CapaKraken/Dockerfile.prod

# ============================================================
# Stage 1: Install dependencies
# ============================================================
FROM node:20-bookworm-slim AS deps

RUN apt-get update -y && apt-get install -y openssl && rm -rf /var/lib/apt/lists/*
RUN npm install -g pnpm@9.14.2

WORKDIR /app

# Copy workspace manifests first for better layer caching
COPY package.json pnpm-workspace.yaml pnpm-lock.yaml ./
COPY tooling/ ./tooling/
COPY packages/shared/package.json ./packages/shared/
COPY packages/db/package.json ./packages/db/
COPY packages/engine/package.json ./packages/engine/
COPY packages/staffing/package.json ./packages/staffing/
COPY packages/application/package.json ./packages/application/
COPY packages/api/package.json ./packages/api/
COPY packages/ui/package.json ./packages/ui/
COPY apps/web/package.json ./apps/web/

RUN pnpm install --frozen-lockfile

# ============================================================
# Stage 2: Build the application
# ============================================================
FROM node:20-bookworm-slim AS builder

RUN apt-get update -y && apt-get install -y openssl && rm -rf /var/lib/apt/lists/*
RUN npm install -g pnpm@9.14.2

WORKDIR /app

# Copy installed dependencies from stage 1
COPY --from=deps /app/ ./

# Copy all source code
COPY . .

# Generate Prisma client
RUN pnpm --filter @capakraken/db db:generate

# Build the Next.js application
ENV NEXT_TELEMETRY_DISABLED=1
ENV NODE_ENV=production
# next build collects page data for /api/auth/[...nextauth] which crashes
# without these envs even though they are placeholders at image-build time
# (real values are injected at container start). Mirrors the CI build job.
ARG NEXTAUTH_URL=http://localhost:3100
ARG AUTH_URL=http://localhost:3100
ARG NEXTAUTH_SECRET=ci-build-placeholder-secret-minimum-32-chars
ARG AUTH_SECRET=ci-build-placeholder-secret-minimum-32-chars
ARG DATABASE_URL=postgresql://placeholder:placeholder@localhost:5432/placeholder
ARG REDIS_URL=redis://placeholder:6379
ENV NEXTAUTH_URL=$NEXTAUTH_URL
ENV AUTH_URL=$AUTH_URL
ENV NEXTAUTH_SECRET=$NEXTAUTH_SECRET
ENV AUTH_SECRET=$AUTH_SECRET
ENV DATABASE_URL=$DATABASE_URL
ENV REDIS_URL=$REDIS_URL
RUN pnpm --filter @capakraken/web build

# ============================================================
# Stage 3: Migration runner
# ============================================================
FROM builder AS migrator

ENV NODE_ENV=production

CMD ["pnpm", "--filter", "@capakraken/db", "db:migrate:deploy"]

# ============================================================
# Stage 4: Production runtime
# ============================================================
FROM node:20-bookworm-slim AS runner

RUN apt-get update -y && apt-get install -y openssl curl && rm -rf /var/lib/apt/lists/*

WORKDIR /app

ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1
ENV HOSTNAME=0.0.0.0
ENV PORT=3000

RUN addgroup --system --gid 1001 nodejs && \
    adduser --system --uid 1001 nextjs

# Copy the standalone output (includes server.js and node_modules)
COPY --from=builder --chown=nextjs:nodejs /app/apps/web/.next/standalone ./

# Copy static assets and public files
COPY --from=builder --chown=nextjs:nodejs /app/apps/web/.next/static ./apps/web/.next/static
COPY --from=builder --chown=nextjs:nodejs /app/apps/web/public ./apps/web/public

USER nextjs

EXPOSE 3000

HEALTHCHECK --interval=30s --timeout=5s --start-period=15s --retries=3 \
  CMD curl -f http://localhost:3000/api/health || exit 1

CMD ["node", "apps/web/server.js"]