website/Dockerfile

# Stage 1: Base image with Node.js and pnpm enabled
# This stage is used as a foundation for all subsequent stages.
FROM node:20-alpine AS base
ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable && corepack prepare pnpm@latest --activate

# Stage 2: Builder
# This stage installs dependencies and builds the Next.js application.
FROM base AS builder
WORKDIR /app

# Install system dependencies needed for your scripts/build
RUN apk add --no-cache imagemagick libwebp libwebp-tools ghostscript

# Copy only the necessary files for installing dependencies
COPY package.json pnpm-lock.yaml ./

# Install ALL dependencies (including devDependencies needed for `next build`)
# This leverages the Docker cache effectively.
RUN pnpm install --frozen-lockfile

# Copy the rest of your application source code
COPY . .

# --- Asset Generation & Build ---
RUN chmod +x ./scripts/*.sh && ./scripts/first_page_image.sh
RUN pnpm build

# Stage 3: Runner (Production)
# This is the final, lean image that runs the application.
FROM base AS runner
WORKDIR /app

# Set NODE_ENV to production
ENV NODE_ENV=production

# Create a non-root user for security
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs

# Copy only the files needed for production from the builder stage
COPY --from=builder /app/package.json /app/pnpm-lock.yaml ./

# Install ONLY production dependencies.
# The pnpm CLI is already available from the 'base' stage.
RUN pnpm install --prod --frozen-lockfile

# Copy the built Next.js application and public assets
COPY --from=builder /app/public ./public
COPY --from=builder /app/.next ./.next

# Change ownership to the non-root user
RUN chown -R nextjs:nodejs /app

# Switch to the non-root user
USER nextjs

EXPOSE 3000
ENV PORT=3000

# The command to start the Next.js server
CMD ["pnpm", "start"]