Refactor Dockerfile to optimize build and align with CI artifacts

frontend/.gitlab-ci.yml

@@ -12,6 +12,12 @@ build_frontend:
       cd frontend
       npm install
       npx next build
+  artifacts:
+    paths:
+      - frontend/.next
+      - frontend/public
+      - frontend/package.json
+      - frontend/package-lock.json
 
 docker_frontend:
   extends: .docker-build-template

frontend/Dockerfile

@@ -1,31 +1,25 @@
-# Use lightweight Node.js 20 base image
-FROM node:20-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944 as builder
-
-# Set working directory
-WORKDIR /app
-
-# Copy package files separately for better Docker caching
-COPY package.json package-lock.json ./
-
-# Install dependencies
-RUN npm ci
-
-# Copy entire project
-COPY . .
-
-# Build the Next.js app
-RUN npm run build
-
-# Use a minimal base image for running the app
+# Use a lightweight Node.js 20 Alpine image (digest-pinned for reproducibility)
 FROM node:20-alpine@sha256:9bef0ef1e268f60627da9ba7d7605e8831d5b56ad07487d24d1aa386336d1944
 
+# Set the working directory inside the container
 WORKDIR /app
 
-# Copy built files from the builder stage
-COPY --from=builder /app ./
+# Copy only the production-ready files built in CI
+# These files must be passed as GitLab artifacts:
+# - .next/         → built Next.js app
+# - public/        → static assets
+# - package.json   → app manifest
+# - package-lock.json → to lock dependencies for reproducibility
+COPY .next .next
+COPY public public
+COPY package.json package.json
+COPY package-lock.json package-lock.json
 
-# Expose port
+# Install only production dependencies to reduce image size
+RUN npm ci --omit=dev
+
+# Expose the port that Next.js serves on (default is 3000)
 EXPOSE 3000
 
-# Start Next.js in production mode
+# Start the Next.js app in production mode
 CMD ["npm", "run", "start"]