Improve Docker image publish workflow and DockerFile (#37)

.dockerignore

@@ -0,0 +1,84 @@
+# VCS
+.git
+.gitignore
+.gitattributes
+.github/
+
+# Dependencies installed on host
+node_modules/
+.npm/
+.pnpm-store/
+.yarn/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Build output / caches
+.output/
+dist/
+build/
+coverage/
+.nyc_output/
+.cache/
+.parcel-cache/
+.eslintcache
+.stylelintcache
+*.tsbuildinfo
+tmp/
+temp/
+
+# Tests / local-only files
+test/
+tests/
+__tests__/
+__mocks__/
+
+# Local env / secrets
+.env
+.env.*
+!.env.example
+*.pem
+*.key
+*.crt
+*.p12
+*.jks
+
+# Local DB / runtime artifacts
+*.sqlite
+*.sqlite3
+*.db
+
+# Logs / pid files
+logs/
+*.log
+pids/
+*.pid
+*.seed
+*.pid.lock
+
+# Editor / OS
+.vscode/
+.idea/
+*.swp
+*.swo
+.DS_Store
+Thumbs.db
+
+# Docker / deployment config
+Dockerfile
+.dockerignore
+docker-compose.yml
+nixpacks.toml
+railpack.json
+
+# Documentation
+README.md
+LICENSE
+
+# Dev-only source folders
+examples/
+
+# Dev tooling config
+.eslintrc.json
+.prettierrc

.github/workflows/docker-publish.yml

@@ -0,0 +1,37 @@
+# .github/workflows/docker-publish.yml
+name: Build and Publish Docker image to GHCR
+
+on:
+  push:
+    branches: [ "master" ] # Change to your default branch
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Docker image
+        run: |
+          docker build -t ghcr.io/${{ github.repository_owner }}/backend:latest -t ghcr.io/${{ github.repository_owner }}/backend:${{ github.sha }} .
+      - name: Push Docker image
+        run: |
+          docker push ghcr.io/${{ github.repository_owner }}/backend:latest
+          docker push ghcr.io/${{ github.repository_owner }}/backend:${{ github.sha }}

Dockerfile

@@ -1,16 +1,19 @@
 FROM node:22-alpine
-
 WORKDIR /app
 
-COPY package*.json ./
+# Install curl (for Coolify healthchecks) and openssl (required by Prisma on Alpine)
+RUN apk add --no-cache curl openssl
 
+# 1. Copy dependency files first to maximize Docker layer caching
+COPY package*.json ./
 RUN npm install
 
-# Install curl for healthchecks (required by Coolify)
-RUN apk add --no-cache curl
+# 2. Copy All folders for future proofing incase of custom setups later on
+COPY . .
 
-ARG DATABASE_URL
-ARG DATABASE_URL_DOCKER
+# 3. Define build arguments (ARGs). 
+# These will be available for `prisma generate` and `npm run build`, 
+ARG DATABASE_URL=postgresql://CHANGETHISDONOTFOLLOWTHIS:5432/placeholder_db
 ARG META_NAME
 ARG META_DESCRIPTION
 ARG CRYPTO_SECRET
@@ -19,26 +22,18 @@ ARG CAPTCHA=false
 ARG CAPTCHA_CLIENT_KEY
 ARG TRAKT_CLIENT_ID
 ARG TRAKT_SECRET_ID
-ARG NODE_ENV=production
 
-ENV DATABASE_URL=${DATABASE_URL}
-ENV DATABASE_URL_DOCKER=${DATABASE_URL_DOCKER}
-ENV META_NAME=${META_NAME}
-ENV META_DESCRIPTION=${META_DESCRIPTION}
-ENV CRYPTO_SECRET=${CRYPTO_SECRET}
-ENV TMDB_API_KEY=${TMDB_API_KEY}
-ENV CAPTCHA=${CAPTCHA}
-ENV CAPTCHA_CLIENT_KEY=${CAPTCHA_CLIENT_KEY}
-ENV TRAKT_CLIENT_ID=${TRAKT_CLIENT_ID}
-ENV TRAKT_SECRET_ID=${TRAKT_SECRET_ID}
-ENV NODE_ENV=${NODE_ENV}
-
-COPY . .
-
-RUN npx prisma generate
+# 4. Generate Prisma client using the build-only placeholder URL
+RUN DATABASE_URL=${DATABASE_URL} npx prisma generate
 
+# 5. Build the application (it will use the ARGs above during compilation)
 RUN npm run build
 
+# 6. Set ONLY the essential, safe runtime variable.
+ENV NODE_ENV=production
+
 EXPOSE 3000
 
+# Run migrations and start the server
+# Users MUST provide the real variables via Docker Run / Compose
 CMD ["sh", "-c", "npx prisma migrate deploy && node .output/server/index.mjs"]