are scoped to this RUN layer (each Dockerfile RUN is # its own shell); nothing leaks into the runtime image. RUN export DATABASE_URL=postgres://build:build@localhost:5432/build && \ export AUTH_SECRET=build-time-placeholder-not-used-at-runtime && \ pnpm --filter @cmbot/shared build && \ pnpm --filter @cmbot/db build && \ pnpm --filter @cmbot/web build FROM base AS runtime ENV NODE_ENV=production ENV PORT=3000 ENV HOSTNAME=0.0.0.0 COPY --from=build /app/apps/web/.next/standalone ./ COPY --from=build /app/apps/web/.next/static ./apps/web/.next/static COPY --from=build /app/apps/web/public ./apps/web/public # Reuse the `node` user (UID/GID 1000) that node:alpine ships with — # `addgroup -g 1000 app` collided with the pre-existing node group. RUN chown -R node:node /app USER node EXPOSE 3000 CMD ["node", "apps/web/server.js"]