2026-01-06 12:35:01 +01:00
|
|
|
FROM node:20-alpine AS base
|
2025-12-22 14:09:32 +01:00
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
# Install dependencies only when needed
|
|
|
|
|
FROM base AS deps
|
|
|
|
|
RUN apk add --no-cache libc6-compat
|
2025-12-22 14:09:32 +01:00
|
|
|
WORKDIR /app
|
|
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
# Install dependencies
|
|
|
|
|
COPY package.json package-lock.json* ./
|
2026-01-17 14:44:13 +01:00
|
|
|
RUN npm install
|
2025-12-22 14:09:32 +01:00
|
|
|
|
feat: Audit remediation + Stripe webhook + test suites
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00
|
|
|
# Generate Prisma Client (Prisma 7 uses prisma.config.mjs for datasource URL)
|
2026-01-06 12:35:01 +01:00
|
|
|
COPY prisma ./prisma/
|
feat: Audit remediation + Stripe webhook + test suites
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00
|
|
|
COPY prisma.config.mjs ./
|
2026-01-06 12:35:01 +01:00
|
|
|
RUN npx prisma generate
|
2025-12-22 14:09:32 +01:00
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
# Rebuild the source code only when needed
|
|
|
|
|
FROM base AS builder
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
COPY --from=deps /app/node_modules ./node_modules
|
2025-12-22 14:09:32 +01:00
|
|
|
COPY . .
|
|
|
|
|
|
2026-01-06 13:55:36 +01:00
|
|
|
# Ensure public directory exists
|
|
|
|
|
RUN mkdir -p public
|
|
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
# Next.js telemetry
|
|
|
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
|
|
|
|
|
|
|
|
RUN npm run build
|
|
|
|
|
|
|
|
|
|
# Production image, copy all the files and run next
|
|
|
|
|
FROM base AS runner
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
ENV NODE_ENV=production
|
|
|
|
|
ENV NEXT_TELEMETRY_DISABLED=1
|
|
|
|
|
|
2026-01-17 12:33:11 +01:00
|
|
|
# Install Docker CLI for spawning provisioning containers
|
|
|
|
|
RUN apk add --no-cache docker-cli
|
|
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
RUN addgroup --system --gid 1001 nodejs
|
|
|
|
|
RUN adduser --system --uid 1001 nextjs
|
|
|
|
|
|
2026-01-17 12:33:11 +01:00
|
|
|
# Add nextjs user to docker group for socket access
|
|
|
|
|
# Note: The actual docker group GID might differ - using 999 as common default
|
|
|
|
|
RUN addgroup -g 999 docker || true
|
|
|
|
|
RUN addgroup nextjs docker || true
|
|
|
|
|
|
|
|
|
|
# Create jobs and logs directories for provisioning
|
|
|
|
|
RUN mkdir -p /app/jobs /app/logs
|
|
|
|
|
RUN chown -R nextjs:nodejs /app/jobs /app/logs
|
|
|
|
|
|
2026-01-06 13:55:36 +01:00
|
|
|
# Create public directory and copy contents if they exist
|
|
|
|
|
RUN mkdir -p public
|
|
|
|
|
COPY --from=builder /app/public/. ./public/
|
2026-01-06 12:35:01 +01:00
|
|
|
|
|
|
|
|
# Set the correct permission for prerender cache
|
|
|
|
|
RUN mkdir .next
|
|
|
|
|
RUN chown nextjs:nodejs .next
|
|
|
|
|
|
|
|
|
|
# Automatically leverage output traces to reduce image size
|
|
|
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
|
|
|
|
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
|
|
|
|
|
feat: Audit remediation + Stripe webhook + test suites
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00
|
|
|
# Copy Prisma client and schema (for runtime + migrations)
|
2026-01-06 12:35:01 +01:00
|
|
|
COPY --from=deps /app/node_modules/.prisma ./node_modules/.prisma
|
|
|
|
|
COPY --from=deps /app/node_modules/@prisma ./node_modules/@prisma
|
|
|
|
|
COPY prisma ./prisma/
|
2026-01-17 15:31:23 +01:00
|
|
|
COPY prisma.config.mjs ./
|
2026-01-06 12:35:01 +01:00
|
|
|
|
feat: Audit remediation + Stripe webhook + test suites
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00
|
|
|
# Install Prisma CLI globally for running migrations on startup
|
|
|
|
|
# (copying just node_modules/prisma misses transitive deps like valibot)
|
|
|
|
|
RUN npm install -g prisma@7
|
|
|
|
|
|
|
|
|
|
# Copy startup script (runs migrations before starting app)
|
|
|
|
|
# Use tr to strip Windows CRLF line endings (more reliable than sed on Alpine)
|
|
|
|
|
COPY startup.sh /tmp/startup.sh
|
|
|
|
|
RUN tr -d '\r' < /tmp/startup.sh > startup.sh && chmod +x startup.sh && rm /tmp/startup.sh
|
2026-01-17 15:02:13 +01:00
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
USER nextjs
|
|
|
|
|
|
|
|
|
|
EXPOSE 3000
|
2025-12-22 14:09:32 +01:00
|
|
|
|
2026-01-06 12:35:01 +01:00
|
|
|
ENV PORT=3000
|
|
|
|
|
ENV HOSTNAME="0.0.0.0"
|
2025-12-22 14:09:32 +01:00
|
|
|
|
feat: Audit remediation + Stripe webhook + test suites
- Apply 3 Prisma schema changes (Pending2FASession, hubApiKeyHash, SecurityVerificationCode attempts)
- Add Stripe webhook handler (checkout.session.completed -> User + Subscription + Order)
- Add stripe-service, api-key-service, rate-limit middleware
- Add security headers (CSP, HSTS, X-Frame-Options) in next.config.ts
- Harden auth routes, require ADMIN_API_KEY for orchestrator endpoints
- Add Docker auto-migration via startup.sh
- Add 7 unit test suites (api-key, dns, config-generator, automation-worker, permission, security-verification, auth-helpers)
- Fix Prisma 7 compatibility with adapter-pg mock for vitest
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 08:02:33 +01:00
|
|
|
CMD ["./startup.sh"]
|
