feat: dockerize full stack (web + api + postgres)

- Multi-stage Dockerfiles for API (NestJS, prisma migrate on start) and web (Vite + nginx reverse proxy) - docker-compose.yml orchestrating db/api/web with healthcheck and persistent volumes - nginx proxies /api and /avatars to API; web built with relative API URL - scripts/docker-up.sh: ExFAT-safe wrapper that strips macOS AppleDouble (._*) sidecars before build - Conditionally register GoogleStrategy only when GOOGLE_CLIENT_ID is set - Fix unused-variable TS errors blocking production build
2026-06-17 22:35:58 +07:00
parent 6a6e74562c
commit d85b813701
12 changed files with 236 additions and 16 deletions
--- a/apps/api/.dockerignore
+++ b/apps/api/.dockerignore
@@ -0,0 +1,11 @@
+node_modules
+dist
+.git
+.gitignore
+.env
+.env.local
+*.log
+.DS_Store
+._*
+coverage
+.tsbuildinfo
--- a/apps/api/Dockerfile
+++ b/apps/api/Dockerfile
@@ -0,0 +1,35 @@
+# syntax=docker/dockerfile:1
+
+# ---- Production dependencies (includes prisma CLI for migrations) ----
+FROM node:20-alpine AS deps
+WORKDIR /app
+RUN apk add --no-cache python3 make g++ openssl
+COPY package*.json ./
+COPY prisma ./prisma
+RUN npm ci --omit=dev \
+ && npm install prisma@^6.14.0 \
+ && npx prisma generate
+
+# ---- Build the NestJS app ----
+FROM node:20-alpine AS builder
+WORKDIR /app
+RUN apk add --no-cache python3 make g++ openssl
+COPY package*.json ./
+COPY prisma ./prisma
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# ---- Runtime image ----
+FROM node:20-alpine AS runner
+WORKDIR /app
+ENV NODE_ENV=production
+RUN apk add --no-cache openssl wget
+COPY --from=deps /app/node_modules ./node_modules
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/public ./public
+COPY --from=builder /app/prisma ./prisma
+COPY package*.json ./
+EXPOSE 3001
+# Apply migrations on every start (idempotent), then launch the API
+CMD ["sh", "-c", "npx prisma migrate deploy && node dist/main"]
--- a/apps/api/src/auth/auth.module.ts
+++ b/apps/api/src/auth/auth.module.ts
@@ -19,7 +19,12 @@ import { OtpModule } from '../otp/otp.module';
    }),
  ],
  controllers: [AuthController],
-  providers: [AuthService, JwtStrategy, GoogleStrategy],
+  providers: [
+    AuthService,
+    JwtStrategy,
+    // Only register Google OAuth when credentials are provided
+    ...(process.env.GOOGLE_CLIENT_ID ? [GoogleStrategy] : []),
+  ],
  exports: [AuthService, JwtModule],
 })
 export class AuthModule {}