pnpm standalone output has top-level symlinks pointing outside the dir.
Copy .pnpm store (real files), then find+link each package correctly.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
pnpm standalone output contains symlinks in node_modules/.
Docker COPY preserves symlinks as symlinks (broken in final image).
Use cp -rL in flatten stage to resolve them to real files.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
pnpm standalone output has nested .pnpm structure with symlinks.
Add intermediate flatten stage: copy full standalone dir, then
reorganize node_modules + apps/web/* into flat /app layout.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
In monorepo, Next.js standalone creates symlinks instead of real files.
Setting outputFileTracingRoot to repo root produces self-contained output.
Dockerfile updated to copy from correct standalone structure.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
Next.js standalone output from `cd apps/web && next build` puts
server.js + node_modules at the standalone root, not in apps/web/.
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Reorder COPY to create public dir first (mkdir -p)
- Copy standalone + static before public (which may be empty)
- Add .gitkeep so Git tracks empty public directory
Co-Authored-By: Claude Opus 4 (1M context) <noreply@anthropic.com>
- Add resource limits (memory/CPU) and reservations for all services
- Add security hardening: read_only, no-new-privileges, tmpfs for temp dirs
- Add missing prod services: loki, promtail, pg-backup from dev compose
- Fix API healthcheck to include catch() for proper exit codes
- Add json-file logging driver with rotation limits across all services
- Remove exposed PostgreSQL port in prod (internal only)
- Add shm_size for PostgreSQL shared memory
- Add non-root user (appuser) to AI services Dockerfile
- Add --chown=node:node to COPY directives in API/Web Dockerfiles
- Harden .dockerignore: exclude IDE files, OS files, docker-compose files
- Fix Redis URL to include password authentication
- Add JWT_REFRESH_SECRET to API environment
- Add Grafana dependency on Loki for log datasource
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Multi-stage Dockerfile for apps/api (NestJS) and apps/web (Next.js standalone)
- Production docker-compose.prod.yml with all services, health checks, and security
- Real deploy.yml pipeline: build → push to GHCR → deploy staging/production
- .dockerignore for optimized build context
- Enable Next.js standalone output mode
Co-Authored-By: Paperclip <noreply@paperclip.ing>
