feat: add docker support

Author: tilyupo

.dockerignore

@@ -0,0 +1,13 @@
+# Ignore unnecessary files for Docker context
+node_modules
+.next/cache
+.next/types
+dist
+coverage
+tests
+*.log
+.env*
+.git
+.gitignore
+Dockerfile
+docker-compose.yml

.github/workflows/replane-release.yml

@@ -0,0 +1,67 @@
+name: release-replane-image
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*.*.*' ]
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository_owner }}/replane
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU (multi-arch)
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
+            type=raw,value=edge,enable=${{ github.ref == 'refs/heads/main' }}
+            type=ref,event=tag
+            type=sha,format=short
+
+      - name: Enable corepack
+        run: corepack enable
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        with:
+          context: ./replane
+          file: ./replane/Dockerfile
+          push: true
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            NEXT_PUBLIC_BUILD_SHA=${{ github.sha }}
+
+      - name: Summary
+        run: |
+          echo "Published image tags:" >> $GITHUB_STEP_SUMMARY
+          echo "${{ steps.meta.outputs.tags }}" >> $GITHUB_STEP_SUMMARY

Dockerfile

@@ -0,0 +1,60 @@
+###########
+# Replane Production Dockerfile
+# Multi-stage build for a Next.js 15 app using pnpm.
+# Supports multi-arch when built via buildx (linux/amd64, linux/arm64).
+###########
+
+# 1) Base image
+FROM node:22-alpine AS base
+WORKDIR /app
+ENV NODE_ENV=production \
+    NEXT_TELEMETRY_DISABLED=1
+
+# 2) Dependencies (install all deps including dev for build)
+FROM base AS deps
+RUN corepack enable
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+# 3) Build
+FROM base AS build
+RUN corepack enable
+ARG NEXT_PUBLIC_BUILD_SHA
+ENV NEXT_PUBLIC_BUILD_SHA=$NEXT_PUBLIC_BUILD_SHA
+COPY package.json pnpm-lock.yaml ./
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+RUN pnpm build
+
+# 4) Prune to production dependencies only
+FROM base AS prune
+RUN corepack enable
+COPY package.json pnpm-lock.yaml ./
+COPY --from=build /app/node_modules ./node_modules
+RUN pnpm prune --prod
+
+# 5) Runtime image
+FROM node:22-alpine AS runner
+WORKDIR /app
+ENV NODE_ENV=production \
+    NEXT_TELEMETRY_DISABLED=1
+ARG NEXT_PUBLIC_BUILD_SHA
+ENV NEXT_PUBLIC_BUILD_SHA=$NEXT_PUBLIC_BUILD_SHA
+
+# Create non-root user
+RUN addgroup -g 1001 nodejs && adduser -D -u 1001 nextjs -G nodejs
+
+# Copy production node_modules and build artifacts
+COPY --from=prune /app/node_modules ./node_modules
+COPY --from=build /app/.next ./.next
+COPY --from=build /app/public ./public
+COPY --from=build /app/package.json ./package.json
+COPY --from=build /app/next.config.ts ./next.config.ts
+
+USER nextjs
+EXPOSE 3000
+
+# Basic healthcheck (adjust if you change the endpoint)
+HEALTHCHECK --interval=30s --timeout=5s --retries=5 CMD wget -qO- http://127.0.0.1:3000/api/health || exit 1
+
+CMD ["node", "node_modules/next/dist/bin/next", "start"]

README.md

@@ -119,3 +119,45 @@ This is pre‑1.0 software. Data model & endpoints may change. Don’t put missi
 ## License
 
 MIT
+
+## Docker Image
+
+A multi-arch (amd64/arm64) image is published to GitHub Container Registry on every push to `main` and on version tags (`v*.*.*`).
+
+Pull the latest image:
+
+```bash
+# authenticate (if private)
+echo $GITHUB_TOKEN | docker login ghcr.io -u <your-username> --password-stdin
+
+# pull
+docker pull ghcr.io/<org-or-user>/replane:latest
+```
+
+Run locally (remember to provide required env vars):
+
+```bash
+docker run --rm -p 3000:3000 \
+   -e DATABASE_URL=postgresql://postgres:postgres@host.docker.internal:5432/replane \
+   -e NEXTAUTH_URL=http://localhost:3000 \
+   -e NEXTAUTH_SECRET=changeme \
+   ghcr.io/<org-or-user>/replane:latest
+```
+
+Health endpoint: `GET /api/health` returns `{ "status": "ok" }`.
+
+Build locally for testing:
+
+```bash
+docker build -t replane:local ./replane
+```
+
+To release a versioned tag (publishes `vX.Y.Z` + `latest`):
+
+```bash
+git tag v0.2.0 && git push origin v0.2.0
+```
+
+---
+
+> Build arg: `NEXT_PUBLIC_BUILD_SHA` is injected automatically in CI.

package.json

@@ -9,6 +9,7 @@
     "lint": "next lint",
     "test": "dotenv -- vitest run",
     "test:watch": "dotenv -- vitest",
+    "release": "bumpp",
     "migrate": "pnpm run migrate:migrate && pnpm run migrate:codegen",
     "migrate:migrate": "dotenv -- tsx ./src/engine/scripts/migrate.ts",
     "migrate:codegen": "dotenv -- kysely-codegen --out-file ./src/engine/core/db.d.ts && prettier --write ./src/engine/core/db.d.ts && eslint ./src/engine/core/db.d.ts --fix"
@@ -94,6 +95,7 @@
     "@types/react": "^19",
     "@types/react-dom": "^19",
     "@vitejs/plugin-react": "^5.0.1",
+    "bumpp": "^10.2.3",
     "dotenv-cli": "^10.0.0",
     "editorconfig": "^3.0.1",
     "eslint": "^9",