Apply full refactor updates plus pipeline/email UX confirmations
All checks were successful
Build and Push Docker Image / build (push) Successful in 10m33s
All checks were successful
Build and Push Docker Image / build (push) Successful in 10m33s
This commit is contained in:
Matt
@@ -1,73 +1,73 @@
|
||||
# =============================================================================
|
||||
# MOPC Platform - Production Dockerfile
|
||||
# =============================================================================
|
||||
# Multi-stage build for optimized production image
|
||||
|
||||
FROM node:22-alpine AS base
|
||||
|
||||
# Install dependencies only when needed
|
||||
FROM base AS deps
|
||||
RUN apk add --no-cache libc6-compat
|
||||
WORKDIR /app
|
||||
|
||||
# Copy package files
|
||||
COPY package.json package-lock.json* ./
|
||||
RUN npm ci
|
||||
|
||||
# Rebuild the source code only when needed
|
||||
FROM base AS builder
|
||||
WORKDIR /app
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
|
||||
# Generate Prisma client
|
||||
RUN npx prisma generate
|
||||
|
||||
# Build Next.js
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
RUN npm run build
|
||||
|
||||
# Production image, copy all the files and run next
|
||||
FROM base AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV=production
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
|
||||
# Create non-root user for security
|
||||
RUN addgroup --system --gid 1001 nodejs
|
||||
RUN adduser --system --uid 1001 nextjs
|
||||
|
||||
# Install runtime dependencies for migrations and seeding
|
||||
RUN apk add --no-cache libc6-compat
|
||||
|
||||
# Copy built Next.js standalone output
|
||||
COPY --from=builder /app/public ./public
|
||||
COPY --from=builder /app/.next/standalone ./
|
||||
COPY --from=builder /app/.next/static ./.next/static
|
||||
|
||||
# Copy full node_modules for prisma migrations and seeding
|
||||
COPY --from=builder /app/node_modules ./node_modules
|
||||
COPY --from=builder /app/prisma ./prisma
|
||||
COPY --from=builder /app/package.json ./package.json
|
||||
|
||||
# Copy files needed for seeding (tsx needs tsconfig for path resolution)
|
||||
COPY --from=builder /app/docs/Candidatures2026.csv ./docs/Candidatures2026.csv
|
||||
COPY --from=builder /app/tsconfig.json ./tsconfig.json
|
||||
|
||||
# Copy entrypoint script
|
||||
COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh
|
||||
RUN chmod +x /app/docker-entrypoint.sh
|
||||
|
||||
# Set correct permissions
|
||||
RUN chown -R nextjs:nodejs /app
|
||||
|
||||
USER nextjs
|
||||
|
||||
EXPOSE 7600
|
||||
|
||||
ENV PORT=7600
|
||||
ENV HOSTNAME="0.0.0.0"
|
||||
|
||||
# Run via entrypoint (migrate then start)
|
||||
CMD ["/app/docker-entrypoint.sh"]
|
||||
# =============================================================================
|
||||
# MOPC Platform - Production Dockerfile
|
||||
# =============================================================================
|
||||
# Multi-stage build for optimized production image
|
||||
|
||||
FROM node:22-alpine AS base
|
||||
|
||||
# Install dependencies only when needed
|
||||
FROM base AS deps
|
||||
RUN apk add --no-cache libc6-compat
|
||||
WORKDIR /app
|
||||
|
||||
# Copy package files
|
||||
COPY package.json package-lock.json* ./
|
||||
RUN npm ci
|
||||
|
||||
# Rebuild the source code only when needed
|
||||
FROM base AS builder
|
||||
WORKDIR /app
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
|
||||
# Generate Prisma client
|
||||
RUN npx prisma generate
|
||||
|
||||
# Build Next.js
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
RUN npm run build
|
||||
|
||||
# Production image, copy all the files and run next
|
||||
FROM base AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV=production
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
|
||||
# Create non-root user for security
|
||||
RUN addgroup --system --gid 1001 nodejs
|
||||
RUN adduser --system --uid 1001 nextjs
|
||||
|
||||
# Install runtime dependencies for migrations and seeding
|
||||
RUN apk add --no-cache libc6-compat
|
||||
|
||||
# Copy built Next.js standalone output
|
||||
COPY --from=builder /app/public ./public
|
||||
COPY --from=builder /app/.next/standalone ./
|
||||
COPY --from=builder /app/.next/static ./.next/static
|
||||
|
||||
# Copy full node_modules for prisma migrations and seeding
|
||||
COPY --from=builder /app/node_modules ./node_modules
|
||||
COPY --from=builder /app/prisma ./prisma
|
||||
COPY --from=builder /app/package.json ./package.json
|
||||
|
||||
# Copy files needed for seeding (tsx needs tsconfig for path resolution)
|
||||
COPY --from=builder /app/docs/Candidatures2026.csv ./docs/Candidatures2026.csv
|
||||
COPY --from=builder /app/tsconfig.json ./tsconfig.json
|
||||
|
||||
# Copy entrypoint script
|
||||
COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh
|
||||
RUN chmod +x /app/docker-entrypoint.sh
|
||||
|
||||
# Set correct permissions
|
||||
RUN chown -R nextjs:nodejs /app
|
||||
|
||||
USER nextjs
|
||||
|
||||
EXPOSE 7600
|
||||
|
||||
ENV PORT=7600
|
||||
ENV HOSTNAME="0.0.0.0"
|
||||
|
||||
# Run via entrypoint (migrate then start)
|
||||
CMD ["/app/docker-entrypoint.sh"]
|
||||
|
||||
@@ -1,84 +1,84 @@
|
||||
# =============================================================================
|
||||
# MOPC Platform - Production Docker Compose
|
||||
# =============================================================================
|
||||
# This stack contains only the Next.js app and PostgreSQL.
|
||||
# MinIO and Poste.io are external services connected via environment variables.
|
||||
#
|
||||
# The app image is built by Gitea CI and pushed to the container registry.
|
||||
# `pull_policy: always` ensures `docker compose up -d` checks for newer app images.
|
||||
# The app entrypoint runs `prisma migrate deploy` before starting Next.js.
|
||||
|
||||
services:
|
||||
app:
|
||||
image: ${REGISTRY_URL}/mopc-app:latest
|
||||
pull_policy: always
|
||||
container_name: mopc-app
|
||||
restart: unless-stopped
|
||||
dns:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
ports:
|
||||
- "127.0.0.1:7600:7600"
|
||||
env_file:
|
||||
- .env
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- DATABASE_URL=postgresql://mopc:${DB_PASSWORD}@postgres:5432/mopc
|
||||
- NEXTAUTH_URL=${NEXTAUTH_URL}
|
||||
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
|
||||
- AUTH_SECRET=${NEXTAUTH_SECRET}
|
||||
- AUTH_TRUST_HOST=true
|
||||
- MINIO_ENDPOINT=${MINIO_ENDPOINT}
|
||||
- MINIO_PUBLIC_ENDPOINT=${MINIO_PUBLIC_ENDPOINT:-}
|
||||
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
|
||||
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
|
||||
- MINIO_BUCKET=${MINIO_BUCKET}
|
||||
- SMTP_HOST=${SMTP_HOST}
|
||||
- SMTP_PORT=${SMTP_PORT}
|
||||
- SMTP_USER=${SMTP_USER}
|
||||
- SMTP_PASS=${SMTP_PASS}
|
||||
- EMAIL_FROM=${EMAIL_FROM}
|
||||
- POSTE_API_URL=${POSTE_API_URL:-https://mail.monaco-opc.com}
|
||||
- POSTE_ADMIN_EMAIL=${POSTE_ADMIN_EMAIL}
|
||||
- POSTE_ADMIN_PASSWORD=${POSTE_ADMIN_PASSWORD}
|
||||
- POSTE_MAIL_DOMAIN=${POSTE_MAIL_DOMAIN:-monaco-opc.com}
|
||||
- OPENAI_API_KEY=${OPENAI_API_KEY:-}
|
||||
- OPENAI_MODEL=${OPENAI_MODEL:-gpt-4o}
|
||||
- MAX_FILE_SIZE=${MAX_FILE_SIZE:-524288000}
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- mopc-network
|
||||
healthcheck:
|
||||
test: ["CMD", "node", "-e", "fetch('http://localhost:7600/api/health').then(r=>{if(!r.ok)throw r;process.exit(0)}).catch(()=>process.exit(1))"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
container_name: mopc-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_USER=mopc
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_DB=mopc
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U mopc"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
networks:
|
||||
- mopc-network
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
mopc-network:
|
||||
driver: bridge
|
||||
# =============================================================================
|
||||
# MOPC Platform - Production Docker Compose
|
||||
# =============================================================================
|
||||
# This stack contains only the Next.js app and PostgreSQL.
|
||||
# MinIO and Poste.io are external services connected via environment variables.
|
||||
#
|
||||
# The app image is built by Gitea CI and pushed to the container registry.
|
||||
# `pull_policy: always` ensures `docker compose up -d` checks for newer app images.
|
||||
# The app entrypoint runs `prisma migrate deploy` before starting Next.js.
|
||||
|
||||
services:
|
||||
app:
|
||||
image: ${REGISTRY_URL}/mopc-app:latest
|
||||
pull_policy: always
|
||||
container_name: mopc-app
|
||||
restart: unless-stopped
|
||||
dns:
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
ports:
|
||||
- "127.0.0.1:7600:7600"
|
||||
env_file:
|
||||
- .env
|
||||
environment:
|
||||
- NODE_ENV=production
|
||||
- DATABASE_URL=postgresql://mopc:${DB_PASSWORD}@postgres:5432/mopc
|
||||
- NEXTAUTH_URL=${NEXTAUTH_URL}
|
||||
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
|
||||
- AUTH_SECRET=${NEXTAUTH_SECRET}
|
||||
- AUTH_TRUST_HOST=true
|
||||
- MINIO_ENDPOINT=${MINIO_ENDPOINT}
|
||||
- MINIO_PUBLIC_ENDPOINT=${MINIO_PUBLIC_ENDPOINT:-}
|
||||
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
|
||||
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
|
||||
- MINIO_BUCKET=${MINIO_BUCKET}
|
||||
- SMTP_HOST=${SMTP_HOST}
|
||||
- SMTP_PORT=${SMTP_PORT}
|
||||
- SMTP_USER=${SMTP_USER}
|
||||
- SMTP_PASS=${SMTP_PASS}
|
||||
- EMAIL_FROM=${EMAIL_FROM}
|
||||
- POSTE_API_URL=${POSTE_API_URL:-https://mail.monaco-opc.com}
|
||||
- POSTE_ADMIN_EMAIL=${POSTE_ADMIN_EMAIL}
|
||||
- POSTE_ADMIN_PASSWORD=${POSTE_ADMIN_PASSWORD}
|
||||
- POSTE_MAIL_DOMAIN=${POSTE_MAIL_DOMAIN:-monaco-opc.com}
|
||||
- OPENAI_API_KEY=${OPENAI_API_KEY:-}
|
||||
- OPENAI_MODEL=${OPENAI_MODEL:-gpt-4o}
|
||||
- MAX_FILE_SIZE=${MAX_FILE_SIZE:-524288000}
|
||||
depends_on:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- mopc-network
|
||||
healthcheck:
|
||||
test: ["CMD", "node", "-e", "fetch('http://localhost:7600/api/health').then(r=>{if(!r.ok)throw r;process.exit(0)}).catch(()=>process.exit(1))"]
|
||||
interval: 30s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 60s
|
||||
|
||||
postgres:
|
||||
image: postgres:16-alpine
|
||||
container_name: mopc-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- POSTGRES_USER=mopc
|
||||
- POSTGRES_PASSWORD=${DB_PASSWORD}
|
||||
- POSTGRES_DB=mopc
|
||||
volumes:
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U mopc"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
networks:
|
||||
- mopc-network
|
||||
|
||||
volumes:
|
||||
postgres_data:
|
||||
driver: local
|
||||
|
||||
networks:
|
||||
mopc-network:
|
||||
driver: bridge
|
||||
|
||||
@@ -1,37 +1,37 @@
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
MAX_MIGRATION_RETRIES="${MIGRATION_MAX_RETRIES:-30}"
|
||||
MIGRATION_RETRY_DELAY_SECONDS="${MIGRATION_RETRY_DELAY_SECONDS:-2}"
|
||||
ATTEMPT=1
|
||||
|
||||
echo "==> Running database migrations (with retry)..."
|
||||
until npx prisma migrate deploy; do
|
||||
if [ "$ATTEMPT" -ge "$MAX_MIGRATION_RETRIES" ]; then
|
||||
echo "ERROR: Migration failed after ${MAX_MIGRATION_RETRIES} attempts."
|
||||
exit 1
|
||||
fi
|
||||
echo "Migration attempt ${ATTEMPT} failed. Retrying in ${MIGRATION_RETRY_DELAY_SECONDS}s..."
|
||||
ATTEMPT=$((ATTEMPT + 1))
|
||||
sleep "$MIGRATION_RETRY_DELAY_SECONDS"
|
||||
done
|
||||
|
||||
echo "==> Generating Prisma client..."
|
||||
npx prisma generate
|
||||
|
||||
# Auto-seed on first startup: check if Users table is empty
|
||||
USER_COUNT=$(node -e "
|
||||
const { PrismaClient } = require('@prisma/client');
|
||||
const p = new PrismaClient();
|
||||
p.user.count().then(c => { console.log(c); p.\$disconnect(); }).catch(() => { console.log('0'); p.\$disconnect(); });
|
||||
" 2>/dev/null || echo "0")
|
||||
|
||||
if [ "$USER_COUNT" = "0" ]; then
|
||||
echo "==> Empty database detected — running seed..."
|
||||
npx prisma db seed || echo "WARNING: Seed script failed."
|
||||
else
|
||||
echo "==> Database already seeded ($USER_COUNT users found), skipping seed."
|
||||
fi
|
||||
|
||||
echo "==> Starting application..."
|
||||
exec node server.js
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
|
||||
MAX_MIGRATION_RETRIES="${MIGRATION_MAX_RETRIES:-30}"
|
||||
MIGRATION_RETRY_DELAY_SECONDS="${MIGRATION_RETRY_DELAY_SECONDS:-2}"
|
||||
ATTEMPT=1
|
||||
|
||||
echo "==> Running database migrations (with retry)..."
|
||||
until npx prisma migrate deploy; do
|
||||
if [ "$ATTEMPT" -ge "$MAX_MIGRATION_RETRIES" ]; then
|
||||
echo "ERROR: Migration failed after ${MAX_MIGRATION_RETRIES} attempts."
|
||||
exit 1
|
||||
fi
|
||||
echo "Migration attempt ${ATTEMPT} failed. Retrying in ${MIGRATION_RETRY_DELAY_SECONDS}s..."
|
||||
ATTEMPT=$((ATTEMPT + 1))
|
||||
sleep "$MIGRATION_RETRY_DELAY_SECONDS"
|
||||
done
|
||||
|
||||
echo "==> Generating Prisma client..."
|
||||
npx prisma generate
|
||||
|
||||
# Auto-seed on first startup: check if Users table is empty
|
||||
USER_COUNT=$(node -e "
|
||||
const { PrismaClient } = require('@prisma/client');
|
||||
const p = new PrismaClient();
|
||||
p.user.count().then(c => { console.log(c); p.\$disconnect(); }).catch(() => { console.log('0'); p.\$disconnect(); });
|
||||
" 2>/dev/null || echo "0")
|
||||
|
||||
if [ "$USER_COUNT" = "0" ]; then
|
||||
echo "==> Empty database detected — running seed..."
|
||||
npx prisma db seed || echo "WARNING: Seed script failed."
|
||||
else
|
||||
echo "==> Database already seeded ($USER_COUNT users found), skipping seed."
|
||||
fi
|
||||
|
||||
echo "==> Starting application..."
|
||||
exec node server.js
|
||||
|
||||
Reference in New Issue
Block a user