feat: dockerfile (node runtime), startup migration, README, runtime env config

2026-06-10 08:16:45 +00:00
parent 56186a1fea
commit 7331fe75e8
12 changed files with 286 additions and 31 deletions
--- a/29
+++ b/29
@@ -0,0 +1,29 @@
+# --- build ---
+FROM oven/bun:1.3 AS build
+WORKDIR /app
+# Install deps first (vendored @kuns/zitadel-auth must be present for the file: dependency).
+COPY package.json bun.lock* ./
+COPY vendor ./vendor
+RUN bun install --frozen-lockfile
+COPY . .
+# Public (non-secret) OIDC config is baked into the client bundle at build time.
+# Override with --build-arg if the Zitadel app/project ids change.
+ARG NUXT_PUBLIC_ZITADEL_ISSUER=https://auth.kuns.dev
+ARG NUXT_PUBLIC_ZITADEL_CLIENT_ID=376787352019861775
+ARG NUXT_PUBLIC_ZITADEL_PROJECT_ID=376787351902355727
+ENV NUXT_PUBLIC_ZITADEL_ISSUER=$NUXT_PUBLIC_ZITADEL_ISSUER \
+    NUXT_PUBLIC_ZITADEL_CLIENT_ID=$NUXT_PUBLIC_ZITADEL_CLIENT_ID \
+    NUXT_PUBLIC_ZITADEL_PROJECT_ID=$NUXT_PUBLIC_ZITADEL_PROJECT_ID
+RUN bun run build
+
+# --- run ---
+# Nitro's node-server output is traced for Node's export conditions, so run it on Node
+# (not Bun, whose `bun` export condition resolves to files Nitro didn't copy).
+FROM node:22-slim AS run
+WORKDIR /app
+ENV NODE_ENV=production
+ENV PORT=3000
+# The Nitro output bundles everything it needs (incl. postgres + jose + the migrate plugin).
+COPY --from=build /app/.output ./.output
+EXPOSE 3000
+CMD ["node", "./.output/server/index.mjs"]