feat(deploy): add docker

deploy/docker/Dockerfile

@@ -0,0 +1,59 @@
+# =========================================
+# Stage 1: Install dependencies (with pnpm)
+# =========================================
+FROM node:20-alpine AS deps
+WORKDIR /app
+
+# Enable pnpm via corepack and configure registry mirror
+RUN corepack enable && corepack prepare pnpm@latest --activate \
+    && npm config set registry https://registry.npmmirror.com/
+
+# Copy only package files to cache dependency installation
+COPY package.json pnpm-lock.yaml* ./
+
+# Install dependencies (frozen-lockfile ensures reproducibility)
+RUN pnpm install --frozen-lockfile --prod=false
+
+# =========================================
+# Stage 2: Builder (build Next.js app)
+# =========================================
+FROM node:20-alpine AS builder
+WORKDIR /app
+
+# Enable pnpm for potential script usage
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+# Copy dependencies from deps stage
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Build the application
+# Note: Next.js telemetry is disabled via env if needed, or disable in next.config.js
+ENV NEXT_TELEMETRY_DISABLED=1
+RUN pnpm run build
+
+# =========================================
+# Stage 3: Runner (Production image)
+# =========================================
+FROM node:20-alpine AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV PORT=6020
+ENV HOSTNAME="0.0.0.0"
+
+# Create non-root user for security
+RUN addgroup --system --gid 1001 nodejs \
+    && adduser --system --uid 1001 nextjs
+
+# Copy only necessary files for standalone mode
+COPY --from=builder /app/public ./public
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 6020
+
+CMD ["node", "server.js"]

deploy/docker/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  iam-front:
+    build:
+      context: ../..
+      dockerfile: deploy/docker/Dockerfile
+    env_file:
+      - ../../.env
+    ports:
+      - "${PORT}:${PORT}"

deploy/docker/start.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${SCRIPT_DIR}"
+
+# 1. Validate environment
+export DEPLOY_TARGET=docker
+bash ../validate-env.sh
+
+# 2. Start
+echo "Starting iam-front..."
+# Removed --remove-orphans to prevent deleting containers from other compose projects
+# if they share the same project name (which defaults to folder name "docker")
+docker compose --env-file ../../.env -p iam-front up -d --build
+
+echo "iam-front is running."

deploy/docker/stop.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${SCRIPT_DIR}"
+
+echo "Stopping iam-front..."
+docker compose --env-file ../../.env -p iam-front down
+
+echo "iam-front stopped."