feat: Add Docker build and publish CI for web app

.github/workflows/publish-docker.yml

@@ -0,0 +1,51 @@
+# GitHub Actions workflow for building and publishing Docker images
+# See CICD_PLAN.md for details
+
+name: Publish Docker Image 
+
+on:
+  push:
+    tags:
+      - 'v*.*.*' # Trigger on tags like v1.0.0, v1.2.3, etc. 
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write # Needed to push to GHCR
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/vishalmakwana111/inbox-zero
+          tags: |
+            type=semver,pattern={{version}} # e.g., v1.2.3
+            type=semver,pattern={{major}}.{{minor}} # e.g., v1.2
+            # type=sha # Optional: Add tag for git SHA
+            # set latest tag for default branch - this requires triggering on push to main as well
+            # type=raw,value=latest,enable={{is_default_branch}}
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/Dockerfile.prod
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          no-cache: true

apps/web/app/blog/page.tsx

@@ -206,7 +206,11 @@ const mdxPosts: Post[] = [
 export const revalidate = 60;
 
 export default async function BlogContentsPage() {
-  const posts = await sanityFetch<SanityPost[]>({ query: postsQuery });
+  // Skip Sanity fetch during build with dummy credentials
+  let posts: SanityPost[] = [];
+  if (process.env.NEXT_PUBLIC_SANITY_PROJECT_ID !== 'dummy-sanity-project-id-for-build') {
+    posts = await sanityFetch<SanityPost[]>({ query: postsQuery });
+  }
 
   return (
     <BlogLayout>

apps/web/app/blog/post/[slug]/page.tsx

@@ -10,6 +10,9 @@ import { captureException } from "@/utils/error";
 export const revalidate = 60;
 
 export async function generateStaticParams() {
+  if (process.env.NEXT_PUBLIC_SANITY_PROJECT_ID === 'dummy-sanity-project-id-for-build') {
+    return [];
+  }
   const posts = await client.fetch(postPathsQuery);
   return posts;
 }
@@ -67,5 +70,9 @@ export default async function Page(props: Props) {
   const params = await props.params;
   const post = await sanityFetch<PostType>({ query: postQuery, params });
 
+  if (!post) {
+    return <div>Blog post content unavailable.</div>;
+  }
+
   return <Post post={post} />;
 }

apps/web/app/sitemap.ts

@@ -4,6 +4,13 @@ import { sanityFetch } from "@/sanity/lib/fetch";
 import { postSlugsQuery } from "@/sanity/lib/queries";
 
 async function getBlogPosts() {
+  // Skip Sanity fetch during build with dummy credentials
+  if (
+    process.env.NEXT_PUBLIC_SANITY_PROJECT_ID ===
+    "dummy-sanity-project-id-for-build"
+  ) {
+    return []; // Return empty array directly
+  }
   const posts = await sanityFetch<{ slug: string; date: string }[]>({
     query: postSlugsQuery,
   });

docker-compose.yml

@@ -38,9 +38,10 @@ services:
       - inbox-zero-network
 
   web:
-    build:
-      context: .
-      dockerfile: ./docker/Dockerfile.web
+    # build:
+    #   context: .
+    #   dockerfile: ./docker/Dockerfile.web
+    image: ghcr.io/vishalmakwana111/inbox-zero:latest # Use pre-built image (updated tag)
     env_file:
       - ./apps/web/.env
     depends_on:

docker/Dockerfile.prod

@@ -0,0 +1,64 @@
+FROM node:22-alpine
+
+WORKDIR /app
+
+# Install necessary tools
+RUN apk add --no-cache openssl
+RUN npm install -g pnpm
+
+# Copy all package manager files first for caching
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml .npmrc* ./
+COPY apps/web/package.json apps/web/
+COPY apps/unsubscriber/package.json apps/unsubscriber/
+COPY apps/mcp-server/package.json apps/mcp-server/
+COPY packages/eslint-config/package.json packages/eslint-config/
+COPY packages/loops/package.json packages/loops/
+COPY packages/resend/package.json packages/resend/
+COPY packages/tinybird/package.json packages/tinybird/
+COPY packages/tinybird-ai-analytics/package.json packages/tinybird-ai-analytics/
+COPY packages/tsconfig/package.json packages/tsconfig/
+
+# Copy the rest of the application code FIRST
+COPY . .
+
+# Install ALL dependencies (including dev, no pruning)
+# This will now run postinstall scripts *after* source code is copied
+RUN pnpm install --frozen-lockfile
+
+# Set NODE_ENV for build and runtime
+ENV NODE_ENV=production
+
+# Provide dummy build-time ENV VARS (Still needed for build)
+ENV DATABASE_URL="postgresql://dummy:dummy@dummy:5432/dummy?schema=public"
+ENV DIRECT_URL="postgresql://dummy:dummy@dummy:5432/dummy?schema=public"
+ENV NEXTAUTH_SECRET="dummy_secret_for_build_only"
+ENV NEXTAUTH_URL="http://localhost:3000"
+ENV GOOGLE_CLIENT_ID="dummy_id_for_build_only"
+ENV GOOGLE_CLIENT_SECRET="dummy_secret_for_build_only"
+ENV GOOGLE_ENCRYPT_SECRET="dummy_encrypt_secret_for_build_only"
+ENV GOOGLE_ENCRYPT_SALT="dummy_encrypt_salt_for_build_only"
+ENV GOOGLE_PUBSUB_TOPIC_NAME="dummy_topic_for_build_only"
+ENV GOOGLE_PUBSUB_VERIFICATION_TOKEN="dummy_pubsub_token_for_build"
+ENV INTERNAL_API_KEY="dummy_apikey_for_build_only"
+ENV API_KEY_SALT="dummy_salt_for_build_only"
+ENV UPSTASH_REDIS_URL="http://dummy-redis-for-build:6379"
+ENV UPSTASH_REDIS_TOKEN="dummy_redis_token_for_build"
+ENV REDIS_URL="redis://dummy:dummy@dummy:6379"
+ENV QSTASH_TOKEN="dummy_qstash_token_for_build"
+ENV QSTASH_CURRENT_SIGNING_KEY="dummy_qstash_curr_key_for_build"
+ENV QSTASH_NEXT_SIGNING_KEY="dummy_qstash_next_key_for_build"
+ENV NEXT_PUBLIC_SANITY_PROJECT_ID="dummy-sanity-project-id-for-build"
+ENV NEXT_PUBLIC_SANITY_DATASET="dummy-sanity-dataset-for-build"
+
+# Ensure prisma generate runs
+RUN pnpm --filter inbox-zero-ai exec -- prisma generate
+
+# Build the Next.js application
+RUN pnpm --filter inbox-zero-ai exec -- next build
+
+# Expose port 3000
+EXPOSE 3000
+
+# Set the default command to start the production server
+# Use the simpler pnpm command, should work now as pnpm & next are installed
+CMD pnpm --filter inbox-zero-ai start 

package.json

@@ -21,6 +21,7 @@
     "husky": "9.1.7",
     "lint-staged": "15.5.1",
     "prettier": "3.5.3",
+    "prettier-plugin-tailwindcss": "0.6.11",
     "turbo": "2.5.0"
   },
   "packageManager": "[email protected]+sha512.c50088ba998c67b8ca8c99df8a5e02fd2ae2e2b29aaf238feaa9e124248d3f48f9fb6db2424949ff901cffbb5e0f0cc1ad6aedb602cd29450751d11c35023677",