# ═══════════════════════════════════════════════════════════════ # FLUX SRL — Production Dockerfile (Multi-Stage) # Next.js 16 + Prisma + next-intl + AI SDK # ═══════════════════════════════════════════════════════════════ # ── Stage 1: Install dependencies ── FROM node:22-alpine AS deps # libc6-compat: glibc shim for prebuilt native binaries (Prisma engines) # vips-dev: required for sharp on Alpine — image processing native lib RUN apk add --no-cache libc6-compat vips-dev WORKDIR /app COPY package.json package-lock.json ./ # Strict, reproducible install for everything that's in the lock file. RUN npm ci --include=optional --no-audit --no-fund # Sharp 0.34 ships a separate binary per (os, libc, cpu) tuple as # optionalDependencies. The lock file was generated on the developer # machine (e.g. macOS arm64), so it only records THAT platform's binary. # `npm ci` is strict and refuses to install platform deps not recorded # in the lock — which means the Alpine (linuxmusl-x64) binary is missing, # sharp falls back to building from source, and the build fails with # "Please add node-gyp to your dependencies". # # Fix: explicitly fetch the Alpine binary after npm ci. --no-save keeps # package.json/lock untouched (no churn back to the dev machine). RUN npm install --no-save --include=optional --cpu=x64 --os=linux --libc=musl sharp # ── Stage 2: Build the application ── FROM node:22-alpine AS builder WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY . . # Prisma: generate client for linux-musl (Alpine) # NOTE: dummy URL required because prisma.config.ts calls env("DATABASE_URL") # during generate. The real URL is injected at runtime via docker-compose. RUN DATABASE_URL="postgresql://dummy:dummy@localhost:5432/dummy" npx prisma generate # Disable telemetry during build ENV NEXT_TELEMETRY_DISABLED=1 ENV DATABASE_URL="postgresql://dummy:dummy@localhost:5432/dummy" RUN npm run build # ── Stage 3: Production runner ── FROM node:22-alpine AS runner WORKDIR /app ENV NODE_ENV=production ENV NEXT_TELEMETRY_DISABLED=1 # vips runtime — required for sharp at runtime, not just build RUN apk add --no-cache vips # Security: run as non-root user RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs # Copy public assets (footage, images, GLB models) COPY --from=builder /app/public ./public # Copy standalone build COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static # Copy Prisma schema + generated client + CLI binaries (the CLI is needed # at runtime so the entrypoint can run `prisma migrate deploy` before the # server boots — avoids the "table does not exist" race after schema changes) COPY --from=builder /app/prisma ./prisma COPY --from=builder /app/prisma.config.ts ./prisma.config.ts COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma COPY --from=builder /app/node_modules/@prisma ./node_modules/@prisma COPY --from=builder /app/node_modules/prisma ./node_modules/prisma # Copy sharp binary explicitly — Next.js standalone trace usually picks it # up, but the @img/sharp-linuxmusl-x64 prebuilt is platform-conditional and # can be missed. Copying both directories guarantees runtime availability. COPY --from=builder /app/node_modules/sharp ./node_modules/sharp COPY --from=builder /app/node_modules/@img ./node_modules/@img # Copy i18n message files (required by next-intl at runtime) COPY --from=builder /app/messages ./messages USER nextjs EXPOSE 3000 ENV PORT=3000 ENV HOSTNAME="0.0.0.0" # Run pending migrations on startup, then boot the Next.js server. # `migrate deploy` is idempotent — it skips already-applied migrations. # If the DB is unreachable the container exits and docker-compose retries. CMD ["sh", "-c", "node ./node_modules/prisma/build/index.js migrate deploy && node server.js"]