# ═══════════════════════════════════════════════════════════════ # FLUX SRL — Production Dockerfile (Multi-Stage) # Next.js 16 + Prisma + next-intl + AI SDK # ═══════════════════════════════════════════════════════════════ # ── Stage 1: Install ALL dependencies (dev + prod) ── # Used by the builder to compile, type-check and bundle. FROM node:22-alpine AS deps RUN apk add --no-cache libc6-compat WORKDIR /app COPY package.json package-lock.json ./ # Sharp's per-platform binaries (@img/sharp-linuxmusl-x64, etc.) are pinned # as optionalDependencies in package.json, so the lock file records every # supported platform. `npm ci` then picks the matching one for the build # host (Alpine x64) and skips the rest — no source compilation needed, # no extra Dockerfile gymnastics. RUN npm ci --include=optional --no-audit --no-fund # ── Stage 2: Production-only dependencies ── # Same install but trimmed to prod tree. The runner stage uses this # instead of cherry-picking individual node_modules subdirs — that # approach broke when prisma's CLI tried to require its transitive # deps (e.g. "effect") at startup. With the full prod tree present, # `prisma migrate deploy` and any other prod CLI just works. FROM node:22-alpine AS prod-deps RUN apk add --no-cache libc6-compat WORKDIR /app COPY package.json package-lock.json ./ RUN npm ci --omit=dev --include=optional --no-audit --no-fund # ── Stage 3: Build the application ── FROM node:22-alpine AS builder WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY . . # Prisma: generate client for linux-musl (Alpine). # Dummy URL required because prisma.config.ts calls env("DATABASE_URL") # during generate. The real URL is injected at runtime via docker-compose. RUN DATABASE_URL="postgresql://dummy:dummy@localhost:5432/dummy" npx prisma generate ENV NEXT_TELEMETRY_DISABLED=1 ENV DATABASE_URL="postgresql://dummy:dummy@localhost:5432/dummy" RUN npm run build # ── Stage 4: Production runner ── FROM node:22-alpine AS runner WORKDIR /app ENV NODE_ENV=production ENV NEXT_TELEMETRY_DISABLED=1 # vips runtime — required for sharp at runtime, not just build RUN apk add --no-cache vips # Security: run as non-root user RUN addgroup --system --gid 1001 nodejs RUN adduser --system --uid 1001 nextjs # Public assets (logos, brand SVGs, model files) COPY --from=builder /app/public ./public # Next.js standalone server + its compiled tree COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static # Full prod-only node_modules so any CLI we run at startup (Prisma, etc.) # resolves all its transitive deps. Standalone's bundled node_modules is # layered on top; node's resolver finds whichever it needs. COPY --from=prod-deps /app/node_modules ./node_modules # Prisma artefacts (schema, migrations, generated client, CLI) COPY --from=builder /app/prisma ./prisma COPY --from=builder /app/prisma.config.ts ./prisma.config.ts COPY --from=builder /app/node_modules/.prisma ./node_modules/.prisma # i18n message files (required by next-intl at runtime) COPY --from=builder /app/messages ./messages USER nextjs EXPOSE 3000 ENV PORT=3000 ENV HOSTNAME="0.0.0.0" # Run pending migrations on startup, then boot the Next.js server. # `migrate deploy` is idempotent — it skips already-applied migrations. # If the DB is unreachable the container exits and docker-compose retries. CMD ["sh", "-c", "node ./node_modules/prisma/build/index.js migrate deploy && node server.js"]