letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
93c6554c95075eb36731d9b27de7d9bf8b979c8d
pn-new-crm/Dockerfile
Matt c70eb1f945
All checks were successful
Build & Push Docker Images / lint (push) Successful in 2m44s
Details
Build & Push Docker Images / build-and-push (push) Successful in 6m53s
Details
fix(docker): merge prod deps into standalone node_modules (not replace) 
Replacing the Next standalone node_modules broke turbopack's externalized-
module resolution: the standalone tree is a matched set with the turbopack
server chunks, resolving externals (better-auth, postgres, pino, minio, ...)
by hashed id. With it replaced, every route using them 500'd with
"Failed to load external module <pkg>-<hash>" — confirmed on prod, while
`node .next/standalone/server.js` with the intact tree serves GET / (307)
and /api/health (200) cleanly.

So keep the standalone tree intact and MERGE the complete hoisted prod tree
in with `rsync --ignore-existing`: it adds the custom server's missing CJS
requires (socket.io closure: accepts/ws/engine.io/cors; drizzle-orm/index.cjs)
and skips everything the trace already provides — and tolerates the trace's
pnpm symlinks, where COPY/cp/tar/fs.cpSync all error on symlink-vs-dir.

Validated end-to-end on a host assembly of (intact standalone + merged prod
deps + the polyfilled server bundle): GET / → 307, /api/health → 200, zero
"Failed to load external module", zero MODULE_NOT_FOUND, server listening.
rsync --ignore-existing merge semantics verified in node:20-alpine.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-03 00:31:33 +02:00

67 lines
3.2 KiB
Docker
Raw Blame History

# Stage 1: Install dependencies
FROM node:20-alpine AS deps
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod=false
# Stage 1b: Production dependency tree in a flat (hoisted) node_modules.
# Hoisted = symlink-free, so a Docker COPY into the runner is faithful
# (copying pnpm's default symlinked layout dereferences and breaks
# transitive resolution); complete = the custom socket.io server's deps
# (engine.io, accepts, ws, ...) all resolve at runtime.
FROM node:20-alpine AS prod-deps
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN echo "node-linker=hoisted" > .npmrc && pnpm install --frozen-lockfile --prod
# Stage 2: Build the application
FROM node:20-alpine AS builder
RUN corepack enable && corepack prepare pnpm@10.33.2 --activate
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
# NODE_ENV=production in the builder makes `next build` and any code
# branching on isProd deterministic (build-auditor M9). Without this,
# CSP and other prod-only paths would compile under whatever NODE_ENV
# the host carried in.
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV SKIP_ENV_VALIDATION=1
RUN pnpm build
# Stage 3: Production runner
FROM node:20-alpine AS runner
RUN addgroup --system --gid 1001 nodejs && adduser --system --uid 1001 nextjs
WORKDIR /app
ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder --chown=nextjs:nodejs /app/public ./public
COPY --from=builder --chown=nextjs:nodejs /app/dist/server.js ./server-custom.js
# The Next standalone node_modules is a MATCHED SET with the turbopack
# server chunks — it resolves turbopack's externalized packages (better-auth,
# postgres, pino, minio, ...) by their hashed ids, so REPLACING it makes
# every route that uses them 500 with "Failed to load external module".
# But the custom server (server-custom.js, CJS via esbuild --packages=external)
# require()s deps the trace omits or ships ESM-only: socket.io's closure
# (accepts/ws/engine.io/cors) and drizzle-orm's CJS entry (index.cjs). So
# MERGE the complete hoisted prod tree INTO the standalone node_modules with
# rsync --ignore-existing: it ADDS the missing packages/files and SKIPS
# everything the trace already provides (and unlike COPY/cp it tolerates the
# trace's pnpm symlinks instead of erroring on symlink-vs-dir). The one
# thing the standalone server bootstrap would set — globalThis.AsyncLocalStorage
# — is handled up-front by src/server-runtime-preamble.ts.
COPY --from=prod-deps --chown=nextjs:nodejs /app/node_modules /opt/prod-node-modules
RUN apk add --no-cache --virtual .merge-deps rsync \
&& rsync -a --ignore-existing /opt/prod-node-modules/ ./node_modules/ \
&& rm -rf /opt/prod-node-modules \
&& apk del .merge-deps
USER nextjs
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:${PORT:-3000}/api/health || exit 1
CMD ["node", "server-custom.js"]
Reference in New Issue View Git Blame Copy Permalink