Move to infisical. Create local dev environment. Add ci gates. Modernize repo

docker/Dockerfile

@@ -1,24 +1,49 @@
 # syntax=docker/dockerfile:1
-FROM oven/bun:alpine AS base
+FROM docker.io/oven/bun:1.3.10-alpine AS base
 
 # Builder stage
 FROM base AS builder
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
+ARG SENTRY_AUTH_TOKEN
+ARG SENTRY_DISABLE_AUTO_UPLOAD=false
+ARG NEXT_PUBLIC_SITE_URL
+ARG NEXT_PUBLIC_CONVEX_URL
+ARG NEXT_PUBLIC_PLAUSIBLE_URL
+ARG NEXT_PUBLIC_SENTRY_DSN
+ARG NEXT_PUBLIC_SENTRY_URL
+ARG NEXT_PUBLIC_SENTRY_ORG
+ARG NEXT_PUBLIC_SENTRY_PROJECT_NAME
+ARG PAYLOAD_SECRET
+ARG PAYLOAD_DB_URL
+
+ENV SENTRY_AUTH_TOKEN=$SENTRY_AUTH_TOKEN
+ENV SENTRY_DISABLE_AUTO_UPLOAD=$SENTRY_DISABLE_AUTO_UPLOAD
+ENV NEXT_PUBLIC_SITE_URL=$NEXT_PUBLIC_SITE_URL
+ENV NEXT_PUBLIC_CONVEX_URL=$NEXT_PUBLIC_CONVEX_URL
+ENV NEXT_PUBLIC_PLAUSIBLE_URL=$NEXT_PUBLIC_PLAUSIBLE_URL
+ENV NEXT_PUBLIC_SENTRY_DSN=$NEXT_PUBLIC_SENTRY_DSN
+ENV NEXT_PUBLIC_SENTRY_URL=$NEXT_PUBLIC_SENTRY_URL
+ENV NEXT_PUBLIC_SENTRY_ORG=$NEXT_PUBLIC_SENTRY_ORG
+ENV NEXT_PUBLIC_SENTRY_PROJECT_NAME=$NEXT_PUBLIC_SENTRY_PROJECT_NAME
+ENV PAYLOAD_SECRET=$PAYLOAD_SECRET
+ENV PAYLOAD_DB_URL=$PAYLOAD_DB_URL
+
 # Copy source code (node_modules excluded via .dockerignore)
 COPY . .
 
 # Install all dependencies
-RUN bun install
+ENV HUSKY=0
+RUN bun install --frozen-lockfile
 
 # Build with proper environment
 ENV NEXT_TELEMETRY_DISABLED=1
 ENV NODE_ENV=production
-RUN bun run build --filter=@gib/next
+RUN cd apps/next && bun run build:docker
 
 # Runner stage
-FROM node:22-alpine AS runner
+FROM docker.io/library/node:22-alpine AS runner
 WORKDIR /app
 
 ENV NODE_ENV=production

docker/compose.local.yml

@@ -0,0 +1,62 @@
+name: convexmonorepo-local
+
+services:
+  postgres:
+    image: postgres:17
+    container_name: convexmonorepo-local-postgres
+    ports: ['${POSTGRES_PORT:-5432}:5432']
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER:-convexmonorepo}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-localdev}
+      - POSTGRES_DB=${POSTGRES_DB:-convexmonorepo_payload}
+    volumes: [payload-postgres-data:/var/lib/postgresql/data]
+    restart: unless-stopped
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}']
+      start_period: 10s
+      interval: 5s
+      retries: 10
+      timeout: 5s
+
+  convex-backend:
+    image: ghcr.io/get-convex/convex-backend:${BACKEND_TAG:-latest}
+    container_name: convexmonorepo-local-convex
+    ports:
+      - '${BACKEND_PORT:-3210}:3210'
+      - '${SITE_PROXY_PORT:-3211}:3211'
+    environment:
+      - INSTANCE_NAME=${LOCAL_INSTANCE_NAME:-convexmonorepo_local}
+      - INSTANCE_SECRET=${LOCAL_INSTANCE_SECRET:-0000000000000000000000000000000000000000000000000000000000000000}
+      - CONVEX_CLOUD_ORIGIN=http://localhost:${BACKEND_PORT:-3210}
+      - CONVEX_SITE_ORIGIN=http://localhost:${SITE_PROXY_PORT:-3211}
+      - DISABLE_BEACON=true
+      - REDACT_LOGS_TO_CLIENT=false
+      - DO_NOT_REQUIRE_SSL=true
+      # Convex uses its own volume by default. A cloned project may opt into
+      # Convex-on-Postgres by configuring a separate database URL here:
+      # - POSTGRES_URL=postgres://user:password@postgres:5432/convex?sslmode=disable
+    volumes: [convex-data:/convex/data]
+    restart: unless-stopped
+    healthcheck:
+      test: ['CMD', 'curl', '-f', 'http://localhost:3210/version']
+      start_period: 10s
+      interval: 5s
+      retries: 20
+      timeout: 5s
+    stop_grace_period: 10s
+    stop_signal: SIGINT
+
+  convex-dashboard:
+    image: ghcr.io/get-convex/convex-dashboard:${DASHBOARD_TAG:-latest}
+    container_name: convexmonorepo-local-convex-dashboard
+    ports: ['${DASHBOARD_PORT:-6791}:6791']
+    environment:
+      - NEXT_PUBLIC_DEPLOYMENT_URL=http://localhost:${BACKEND_PORT:-3210}
+    depends_on:
+      convex-backend:
+        condition: service_healthy
+    restart: unless-stopped
+
+volumes:
+  payload-postgres-data:
+  convex-data:

docker/compose.yml

@@ -7,7 +7,19 @@ services:
     build:
       context: ../
       dockerfile: ./docker/Dockerfile
-    image: ${NEXT_CONTAINER_NAME}:latest
+      args:
+        SENTRY_AUTH_TOKEN: ${SENTRY_AUTH_TOKEN}
+        SENTRY_DISABLE_AUTO_UPLOAD: ${SENTRY_DISABLE_AUTO_UPLOAD:-false}
+        NEXT_PUBLIC_SITE_URL: ${NEXT_PUBLIC_SITE_URL}
+        NEXT_PUBLIC_CONVEX_URL: ${NEXT_PUBLIC_CONVEX_URL}
+        NEXT_PUBLIC_PLAUSIBLE_URL: ${NEXT_PUBLIC_PLAUSIBLE_URL}
+        NEXT_PUBLIC_SENTRY_DSN: ${NEXT_PUBLIC_SENTRY_DSN}
+        NEXT_PUBLIC_SENTRY_URL: ${NEXT_PUBLIC_SENTRY_URL}
+        NEXT_PUBLIC_SENTRY_ORG: ${NEXT_PUBLIC_SENTRY_ORG}
+        NEXT_PUBLIC_SENTRY_PROJECT_NAME: ${NEXT_PUBLIC_SENTRY_PROJECT_NAME}
+        PAYLOAD_SECRET: ${PAYLOAD_SECRET}
+        PAYLOAD_DB_URL: ${PAYLOAD_DB_URL}
+    image: convexmonorepo-next:latest
     #image: git.gbrown.org/gib/${NEXT_CONTAINER_NAME}:latest
     container_name: ${NEXT_CONTAINER_NAME}
     environment:
@@ -43,12 +55,13 @@ services:
     labels: ['com.centurylinklabs.watchtower.enable=true']
     environment:
       - INSTANCE_NAME=${INSTANCE_NAME}
-      #- INSTANCE_SECRET
+      - INSTANCE_SECRET=${INSTANCE_SECRET}
       - CONVEX_CLOUD_ORIGIN=${CONVEX_CLOUD_ORIGIN:-http://${BACKEND_CONTAINER_NAME:-stpeteit-backend}:${BACKEND_PORT:-3210}}
       - CONVEX_SITE_ORIGIN=${CONVEX_SITE_ORIGIN:-http://${BACKEND_CONTAINER_NAME:-stpeteit-backend}:${SITE_PROXY_PORT:-3211}}
       - DISABLE_BEACON=${DISABLE_BEACON:-true}
       - REDACT_LOGS_TO_CLIENT=${REDACT_LOGS_TO_CLIENT:-true}
       - DO_NOT_REQUIRE_SSL=${DO_NOT_REQUIRE_SSL:-false}
+      # Optional: Convex-on-Postgres is not the template default.
       #- POSTGRES_URL=${POSTGRES_URL}
     stdin_open: true
     tty: true
@@ -80,25 +93,27 @@ services:
     stop_grace_period: 10s
     stop_signal: SIGINT
 
+  # Optional production Postgres. Payload may instead continue using an
+  # external/VPN PAYLOAD_DB_URL. Convex does not share this DB by default.
   #convexmonorepo-postgresql:
-    #image: postgres:17
-    #container_name: ${POSTGRES_CONTAINER_NAME:-convexmonorepo-postgres}
-    #hostname: ${POSTGRES_CONTAINER_NAME:-convexmonorepo-postgres}
-    #domainname: postgres.${NEXT_DOMAIN:-convexmonorepo.gbrown.org}
-    #networks: ['${NETWORK:-nginx-bridge}']
-    #ports: ['5432:5432']
-    #environment:
-      #- POSTGRES_USER=${POSTGRES_USER:-convexmonorepo}
-      #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      #- POSTGRES_DB=${POSTGRES_DB:-convexmonorepo_payload}
-    #labels: ['com.centurylinklabs.watchtower.enable=true']
-    #volumes: ['./volumes/postgres:/var/lib/postgresql/data']
-    #tty: true
-    #stdin_open: true
-    #restart: unless-stopped
-    #healthcheck:
-      #test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
-      #start_period: 20s
-      #interval: 30s
-      #retries: 5
-      #timeout: 5s
+  #image: postgres:17
+  #container_name: ${POSTGRES_CONTAINER_NAME:-convexmonorepo-postgres}
+  #hostname: ${POSTGRES_CONTAINER_NAME:-convexmonorepo-postgres}
+  #domainname: postgres.${NEXT_DOMAIN:-convexmonorepo.gbrown.org}
+  #networks: ['${NETWORK:-nginx-bridge}']
+  #ports: ['5432:5432']
+  #environment:
+  #- POSTGRES_USER=${POSTGRES_USER:-convexmonorepo}
+  #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+  #- POSTGRES_DB=${POSTGRES_DB:-convexmonorepo_payload}
+  #labels: ['com.centurylinklabs.watchtower.enable=true']
+  #volumes: ['./volumes/postgres:/var/lib/postgresql/data']
+  #tty: true
+  #stdin_open: true
+  #restart: unless-stopped
+  #healthcheck:
+  #test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+  #start_period: 20s
+  #interval: 30s
+  #retries: 5
+  #timeout: 5s