feat: Add docker support

.github/workflows/publish-epic.yml

@@ -0,0 +1,35 @@
+name: Containerize
+on:
+  push:
+    branches:
+      - epic/*
+env:
+  REGISTRY: ghcr.io
+jobs:
+  build-docker-image:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - name: Docker Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Docker Metadata action
+        id: docker_metadata
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.docker_metadata.outputs.tags }}
+          labels: ${{ steps.docker_metadata.outputs.labels }}

dockerfile

@@ -1,64 +1,45 @@
-##### DEPENDENCIES
+FROM node:20 AS base
 
-FROM node:16-alpine AS deps
-RUN apk add --no-cache libc6-compat openssl1.1-compat
+FROM base AS builder
 WORKDIR /app
-
-# Install Prisma Client - remove if not using Prisma
-
-COPY prisma ./
-
-# Install dependencies based on the preferred package manager
-
-COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml\* ./
-
-RUN \
-    if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
-    elif [ -f package-lock.json ]; then npm ci; \
-    elif [ -f pnpm-lock.yaml ]; then yarn global add pnpm && pnpm i; \
-    else echo "Lockfile not found." && exit 1; \
-    fi
-
-##### BUILDER
-
-FROM node:16-alpine AS builder
-ARG DATABASE_URL
-ARG NEXT_PUBLIC_CLIENTVAR
-WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
 COPY . .
 
-# ENV NEXT_TELEMETRY_DISABLED 1
+ENV NEXT_TELEMETRY_DISABLED=1 SKIP_ENV_VALIDATION=1
 
-RUN \
-    if [ -f yarn.lock ]; then SKIP_ENV_VALIDATION=1 yarn build; \
-    elif [ -f package-lock.json ]; then SKIP_ENV_VALIDATION=1 npm run build; \
-    elif [ -f pnpm-lock.yaml ]; then yarn global add pnpm && SKIP_ENV_VALIDATION=1 pnpm run build; \
-    else echo "Lockfile not found." && exit 1; \
-    fi
+# SET DUMMY VALUES FOR BUILD
+ENV DATABASE_URL=CHANGE_ME
+ENV GOOGLE_CLIENT_ID=CHANGE_ME
+ENV GOOGLE_CLIENT_SECRET=CHANGE_ME
+ENV NEXTAUTH_SECRET=CHANGE_ME
 
-##### RUNNER
+RUN corepack enable pnpm && pnpm i --frozen-lockfile && pnpm run build
 
-FROM node:16-alpine AS runner
-RUN apk add --no-cache libc6-compat openssl1.1-compat
+# ================================#
+# PROD
+# ================================
+FROM base AS runner
 WORKDIR /app
 
-ENV NODE_ENV production
-
-# ENV NEXT_TELEMETRY_DISABLED 1
+ENV NODE_ENV=production NEXT_TELEMETRY_DISABLED=1
 
 RUN addgroup --system --gid 1001 nodejs
 RUN adduser --system --uid 1001 nextjs
 
-COPY --from=builder /app/next.config.mjs ./
-COPY --from=builder /app/public ./public
-COPY --from=builder /app/package.json ./package.json
+COPY --from=builder --chown=nextjs:nodejs /app/public ./public
+COPY --chown=nextjs:nodejs prisma ./prisma/
 
-COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./        
+# Set the correct permission for prerender cache
+RUN mkdir .next
+RUN chown nextjs:nodejs .next
+RUN npm install prisma
+
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+COPY --chown=nextjs:nodejs ./init.sh .
 
 USER nextjs
+
 EXPOSE 3000
-ENV PORT 3000
 
-CMD ["node", "server.js"]
+ENV PORT=3000 HOSTNAME=0.0.0.0
+ENTRYPOINT [ "/bin/sh", "./init.sh" ]

init.sh

@@ -0,0 +1,4 @@
+
+#!/bin/sh
+npx prisma migrate deploy
+node server.js

package.json

@@ -5,10 +5,9 @@
   "scripts": {
     "build": "next build",
     "dev": "next dev",
-    "postinstall": "prisma generate",
     "migrate": "prisma migrate dev",
     "lint": "next lint",
-    "start": "next start"
+    "start": "prisma migrate deploy && node ./server.js"
   },
   "dependencies": {
     "@auth/prisma-adapter": "^2.4.1",
@@ -48,4 +47,4 @@
     "typescript": "5.5.4"
   },
   "packageManager": "[email protected]+sha512.38dc6fba8dba35b39340b9700112c2fe1e12f10b17134715a4aa98ccf7bb035e76fd981cf0bb384dfa98f8d6af5481c2bef2f4266a24bfa20c34eb7147ce0b5e"
-}
+}

src/auth.ts

@@ -7,6 +7,7 @@ import { prisma } from "./server/db/client";
 export const { handlers, auth, signIn, signOut } = NextAuth({
   ...authConfig,
   adapter: PrismaAdapter(prisma),
+  trustHost: true,
   events: {
     createUser: onCreateUser,
   },

src/dal/user/redeemMealPlanInvitation.ts

@@ -15,7 +15,7 @@ type Props = {
  */
 const isCurrentlyValid = (invitation: MealPlanInvite) => {
   const now = DateTime.now();
-  const validity = Duration.fromISO(env.INVITATION_VALIDITY);
+  const validity = Duration.fromISO(env.INVITATION_VALIDITY!);
   return DateTime.fromJSDate(invitation.createdAt).plus(validity) >= now;
 };
 

src/env/schema.mjs

@@ -6,7 +6,7 @@ import { z } from "zod";
  * This way you can ensure the app isn't built with invalid env vars.
  */
 export const serverSchema = z.object({
-  DATABASE_URL: z.string().url(),
+  DATABASE_URL: z.string(),
   NODE_ENV: z.enum(["development", "test", "production"]),
   GOOGLE_CLIENT_SECRET: z.string(),
   GOOGLE_CLIENT_ID: z.string(),