docker

.dockerignore

@@ -1,5 +1,2 @@
-node_modules
-.git
-.gitignore
-*.md
-dist
+*
+!docker

.github/workflows/docker.yml

@@ -0,0 +1,75 @@
+name: Docker
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - name: Cache turbo build setup
+        uses: actions/cache@v4
+        with:
+          path: .turbo
+          key: ${{ runner.os }}-turbo-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-turbo-
+
+      - name: Setup Node.js environment
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: 'image=moby/buildkit:v0.11.6'
+
+      - name: Login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY }}
+          username: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
+          password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_IMAGE }}
+          # generate Docker tags based on the following events/attributes
+          tags: type=sha
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Build for Docker
+        run: pnpm build:docker
+
+      - name: Build and Push Image
+        id: build
+        uses: docker/build-push-action@v5
+        timeout-minutes: 10
+        with:
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          push: true

.gitignore

@@ -22,3 +22,5 @@ packages/zitadel-server/src/app/proto
 /playwright-report/
 /blob-report/
 /playwright/.cache/
+/out
+/docker

Dockerfile

@@ -1,43 +1,5 @@
-# Inspired by https://pnpm.io/docker#example-3-build-on-cicd
-# Inspired by https://pnpm.io/docker#minimizing-docker-image-size-and-build-time
+FROM node:20-slim
 
-FROM node:20-slim AS base
-
-ENV PNPM_HOME="/pnpm"
-ENV PATH="$PNPM_HOME:$PATH"
-RUN apt-get update
-RUN apt-get install -y git
-RUN npm install -g corepack
-RUN corepack enable
-RUN corepack prepare pnpm@latest --activate
-RUN pnpm install turbo@^2 --global
-
-FROM base AS builder
-# Set working directory
-WORKDIR /app
-# Replace <your-major-version> with the major version installed in your repository. For example:
-RUN pnpm install turbo@^2 --global
-COPY . .
-
-# Generate a partial monorepo with a pruned lockfile for a target workspace.
-# Assuming "web" is the name entered in the project's package.json: { name: "web" }
-RUN turbo prune @zitadel/login --docker
-
-# Add lockfile and package.json's of isolated subworkspace
-FROM base AS installer
-
-WORKDIR /app
-
-# First install the dependencies (as they change less often)
-COPY --from=builder /app/out/json/ .
-RUN pnpm install --frozen-lockfile
-
-# Build the project
-COPY --from=builder /app/out/full/ .
-
-RUN turbo run build
-
-FROM base AS runner
 WORKDIR /app
 
 # Don't run production as root
@@ -47,9 +9,9 @@ USER nextjs
 
 # Automatically leverage output traces to reduce image size
 # https://nextjs.org/docs/advanced-features/output-file-tracing
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/.next/standalone ./
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/.next/static ./apps/login/.next/static
-COPY --from=installer --chown=nextjs:nodejs /app/apps/login/public ./apps/login/public
+COPY --chown=nextjs:nodejs ./docker/apps/login/.next/standalone ./
+COPY --chown=nextjs:nodejs ./docker/apps/login/.next/static ./apps/login/.next/static
+COPY --chown=nextjs:nodejs ./docker/apps/login/public ./apps/login/public
 
 ENV HOSTNAME="0.0.0.0"
 CMD node apps/login/server.js

apps/login/src/lib/service.ts

@@ -81,9 +81,8 @@ export function getServiceUrlFromHeaders(headers: ReadonlyHeaders): {
   } else if (process.env.ZITADEL_API_URL) {
     instanceUrl = process.env.ZITADEL_API_URL;
   } else {
-    // TODO: remove this fallback once the host header is always set
     const host =
-      headers.get("x-zitadel-forward-host") ?? "http://localhost:8080";
+      headers.get("x-zitadel-forward-host") ?? headers.get("host");
 
     if (host) {
       const [hostname, port] = host.split(":");

package.json

@@ -5,6 +5,7 @@
   "scripts": {
     "generate": "turbo run generate",
     "build": "turbo run build",
+    "build:docker": "rm -rf ./out ./docker && mkdir -p ./docker && turbo prune @zitadel/login --docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && turbo run build && cd ..",
     "build:packages": "turbo run build --filter=./packages/*",
     "build:apps": "turbo run build --filter=./apps/*",
     "test": "turbo run test",