# syntax=docker/dockerfile:1 FROM node:20-alpine AS deps WORKDIR /app COPY package.json package-lock.json ./ RUN npm ci FROM node:20-alpine AS builder WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY . ./ # Allows configuring the API URL and auth at build time. ARG NEXT_PUBLIC_API_URL=auto ENV NEXT_PUBLIC_API_URL=${NEXT_PUBLIC_API_URL} ARG NEXT_PUBLIC_AUTH_MODE ENV NEXT_PUBLIC_AUTH_MODE=${NEXT_PUBLIC_AUTH_MODE} ARG NEXT_PUBLIC_LOCAL_AUTH_TOKEN ENV NEXT_PUBLIC_LOCAL_AUTH_TOKEN=${NEXT_PUBLIC_LOCAL_AUTH_TOKEN} RUN npm run build FROM node:20-alpine AS runner WORKDIR /app ENV NODE_ENV=production ARG NEXT_PUBLIC_AUTH_MODE ARG NEXT_PUBLIC_LOCAL_AUTH_TOKEN # If provided at runtime, Next will expose NEXT_PUBLIC_* to the browser as well # (but note some values may be baked at build time). ENV NEXT_PUBLIC_API_URL=auto ENV NEXT_PUBLIC_AUTH_MODE=${NEXT_PUBLIC_AUTH_MODE} ENV NEXT_PUBLIC_LOCAL_AUTH_TOKEN=${NEXT_PUBLIC_LOCAL_AUTH_TOKEN} # Create non-root user before COPY so --chown can reference it. RUN addgroup -S appgroup && adduser -S -G appgroup appuser # Copy standalone output from builder COPY --from=builder --chown=appuser:appgroup /app/.next/standalone ./ COPY --from=builder --chown=appuser:appgroup /app/.next/static ./.next/static COPY --from=builder --chown=appuser:appgroup /app/public ./public USER appuser EXPOSE 3000 CMD ["node", "server.js"]