kevcoxe/Dockerfile

## README.md

      
    Raw
  

              README.md
            
          
    Here is a Dockerfile with entrypoint.sh designed to allow building your Next.js apps into a minimal docker image without exposing your ENV secrets.
To use create a .env.example with all of the ENV vars you will be using in your app but with a placeholder value.
Build your image
docker build -t <some_image_name> .

Run with image and new env vars
# use env file
docker run --env-file <location_of_actual_env_file> <some_image_name>

# passing env vars direct
docker run -e SOME_ENV_VAR=SOME_ENV_VAL <some_image_name>


## Dockerfile
FROM node:18-alpine AS base

# Install dependencies only when needed
FROM base AS deps
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
RUN apk add --no-cache libc6-compat
WORKDIR /app

# Install dependencies based on the preferred package manager
COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
RUN \
  if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
  elif [ -f package-lock.json ]; then npm ci; \
  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
  else echo "Lockfile not found." && exit 1; \
  fi


# Rebuild the source code only when needed
FROM base AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
COPY . .
RUN mv ./.env.example ./.env

# Next.js collects completely anonymous telemetry data about general usage.
# Learn more here: https://nextjs.org/telemetry
# Uncomment the following line in case you want to disable telemetry during the build.
# ENV NEXT_TELEMETRY_DISABLED 1

RUN \
  if [ -f yarn.lock ]; then yarn run build; \
  elif [ -f package-lock.json ]; then npm run build; \
  elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
  else echo "Lockfile not found." && exit 1; \
  fi

# Production image, copy all the files and run next
FROM base AS runner
WORKDIR /app

ENV NODE_ENV production
# Uncomment the following line in case you want to disable telemetry during runtime.
# ENV NEXT_TELEMETRY_DISABLED 1

RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs

COPY --from=builder /app/public ./public

# Set the correct permission for prerender cache
RUN mkdir .next
RUN chown nextjs:nodejs .next
RUN apk update && apk add bash

# Automatically leverage output traces to reduce image size
# https://nextjs.org/docs/advanced-features/output-file-tracing
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

COPY ./entrypoint.sh /app/entrypoint.sh

# Permisions to execute script
RUN chmod +x /app/entrypoint.sh

USER nextjs

EXPOSE 3000

ENV PORT 3000

ENTRYPOINT ["/app/entrypoint.sh"]


# server.js is created by next build from the standalone output
# https://nextjs.org/docs/pages/api-reference/next-config-js/output
CMD HOSTNAME="0.0.0.0" node server.js

## entrypoint.sh
#!/bin/bash

# Directory to search for files
dir="/app/.next"

declare -A envVarsToReplace

tmpEnvVarFile="/app/.env"
function loadTmpEnv () {
    # Load the environment variables from the .env file
    envVars=$(egrep -v '^#' $tmpEnvVarFile)

    # loop over envVars and split them by '=', then set the key-value pair
    for envVar in $envVars
    do
        key=$(echo $envVar | cut -d'=' -f1)
        value=$(echo $envVar | cut -d'=' -f2)
        echo "Key: $key, Value: $value"

        envVarsToReplace[$key]=$value
    done
}

loadTmpEnv

# Loop over the keys of the associative array
for eName in "${!envVarsToReplace[@]}"
do
    # check if the env var is set
    if [[ -v $eName ]]; then
        echo "The environment variable $eName is set."

        # Find all files in the directory and replace occurrences of the string
        find $dir -type f -exec sed -i "s|${envVarsToReplace[$eName]}|$(printenv "$eName")|g" {} \;

        echo "Replacement completed."
    else
        echo "The environment variable $eName is not set."
    fi
done

exec "$@"
	FROM node:18-alpine AS base

	# Install dependencies only when needed
	FROM base AS deps
	# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
	RUN apk add --no-cache libc6-compat
	WORKDIR /app

	# Install dependencies based on the preferred package manager
	COPY package.json yarn.lock* package-lock.json* pnpm-lock.yaml* ./
	RUN \
	if [ -f yarn.lock ]; then yarn --frozen-lockfile; \
	elif [ -f package-lock.json ]; then npm ci; \
	elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm i --frozen-lockfile; \
	else echo "Lockfile not found." && exit 1; \
	fi


	# Rebuild the source code only when needed
	FROM base AS builder
	WORKDIR /app
	COPY --from=deps /app/node_modules ./node_modules
	COPY . .
	RUN mv ./.env.example ./.env

	# Next.js collects completely anonymous telemetry data about general usage.
	# Learn more here: https://nextjs.org/telemetry
	# Uncomment the following line in case you want to disable telemetry during the build.
	# ENV NEXT_TELEMETRY_DISABLED 1

	RUN \
	if [ -f yarn.lock ]; then yarn run build; \
	elif [ -f package-lock.json ]; then npm run build; \
	elif [ -f pnpm-lock.yaml ]; then corepack enable pnpm && pnpm run build; \
	else echo "Lockfile not found." && exit 1; \
	fi

	# Production image, copy all the files and run next
	FROM base AS runner
	WORKDIR /app

	ENV NODE_ENV production
	# Uncomment the following line in case you want to disable telemetry during runtime.
	# ENV NEXT_TELEMETRY_DISABLED 1

	RUN addgroup --system --gid 1001 nodejs
	RUN adduser --system --uid 1001 nextjs

	COPY --from=builder /app/public ./public

	# Set the correct permission for prerender cache
	RUN mkdir .next
	RUN chown nextjs:nodejs .next
	RUN apk update && apk add bash

	# Automatically leverage output traces to reduce image size
	# https://nextjs.org/docs/advanced-features/output-file-tracing
	COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
	COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static

	COPY ./entrypoint.sh /app/entrypoint.sh

	# Permisions to execute script
	RUN chmod +x /app/entrypoint.sh

	USER nextjs

	EXPOSE 3000

	ENV PORT 3000

	ENTRYPOINT ["/app/entrypoint.sh"]


	# server.js is created by next build from the standalone output
	# https://nextjs.org/docs/pages/api-reference/next-config-js/output
	CMD HOSTNAME="0.0.0.0" node server.js
	#!/bin/bash

	# Directory to search for files
	dir="/app/.next"

	declare -A envVarsToReplace

	tmpEnvVarFile="/app/.env"
	function loadTmpEnv () {
	# Load the environment variables from the .env file
	envVars=$(egrep -v '^#' $tmpEnvVarFile)

	# loop over envVars and split them by '=', then set the key-value pair
	for envVar in $envVars
	do
	key=$(echo $envVar \| cut -d'=' -f1)
	value=$(echo $envVar \| cut -d'=' -f2)
	echo "Key: $key, Value: $value"

	envVarsToReplace[$key]=$value
	done
	}

	loadTmpEnv

	# Loop over the keys of the associative array
	for eName in "${!envVarsToReplace[@]}"
	do
	# check if the env var is set
	if [[ -v $eName ]]; then
	echo "The environment variable $eName is set."

	# Find all files in the directory and replace occurrences of the string
	find $dir -type f -exec sed -i "s\|${envVarsToReplace[$eName]}\|$(printenv "$eName")\|g" {} \;

	echo "Replacement completed."
	else
	echo "The environment variable $eName is not set."
	fi
	done

	exec "$@"