moyosapp_beta.0.0.3.3_beta1/Dockerfile

# syntax=docker/dockerfile:1

# Multi-stage Dockerfile for Next.js 16 production build (Node 20)
# - Does NOT bake secrets via ARG/ENV
# - Skips env validation during build (SKIP_ENV_VALIDATION=1 in builder only)
# - Enforces required secrets at runtime via entrypoint.sh
# Note: COOLIFY_URL and COOLIFY_FQDN build args are injected by Coolify but not used in this Dockerfile

############################
# Stage 1: Dependencies
############################
FROM node:20-alpine AS deps
WORKDIR /app

# Reduce noisy npm output in CI builds
ENV NPM_CONFIG_FUND=false
ENV NPM_CONFIG_AUDIT=false
ENV NPM_CONFIG_UPDATE_NOTIFIER=false
ENV NPM_CONFIG_LOGLEVEL=error

# Native deps (if you have any native modules)
# vips-dev is required for building sharp native binaries
# This is the ONLY stage that needs build tools - native modules are built here
# Additional packages needed for sharp to build from source if pre-built binaries aren't available
RUN echo "📦 Installing Alpine packages (build tools)..." && \
    apk add --no-cache libc6-compat python3 make g++ vips-dev pkgconfig

# Copy lockfiles and Prisma schema (postinstall may need it)
# package-lock.json is required for npm ci (reproducible builds)
COPY package.json package-lock.json ./
COPY prisma ./prisma

# Install build tools globally for native modules (sharp needs these when building from source)
RUN npm install -g node-gyp node-addon-api

# Set environment variables to help sharp build properly
# SHARP_IGNORE_GLOBAL_LIBVIPS=1 tells sharp to use the system libvips we installed
ENV SHARP_IGNORE_GLOBAL_LIBVIPS=1
RUN echo "📥 Installing npm dependencies..." && \
    npm ci --omit=dev --no-audit --no-fund --loglevel=error


############################
# Stage 2: Builder
############################
FROM node:20-alpine AS builder
WORKDIR /app

# Note: No build tools needed here - native modules are already built in deps stage
# Copying pre-built node_modules from deps stage (includes compiled native binaries)

COPY --from=deps /app/node_modules ./node_modules
COPY . .

# Generate Prisma Client for build (if your build imports Prisma)
RUN echo "🔧 Generating Prisma Client..." && \
    npx prisma generate

ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_ENV=production

# IMPORTANT:
# Do not require secrets at build time; enforce at runtime instead.
ENV SKIP_ENV_VALIDATION=1

RUN echo "🔨 Building Next.js application..." && \
    npm run build


############################
# Stage 3: Runner
############################
FROM node:20-alpine AS runner
WORKDIR /app

ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV PORT=3000
ENV HOSTNAME="0.0.0.0"

# Runtime libraries for native dependencies:
# - sharp requires vips
# - prisma engines require openssl + libstdc++
RUN apk add --no-cache libc6-compat vips openssl ca-certificates libstdc++

# Non-root user
RUN addgroup --system --gid 1001 nodejs \
  && adduser  --system --uid 1001 nextjs

# Runtime files
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static

# Prisma migrations at startup require Prisma CLI + its full dependency tree.
# Copy the complete production node_modules (avoid chasing missing transitive deps).
# NOTE: this intentionally overwrites the minimal standalone node_modules.
COPY --from=deps /app/node_modules ./node_modules

# Prisma schema + migrations
COPY --from=builder /app/prisma ./prisma
COPY --from=builder /app/prisma.config.ts ./prisma.config.ts

# Add runtime env check entrypoint (no secrets baked)
COPY docker/entrypoint.sh /app/entrypoint.sh
RUN chmod +x /app/entrypoint.sh \
  && chown -R nextjs:nodejs /app

USER nextjs

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
  CMD node -e "require('http').get('http://127.0.0.1:3000/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1)).on('error', () => process.exit(1))"

CMD ["/app/entrypoint.sh"]