The hoisted node_modules layout (set in deps stage `.npmrc` with
`node-linker=hoisted`) puts `next` at `/app/node_modules/next` only —
`apps/web/node_modules/next` doesn't exist. The previous
`cd apps/web && npx next build` failed with:
Cannot find module '/app/apps/web/node_modules/next/dist/bin/next'
because `npx` resolves binaries against the cwd subtree and doesn't
walk up. Switching to the explicit binary path
`/app/node_modules/.bin/next build` makes the build reproducible
in the goodgo Docker image.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
api-client.ts uses NEXT_PUBLIC_API_URL as base URL for all fetch calls.
Without /api/v1, requests go to /listings instead of /api/v1/listings.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
NEXT_PUBLIC_* env vars are inlined into the JS bundle during next build.
Without setting them as build ARGs, the client-side apiClient falls back
to localhost:3001 which doesn't work in production.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dockerfile COPY doesn't support shell redirects (2>/dev/null || true).
With node-linker=hoisted, all deps are in root node_modules anyway.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pnpm default mode creates symlinks in node_modules that break when
copied between Docker stages. Using node-linker=hoisted makes pnpm
create flat node_modules (like npm), so Next.js standalone output
contains real files instead of broken symlinks.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
pnpm standalone output has top-level symlinks pointing outside the dir.
Copy .pnpm store (real files), then find+link each package correctly.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
pnpm standalone output contains symlinks in node_modules/.
Docker COPY preserves symlinks as symlinks (broken in final image).
Use cp -rL in flatten stage to resolve them to real files.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
pnpm standalone output has nested .pnpm structure with symlinks.
Add intermediate flatten stage: copy full standalone dir, then
reorganize node_modules + apps/web/* into flat /app layout.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
In monorepo, Next.js standalone creates symlinks instead of real files.
Setting outputFileTracingRoot to repo root produces self-contained output.
Dockerfile updated to copy from correct standalone structure.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
Next.js standalone output from `cd apps/web && next build` puts
server.js + node_modules at the standalone root, not in apps/web/.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Reorder COPY to create public dir first (mkdir -p)
- Copy standalone + static before public (which may be empty)
- Add .gitkeep so Git tracks empty public directory
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Add resource limits (memory/CPU) and reservations for all services
- Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs
- Add missing prod services: loki, promtail, pg-backup from dev compose
- Fix API healthcheck to include catch() for proper exit codes
- Add json-file logging driver with rotation limits across all services
- Remove exposed PostgreSQL port in prod (internal only)
- Add shm_size for PostgreSQL shared memory
- Add non-root user (appuser) to AI services Dockerfile
- Add --chown=node:node to COPY directives in API/Web Dockerfiles
- Harden .dockerignore: exclude IDE files, OS files, docker-compose files
- Fix Redis URL to include password authentication
- Add JWT_REFRESH_SECRET to API environment
- Add Grafana dependency on Loki for log datasource
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Multi-stage Dockerfile for apps/api (NestJS) and apps/web (Next.js standalone)
- Production docker-compose.prod.yml with all services, health checks, and security
- Real deploy.yml pipeline: build → push to GHCR → deploy staging/production
- .dockerignore for optimized build context
- Enable Next.js standalone output mode
Co-Authored-By: Paperclip <noreply@paperclip.ing>
