From 8a11c176aa03c16b42b742165cfe339f46427da1 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 14:21:58 +0700
Subject: [PATCH 01/14] build docker via gitlab

---
 .gitlab-ci.yml      | 164 +++++++++++++++++++++++++-------------------
 Dockerfile          |  24 +++++++
 docker-compose.yaml |  39 +++++++++++
 3 files changed, 158 insertions(+), 69 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index efda72f0..d9db48d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,76 +1,102 @@
-stages: [notify]
+stages:
+  - build
+  - cleanup
+  - deploy
 
-# --- Notify when MR is opened/updated ---
-notify_discord_mr:
-  stage: notify
-  image: alpine:3.20
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+variables:
+  DOCKER_DRIVER: overlay2
+  IMAGE_NAME: "${CI_REGISTRY_IMAGE}/web-lti"
+  DEPLOY_ENV: development
+  KEEP_IMAGES: 3
+  BUILD_MODE: static
+
+# =====================================================
+# 🔑 AUTH TO REGISTRY
+# =====================================================
+before_script:
+  - echo "🔐 Logging in to GitLab Container Registry..."
+  - echo "$GITLAB_TOKEN" | docker login -u "$GITLAB_USER" --password-stdin "$CI_REGISTRY"
+
+# =====================================================
+# 🧱 BUILD IMAGE
+# =====================================================
+build-image:
+  stage: build
+  image: docker:27.0.2
+  services:
+    - docker:dind
   variables:
-    WEBHOOK_URL: $DISCORD_WEBHOOK_URL
-  before_script:
-    - apk add --no-cache curl jq
-  script: |
-    MR_URL="${CI_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}"
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    - echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
 
-    jq -n \
-      --arg repo "$CI_PROJECT_PATH" \
-      --arg mr "#${CI_MERGE_REQUEST_IID}" \
-      --arg url "$MR_URL" \
-      --arg requestor "${GITLAB_USER_LOGIN:-$GITLAB_USER_NAME}" \
-      --arg source "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" \
-      --arg target "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" \
-      --arg title "$CI_MERGE_REQUEST_TITLE" \
-      '{
-        username: "CI Bot - FE",
-        embeds: [{
-          title: "📣 [LTI WEB CLIENT] Merge Request Opened/Updated",
-          description: ($mr + " in " + $repo),
-          url: $url,
-          color: 3447003,
-          fields: [
-            {name: "Author", value: $requestor, inline: true},
-            {name: "Source → Target", value: ($source + " → " + $target), inline: true},
-            {name: "Title", value: $title}
-          ]
-        }]
-      }' \
-      | curl -sS -H "Content-Type: application/json" -d @- "$WEBHOOK_URL"
+    # Tag format: web-lti:development_<commit>
+    - export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
 
-# --- Notify when MR is merged ---
-notify_discord_merge:
-  stage: notify
+    - echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
+    - docker build \
+        --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
+        --build-arg NEXT_PUBLIC_LTI_API_START_URL=$NEXT_PUBLIC_LTI_API_START_URL \
+        --build-arg NEXT_PUBLIC_LTI_CLIENT_ID=$NEXT_PUBLIC_LTI_CLIENT_ID \
+        --build-arg BUILD_MODE=$BUILD_MODE \
+        -t "$IMAGE_NAME:$TAG" \
+        -t "$IMAGE_NAME:$DEPLOY_ENV" .
+
+    - echo "📦 Pushing images to registry..."
+    - docker push "$IMAGE_NAME:$TAG"
+    - docker push "$IMAGE_NAME:$DEPLOY_ENV"
+  only:
+    - development
+
+# =====================================================
+# 🧹 CLEANUP OLD IMAGES (KEEP 3)
+# =====================================================
+cleanup-registry:
+  stage: cleanup
   image: alpine:3.20
-  rules:
-    # Only run for merge request pipelines that are in merged state
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_STATE == "merged"'
-  variables:
-    WEBHOOK_URL: $DISCORD_WEBHOOK_URL
-  before_script:
+  script:
     - apk add --no-cache curl jq
-  script: |
-    MR_URL="${CI_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}"
+    - echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
 
-    jq -n \
-      --arg repo "$CI_PROJECT_PATH" \
-      --arg mr "#${CI_MERGE_REQUEST_IID}" \
-      --arg url "$MR_URL" \
-      --arg requestor "${CI_MERGE_REQUEST_AUTHOR}" \
-      --arg source "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" \
-      --arg target "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" \
-      --arg title "$CI_MERGE_REQUEST_TITLE" \
-      '{
-        username: "CI Bot - FE",
-        embeds: [{
-          title: "✅ [LTI WEB CLIENT] Merge Request Merged",
-          description: ($mr + " has been merged into " + $repo),
-          url: $url,
-          color: 3066993,
-          fields: [
-            {name: "Author", value: $requestor, inline: true},
-            {name: "Source → Target", value: ($source + " → " + $target), inline: true},
-            {name: "Title", value: $title}
-          ]
-        }]
-      }' \
-      | curl -sS -H "Content-Type: application/json" -d @- "$WEBHOOK_URL"
+    - TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
+        --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
+        "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
+
+    - ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
+        | jq -r '.tags | sort | reverse | .['$KEEP_IMAGES':] | @sh' | tr -d "'")
+
+    - |
+      for tag in $ALL_TAGS; do
+        echo "🗑️  Deleting old image tag: $tag"
+        DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
+          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
+        curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
+          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}"
+      done
+  only:
+    - development
+  when: always
+
+# =====================================================
+# 🚀 DEPLOY TO SERVER (VIA SSH)
+# =====================================================
+deploy:
+  stage: deploy
+  image: alpine:3.20
+  before_script:
+    - apk add --no-cache openssh
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+  script:
+    - echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
+    - ssh $SERVER_USER@$SERVER_IP "
+        docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
+        docker pull $IMAGE_NAME:$DEPLOY_ENV &&
+        docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
+        docker image prune -f
+      "
+  only:
+    - development
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..26f41276
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,24 @@
+FROM node:20-alpine
+
+RUN apk add --no-cache git bash build-base curl
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci
+
+COPY . .
+
+# Buat config agar Next tahu output: export
+RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
+
+# Build project (Next.js 15 otomatis static export)
+RUN NEXT_DISABLE_TURBOPACK=1 npx next build
+
+# Pastikan folder static tersedia untuk URL _next/static
+RUN mkdir -p .next/server/app/_next && \
+    cp -r .next/static .next/server/app/_next/static && \
+    cp -r public/assets .next/server/app/
+
+EXPOSE 3000
+CMD ["npx", "serve", ".next/server/app", "-l", "3000"]
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 00000000..8d658170
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,39 @@
+version: "3.9"
+
+services:
+  dev-web-lti:
+    container_name: dev-web-lti
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "3002:3000"
+    env_file:
+      - .env
+    environment:
+      NODE_ENV: production
+      APP_ENV: production
+    networks:
+      - dev-lti-network
+    restart: always
+    deploy:
+      resources:
+        limits:
+          cpus: "3.0"
+          memory: 3G
+        reservations:
+          cpus: "1.0"
+          memory: 512M
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    # Optional: aktifkan healthcheck jika punya endpoint
+    # healthcheck:
+    #   test: ["CMD-SHELL", "curl -fsS http://localhost:3000/api/healthz || exit 1"]
+    #   interval: 10s
+    #   timeout: 3s
+    #   retries: 10
+    #   start_period: 15s
+
+networks:
+  dev-lti-network:
+    external: true
\ No newline at end of file

From 52e8fb4a3bfd1e82be1d24081ecb83e1e31f6b19 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 14:44:58 +0700
Subject: [PATCH 02/14] build with tag docker

---
 .gitlab-ci.yml | 81 +++++++++++++++++++++++---------------------------
 Dockerfile     | 48 +++++++++++++++++++++++++-----
 2 files changed, 77 insertions(+), 52 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d9db48d3..0bbd68bb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,9 +10,6 @@ variables:
   KEEP_IMAGES: 3
   BUILD_MODE: static
 
-# =====================================================
-# 🔑 AUTH TO REGISTRY
-# =====================================================
 before_script:
   - echo "🔐 Logging in to GitLab Container Registry..."
   - echo "$GITLAB_TOKEN" | docker login -u "$GITLAB_USER" --password-stdin "$CI_REGISTRY"
@@ -27,24 +24,21 @@ build-image:
     - docker:dind
   variables:
     DOCKER_TLS_CERTDIR: ""
-  script:
-    - echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
+  script: |
+    echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
+    export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
+    echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
 
-    # Tag format: web-lti:development_<commit>
-    - export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
+    docker build \
+      --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
+      --build-arg NEXT_PUBLIC_SSO_LOGIN_URL=$NEXT_PUBLIC_SSO_LOGIN_URL \
+      --build-arg BUILD_MODE=$BUILD_MODE \
+      -t "$IMAGE_NAME:$TAG" \
+      -t "$IMAGE_NAME:$DEPLOY_ENV" .
 
-    - echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
-    - docker build \
-        --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
-        --build-arg NEXT_PUBLIC_LTI_API_START_URL=$NEXT_PUBLIC_LTI_API_START_URL \
-        --build-arg NEXT_PUBLIC_LTI_CLIENT_ID=$NEXT_PUBLIC_LTI_CLIENT_ID \
-        --build-arg BUILD_MODE=$BUILD_MODE \
-        -t "$IMAGE_NAME:$TAG" \
-        -t "$IMAGE_NAME:$DEPLOY_ENV" .
-
-    - echo "📦 Pushing images to registry..."
-    - docker push "$IMAGE_NAME:$TAG"
-    - docker push "$IMAGE_NAME:$DEPLOY_ENV"
+    echo "📦 Pushing images to registry..."
+    docker push "$IMAGE_NAME:$TAG"
+    docker push "$IMAGE_NAME:$DEPLOY_ENV"
   only:
     - development
 
@@ -54,26 +48,25 @@ build-image:
 cleanup-registry:
   stage: cleanup
   image: alpine:3.20
-  script:
-    - apk add --no-cache curl jq
-    - echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
+  script: |
+    apk add --no-cache curl jq
+    echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
 
-    - TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
-        --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
-        "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
+    TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
+      --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
+      "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
 
-    - ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
-        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
-        | jq -r '.tags | sort | reverse | .['$KEEP_IMAGES':] | @sh' | tr -d "'")
+    ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
+      "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
+      | jq -r ".tags | sort | reverse | .[${KEEP_IMAGES}:]" | jq -r '.[]')
 
-    - |
-      for tag in $ALL_TAGS; do
-        echo "🗑️  Deleting old image tag: $tag"
-        DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
-          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
-        curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
-          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}"
-      done
+    for tag in $ALL_TAGS; do
+      echo "🗑️  Deleting old image tag: $tag"
+      DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
+      curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}" || true
+    done
   only:
     - development
   when: always
@@ -90,13 +83,13 @@ deploy:
     - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
-  script:
-    - echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
-    - ssh $SERVER_USER@$SERVER_IP "
-        docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
-        docker pull $IMAGE_NAME:$DEPLOY_ENV &&
-        docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
-        docker image prune -f
-      "
+  script: |
+    echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
+    ssh $SERVER_USER@$SERVER_IP "
+      docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
+      docker pull $IMAGE_NAME:$DEPLOY_ENV &&
+      docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
+      docker image prune -f
+    "
   only:
     - development
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 26f41276..a7273724 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,24 +1,56 @@
-FROM node:20-alpine
+# ============================================================
+# 🏗️  Stage 1 — Builder
+# ============================================================
+FROM node:20-alpine AS builder
 
+# Install hanya yang diperlukan untuk build
 RUN apk add --no-cache git bash build-base curl
 
 WORKDIR /app
 
+# Copy dependency list terlebih dahulu agar cache efektif
 COPY package*.json ./
-RUN npm ci
 
+# Gunakan npm ci (lebih cepat, konsisten)
+RUN npm ci --omit=dev
+
+# Copy source code terakhir
 COPY . .
 
-# Buat config agar Next tahu output: export
+# Buat config agar Next tahu mode static export
 RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
 
-# Build project (Next.js 15 otomatis static export)
-RUN NEXT_DISABLE_TURBOPACK=1 npx next build
+# Build Next.js tanpa Turbopack, lalu hapus cache npm
+ENV NEXT_DISABLE_TURBOPACK=1
+RUN npx next build && npm cache clean --force
 
-# Pastikan folder static tersedia untuk URL _next/static
+# Tambahkan cache folder _next agar bisa dilayani oleh server
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
-    cp -r public/assets .next/server/app/
+    cp -r public/assets .next/server/app/ || true
+
+# ============================================================
+# 🧱  Stage 2 — Runtime (super ringan)
+# ============================================================
+FROM node:20-alpine AS runtime
+
+# Install hanya 1 dependency ringan untuk serving static file
+RUN npm install -g serve && apk add --no-cache tini
+
+WORKDIR /app
+
+# Copy hasil build dari stage sebelumnya
+COPY --from=builder /app/.next/server/app ./server
+COPY --from=builder /app/.next/server/app/_next ./server/_next
+COPY --from=builder /app/public ./public
+
+# Set environment minimal
+ENV NODE_ENV=production
+ENV PORT=3000
 
 EXPOSE 3000
-CMD ["npx", "serve", ".next/server/app", "-l", "3000"]
\ No newline at end of file
+
+# Jalankan lewat tini untuk handle signal & memory leak
+ENTRYPOINT ["/sbin/tini", "--"]
+
+CMD ["serve", "-s", "server", "-l", "3000"]
\ No newline at end of file

From 29ff1bb50a6d5200e5090dd62f9a077c69b91700 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 14:53:49 +0700
Subject: [PATCH 03/14] edit .gitlab-ci

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0bbd68bb..c2392f1a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,7 @@ variables:
 
 before_script:
   - echo "🔐 Logging in to GitLab Container Registry..."
-  - echo "$GITLAB_TOKEN" | docker login -u "$GITLAB_USER" --password-stdin "$CI_REGISTRY"
+  - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
 
 # =====================================================
 # 🧱 BUILD IMAGE

From 66b6579f275e5ca55ec82352db10f910726ca12a Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 15:01:10 +0700
Subject: [PATCH 04/14] edit .gitlab-ci

---
 .gitlab-ci.yml | 113 ++++++++++++++-----------------------------------
 Dockerfile     |  32 ++++++--------
 2 files changed, 45 insertions(+), 100 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c2392f1a..9b13bb02 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,95 +1,44 @@
 stages:
   - build
-  - cleanup
-  - deploy
 
 variables:
+  # 🔧 Aktifkan Docker BuildKit (build lebih cepat & caching layer)
+  DOCKER_BUILDKIT: "1"
+  COMPOSE_DOCKER_CLI_BUILD: "1"
   DOCKER_DRIVER: overlay2
-  IMAGE_NAME: "${CI_REGISTRY_IMAGE}/web-lti"
-  DEPLOY_ENV: development
-  KEEP_IMAGES: 3
-  BUILD_MODE: static
 
-before_script:
-  - echo "🔐 Logging in to GitLab Container Registry..."
-  - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+  # 🧠 Nama image (pakai commit short SHA)
+  IMAGE_NAME: "$CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}"
+
+  # Cache npm (disimpan antar pipeline)
+  NPM_CACHE_DIR: "$CI_PROJECT_DIR/.npm"
+
+cache:
+  key: npm-cache
+  paths:
+    - .npm/
 
-# =====================================================
-# 🧱 BUILD IMAGE
-# =====================================================
 build-image:
   stage: build
-  image: docker:27.0.2
+  image: docker:27.0.3
   services:
     - docker:dind
-  variables:
-    DOCKER_TLS_CERTDIR: ""
-  script: |
-    echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
-    export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
-    echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
 
-    docker build \
-      --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
-      --build-arg NEXT_PUBLIC_SSO_LOGIN_URL=$NEXT_PUBLIC_SSO_LOGIN_URL \
-      --build-arg BUILD_MODE=$BUILD_MODE \
-      -t "$IMAGE_NAME:$TAG" \
-      -t "$IMAGE_NAME:$DEPLOY_ENV" .
-
-    echo "📦 Pushing images to registry..."
-    docker push "$IMAGE_NAME:$TAG"
-    docker push "$IMAGE_NAME:$DEPLOY_ENV"
-  only:
-    - development
-
-# =====================================================
-# 🧹 CLEANUP OLD IMAGES (KEEP 3)
-# =====================================================
-cleanup-registry:
-  stage: cleanup
-  image: alpine:3.20
-  script: |
-    apk add --no-cache curl jq
-    echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
-
-    TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
-      --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
-      "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
-
-    ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
-      "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
-      | jq -r ".tags | sort | reverse | .[${KEEP_IMAGES}:]" | jq -r '.[]')
-
-    for tag in $ALL_TAGS; do
-      echo "🗑️  Deleting old image tag: $tag"
-      DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
-        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
-      curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
-        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}" || true
-    done
-  only:
-    - development
-  when: always
-
-# =====================================================
-# 🚀 DEPLOY TO SERVER (VIA SSH)
-# =====================================================
-deploy:
-  stage: deploy
-  image: alpine:3.20
   before_script:
-    - apk add --no-cache openssh
-    - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
-    - chmod 600 ~/.ssh/id_rsa
-    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
-  script: |
-    echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
-    ssh $SERVER_USER@$SERVER_IP "
-      docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
-      docker pull $IMAGE_NAME:$DEPLOY_ENV &&
-      docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
-      docker image prune -f
-    "
-  only:
-    - development
\ No newline at end of file
+    - echo "🔐 Logging in to GitLab Container Registry..."
+    - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+
+  script:
+    - echo "🚧 Building optimized Docker image..."
+    - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/web-lti:latest -t "$IMAGE_NAME" .
+    - docker push "$IMAGE_NAME"
+
+    # 🧹 Keep only last 3 images (hapus yang lama)
+    - echo "🧹 Cleaning old images..."
+    - docker image prune -af --filter "until=72h"
+
+  after_script:
+    - echo "✅ Build complete: $IMAGE_NAME"
+
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "development"'
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index a7273724..f625ce73 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,56 +1,52 @@
 # ============================================================
-# 🏗️  Stage 1 — Builder
+# 🏗️ Stage 1 — Builder
 # ============================================================
 FROM node:20-alpine AS builder
 
-# Install hanya yang diperlukan untuk build
+# Install dependensi dasar
 RUN apk add --no-cache git bash build-base curl
 
 WORKDIR /app
 
-# Copy dependency list terlebih dahulu agar cache efektif
+# Copy dependencies terlebih dahulu agar cache efisien
 COPY package*.json ./
 
-# Gunakan npm ci (lebih cepat, konsisten)
-RUN npm ci --omit=dev
+# Pastikan npm up to date agar mendukung flag terbaru
+RUN npm install -g npm@11 && npm --version
 
-# Copy source code terakhir
+# Install dependency tanpa devDependencies (aman di semua npm versi)
+RUN npm ci --only=production
+
+# Copy seluruh source
 COPY . .
 
-# Buat config agar Next tahu mode static export
+# Buat konfigurasi output Next.js
 RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
 
-# Build Next.js tanpa Turbopack, lalu hapus cache npm
+# Build project (disable Turbopack agar tidak makan RAM)
 ENV NEXT_DISABLE_TURBOPACK=1
 RUN npx next build && npm cache clean --force
 
-# Tambahkan cache folder _next agar bisa dilayani oleh server
+# Siapkan folder static untuk serve
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
     cp -r public/assets .next/server/app/ || true
 
 # ============================================================
-# 🧱  Stage 2 — Runtime (super ringan)
+# 🧱 Stage 2 — Runtime
 # ============================================================
 FROM node:20-alpine AS runtime
 
-# Install hanya 1 dependency ringan untuk serving static file
-RUN npm install -g serve && apk add --no-cache tini
+RUN apk add --no-cache tini && npm install -g serve
 
 WORKDIR /app
 
-# Copy hasil build dari stage sebelumnya
 COPY --from=builder /app/.next/server/app ./server
-COPY --from=builder /app/.next/server/app/_next ./server/_next
 COPY --from=builder /app/public ./public
 
-# Set environment minimal
 ENV NODE_ENV=production
 ENV PORT=3000
 
 EXPOSE 3000
-
-# Jalankan lewat tini untuk handle signal & memory leak
 ENTRYPOINT ["/sbin/tini", "--"]
-
 CMD ["serve", "-s", "server", "-l", "3000"]
\ No newline at end of file

From a9620246c0277c76674fdb0adbbea58a04001dc0 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 08:05:11 +0000
Subject: [PATCH 05/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 9b13bb02..b7ad3839 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,15 +2,10 @@ stages:
   - build
 
 variables:
-  # 🔧 Aktifkan Docker BuildKit (build lebih cepat & caching layer)
   DOCKER_BUILDKIT: "1"
   COMPOSE_DOCKER_CLI_BUILD: "1"
   DOCKER_DRIVER: overlay2
-
-  # 🧠 Nama image (pakai commit short SHA)
   IMAGE_NAME: "$CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}"
-
-  # Cache npm (disimpan antar pipeline)
   NPM_CACHE_DIR: "$CI_PROJECT_DIR/.npm"
 
 cache:
@@ -25,20 +20,17 @@ build-image:
     - docker:dind
 
   before_script:
-    - echo "🔐 Logging in to GitLab Container Registry..."
+    - echo "Logging in to GitLab Container Registry..."
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
 
   script:
-    - echo "🚧 Building optimized Docker image..."
+    - echo "Building optimized Docker image..."
     - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/web-lti:latest -t "$IMAGE_NAME" .
     - docker push "$IMAGE_NAME"
-
-    # 🧹 Keep only last 3 images (hapus yang lama)
-    - echo "🧹 Cleaning old images..."
+    - echo "Cleaning old images (keep last 3)..."
     - docker image prune -af --filter "until=72h"
 
-  after_script:
-    - echo "✅ Build complete: $IMAGE_NAME"
+  after_script: "echo 'Build complete: $IMAGE_NAME'"
 
   rules:
     - if: '$CI_COMMIT_BRANCH == "development"'
\ No newline at end of file

From d3cc38aed52a938a818e42079844351f0b9e3ce1 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 15:15:26 +0700
Subject: [PATCH 06/14] edit Dockerfile

---
 Dockerfile | 45 +++++++++------------------------------------
 1 file changed, 9 insertions(+), 36 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f625ce73..f9a51e76 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,52 +1,25 @@
-# ============================================================
-# 🏗️ Stage 1 — Builder
-# ============================================================
-FROM node:20-alpine AS builder
+FROM node:20-alpine
 
-# Install dependensi dasar
 RUN apk add --no-cache git bash build-base curl
 
 WORKDIR /app
 
-# Copy dependencies terlebih dahulu agar cache efisien
 COPY package*.json ./
+RUN npm ci
 
-# Pastikan npm up to date agar mendukung flag terbaru
-RUN npm install -g npm@11 && npm --version
-
-# Install dependency tanpa devDependencies (aman di semua npm versi)
-RUN npm ci --only=production
-
-# Copy seluruh source
 COPY . .
 
-# Buat konfigurasi output Next.js
+# Buat config agar Next tahu output: export
 RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
 
-# Build project (disable Turbopack agar tidak makan RAM)
-ENV NEXT_DISABLE_TURBOPACK=1
-RUN npx next build && npm cache clean --force
+# Build project (Next.js 15 otomatis static export)
+RUN NEXT_DISABLE_TURBOPACK=1 npx next build
 
-# Siapkan folder static untuk serve
+# Pastikan folder static tersedia untuk URL _next/static
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
-    cp -r public/assets .next/server/app/ || true
-
-# ============================================================
-# 🧱 Stage 2 — Runtime
-# ============================================================
-FROM node:20-alpine AS runtime
-
-RUN apk add --no-cache tini && npm install -g serve
-
-WORKDIR /app
-
-COPY --from=builder /app/.next/server/app ./server
-COPY --from=builder /app/public ./public
-
-ENV NODE_ENV=production
-ENV PORT=3000
+    RUN cp -r public/* .next/server/app/
 
 EXPOSE 3000
-ENTRYPOINT ["/sbin/tini", "--"]
-CMD ["serve", "-s", "server", "-l", "3000"]
\ No newline at end of file
+
+CMD ["npx", "serve", ".next/server/app", "-l", "3000"]
\ No newline at end of file

From 73d2de6dfbffd861ef63561b6c1f1aa7e4cf05ad Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 15:21:15 +0700
Subject: [PATCH 07/14] edit Dockerfile

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index f9a51e76..752dbe35 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -18,7 +18,7 @@ RUN NEXT_DISABLE_TURBOPACK=1 npx next build
 # Pastikan folder static tersedia untuk URL _next/static
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
-    RUN cp -r public/* .next/server/app/
+    cp -r public/* .next/server/app/
 
 EXPOSE 3000
 

From f126e976fdfa5d096ad711e2720e844186a9a7af Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 08:34:51 +0000
Subject: [PATCH 08/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 41 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b7ad3839..603dc72d 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,6 @@
 stages:
   - build
+  - deploy
 
 variables:
   DOCKER_BUILDKIT: "1"
@@ -13,6 +14,9 @@ cache:
   paths:
     - .npm/
 
+# =========================
+# 🏗️ BUILD STAGE
+# =========================
 build-image:
   stage: build
   image: docker:27.0.3
@@ -25,12 +29,43 @@ build-image:
 
   script:
     - echo "Building optimized Docker image..."
-    - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/web-lti:latest -t "$IMAGE_NAME" .
+    - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest" -t "$IMAGE_NAME" .
     - docker push "$IMAGE_NAME"
-    - echo "Cleaning old images (keep last 3)..."
+    - echo "Cleaning old images..."
     - docker image prune -af --filter "until=72h"
 
-  after_script: "echo 'Build complete: $IMAGE_NAME'"
+  rules:
+    - if: '$CI_COMMIT_BRANCH == "development"'
+
+# =========================
+# 🚀 DEPLOY STAGE
+# =========================
+deploy-dev:
+  stage: deploy
+  image: alpine:3.20
+
+  before_script:
+    - echo "Installing dependencies..."
+    - apk add --no-cache openssh curl
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - eval $(ssh-agent -s)
+    - ssh-add ~/.ssh/id_rsa
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+
+  script:
+    - echo "Deploying image to $SERVER_USER@$SERVER_IP"
+    - >
+      ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
+        docker pull $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA} &&
+        docker stop dev-web-lti || true &&
+        docker rm dev-web-lti || true &&
+        docker run -d --name dev-web-lti \
+          --network dev-lti-network \
+          -p 3002:3000 \
+          $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}
+      "
 
   rules:
     - if: '$CI_COMMIT_BRANCH == "development"'
\ No newline at end of file

From b62427c5f450135f17fff9588e65e7fb79db63fd Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 16:08:22 +0700
Subject: [PATCH 09/14] update Dockerfile

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 752dbe35..a3a2e197 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@ RUN echo "const config = { output: 'export', images: { unoptimized: true } }; ex
 # Build project (Next.js 15 otomatis static export)
 RUN NEXT_DISABLE_TURBOPACK=1 npx next build
 
-# Pastikan folder static tersedia untuk URL _next/static
+# Copy static assets dan hasil build agar bisa diakses
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
     cp -r public/* .next/server/app/

From 32f202d814595340ac362afd6c18149c19adffe8 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 09:23:32 +0000
Subject: [PATCH 10/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 603dc72d..4291765e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,12 +3,25 @@ stages:
   - deploy
 
 variables:
+  # 🔧 Docker BuildKit lebih cepat
   DOCKER_BUILDKIT: "1"
   COMPOSE_DOCKER_CLI_BUILD: "1"
   DOCKER_DRIVER: overlay2
+
+  # 🧠 Tag image berdasarkan commit
   IMAGE_NAME: "$CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}"
+
+  # 📦 Cache npm antar pipeline
   NPM_CACHE_DIR: "$CI_PROJECT_DIR/.npm"
 
+  # 🌐 Environment default untuk Next.js
+  NODE_ENV: "production"
+  HUSKY_SKIP_INSTALL: "1"
+
+  # ⚙️ Inject ENV dari GitLab CI Variables ke Dockerfile
+  NEXT_PUBLIC_API_BASE_URL: "${NEXT_PUBLIC_API_BASE_URL}"
+  NEXT_PUBLIC_LTI_API_START_URL: "${NEXT_PUBLIC_LTI_API_START_URL}"
+
 cache:
   key: npm-cache
   paths:
@@ -24,14 +37,22 @@ build-image:
     - docker:dind
 
   before_script:
-    - echo "Logging in to GitLab Container Registry..."
+    - echo "🔐 Logging in to GitLab Container Registry..."
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
 
   script:
-    - echo "Building optimized Docker image..."
-    - docker build --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest" -t "$IMAGE_NAME" .
+    - echo "🚧 Building optimized Docker image..."
+    - >
+      docker build
+      --build-arg NEXT_PUBLIC_API_BASE_URL="$NEXT_PUBLIC_API_BASE_URL"
+      --build-arg NEXT_PUBLIC_LTI_API_START_URL="$NEXT_PUBLIC_LTI_API_START_URL"
+      --build-arg NODE_ENV="$NODE_ENV"
+      --build-arg HUSKY_SKIP_INSTALL="$HUSKY_SKIP_INSTALL"
+      --build-arg BUILDKIT_INLINE_CACHE=1
+      --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest"
+      -t "$IMAGE_NAME" .
     - docker push "$IMAGE_NAME"
-    - echo "Cleaning old images..."
+    - echo "🧹 Cleaning old images..."
     - docker image prune -af --filter "until=72h"
 
   rules:
@@ -45,7 +66,7 @@ deploy-dev:
   image: alpine:3.20
 
   before_script:
-    - echo "Installing dependencies..."
+    - echo "📦 Installing dependencies..."
     - apk add --no-cache openssh curl
     - mkdir -p ~/.ssh
     - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
@@ -55,7 +76,7 @@ deploy-dev:
     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
 
   script:
-    - echo "Deploying image to $SERVER_USER@$SERVER_IP"
+    - echo "🚀 Deploying image to $SERVER_USER@$SERVER_IP"
     - >
       ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
         docker pull $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA} &&

From e7592eb221131a65d97040a2ce31ca602e810fcd Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 09:48:13 +0000
Subject: [PATCH 11/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 63 +++++++++++++-------------------------------------
 1 file changed, 16 insertions(+), 47 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4291765e..8ee1e5f4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,33 +3,16 @@ stages:
   - deploy
 
 variables:
-  # 🔧 Docker BuildKit lebih cepat
   DOCKER_BUILDKIT: "1"
   COMPOSE_DOCKER_CLI_BUILD: "1"
   DOCKER_DRIVER: overlay2
-
-  # 🧠 Tag image berdasarkan commit
+  BUILDKIT_PROGRESS: plain
   IMAGE_NAME: "$CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}"
-
-  # 📦 Cache npm antar pipeline
-  NPM_CACHE_DIR: "$CI_PROJECT_DIR/.npm"
-
-  # 🌐 Environment default untuk Next.js
   NODE_ENV: "production"
   HUSKY_SKIP_INSTALL: "1"
-
-  # ⚙️ Inject ENV dari GitLab CI Variables ke Dockerfile
   NEXT_PUBLIC_API_BASE_URL: "${NEXT_PUBLIC_API_BASE_URL}"
   NEXT_PUBLIC_LTI_API_START_URL: "${NEXT_PUBLIC_LTI_API_START_URL}"
 
-cache:
-  key: npm-cache
-  paths:
-    - .npm/
-
-# =========================
-# 🏗️ BUILD STAGE
-# =========================
 build-image:
   stage: build
   image: docker:27.0.3
@@ -37,56 +20,42 @@ build-image:
     - docker:dind
 
   before_script:
-    - echo "🔐 Logging in to GitLab Container Registry..."
+    - echo "Login to registry"
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
 
   script:
-    - echo "🚧 Building optimized Docker image..."
-    - >
-      docker build
-      --build-arg NEXT_PUBLIC_API_BASE_URL="$NEXT_PUBLIC_API_BASE_URL"
-      --build-arg NEXT_PUBLIC_LTI_API_START_URL="$NEXT_PUBLIC_LTI_API_START_URL"
-      --build-arg NODE_ENV="$NODE_ENV"
-      --build-arg HUSKY_SKIP_INSTALL="$HUSKY_SKIP_INSTALL"
-      --build-arg BUILDKIT_INLINE_CACHE=1
-      --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest"
-      -t "$IMAGE_NAME" .
+    - docker build \
+        --build-arg NEXT_PUBLIC_API_BASE_URL="$NEXT_PUBLIC_API_BASE_URL" \
+        --build-arg NEXT_PUBLIC_LTI_API_START_URL="$NEXT_PUBLIC_LTI_API_START_URL" \
+        --build-arg NODE_ENV="$NODE_ENV" \
+        --build-arg HUSKY_SKIP_INSTALL="$HUSKY_SKIP_INSTALL" \
+        --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest" \
+        -t "$IMAGE_NAME" .
     - docker push "$IMAGE_NAME"
-    - echo "🧹 Cleaning old images..."
     - docker image prune -af --filter "until=72h"
 
+  after_script: "echo 'Build complete: $IMAGE_NAME' && docker system prune -af || true && docker volume prune -f || true"
+
   rules:
     - if: '$CI_COMMIT_BRANCH == "development"'
 
-# =========================
-# 🚀 DEPLOY STAGE
-# =========================
 deploy-dev:
   stage: deploy
   image: alpine:3.20
 
   before_script:
-    - echo "📦 Installing dependencies..."
     - apk add --no-cache openssh curl
     - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - echo \"$SSH_PRIVATE_KEY\" > ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
     - eval $(ssh-agent -s)
     - ssh-add ~/.ssh/id_rsa
-    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+    - ssh-keyscan -H \"$SERVER_IP\" >> ~/.ssh/known_hosts
 
   script:
-    - echo "🚀 Deploying image to $SERVER_USER@$SERVER_IP"
-    - >
-      ssh -o StrictHostKeyChecking=no "$SERVER_USER@$SERVER_IP" "
-        docker pull $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA} &&
-        docker stop dev-web-lti || true &&
-        docker rm dev-web-lti || true &&
-        docker run -d --name dev-web-lti \
-          --network dev-lti-network \
-          -p 3002:3000 \
-          $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}
-      "
+    - ssh -o StrictHostKeyChecking=no \"$SERVER_USER@$SERVER_IP\" \"docker stop dev-web-lti || true && docker rm dev-web-lti || true && docker pull $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA} && docker run -d --name dev-web-lti --network dev-lti-network -p 3002:3000 $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}\"
+
+  after_script: "echo 'Deploy finished for $IMAGE_NAME'"
 
   rules:
     - if: '$CI_COMMIT_BRANCH == "development"'
\ No newline at end of file

From f14adc46d389a650164bac415c734a700bd8d8c1 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 09:50:29 +0000
Subject: [PATCH 12/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8ee1e5f4..d161aff3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -24,15 +24,16 @@ build-image:
     - echo "$CI_REGISTRY_PASSWORD" | docker login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
 
   script:
-    - docker build \
-        --build-arg NEXT_PUBLIC_API_BASE_URL="$NEXT_PUBLIC_API_BASE_URL" \
-        --build-arg NEXT_PUBLIC_LTI_API_START_URL="$NEXT_PUBLIC_LTI_API_START_URL" \
-        --build-arg NODE_ENV="$NODE_ENV" \
-        --build-arg HUSKY_SKIP_INSTALL="$HUSKY_SKIP_INSTALL" \
-        --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest" \
-        -t "$IMAGE_NAME" .
-    - docker push "$IMAGE_NAME"
-    - docker image prune -af --filter "until=72h"
+  - |
+    docker build \
+      --build-arg NEXT_PUBLIC_API_BASE_URL="$NEXT_PUBLIC_API_BASE_URL" \
+      --build-arg NEXT_PUBLIC_LTI_API_START_URL="$NEXT_PUBLIC_LTI_API_START_URL" \
+      --build-arg NODE_ENV="$NODE_ENV" \
+      --build-arg HUSKY_SKIP_INSTALL="$HUSKY_SKIP_INSTALL" \
+      --cache-from "$CI_REGISTRY_IMAGE/web-lti:latest" \
+      -t "$IMAGE_NAME" .
+  - docker push "$IMAGE_NAME"
+  - docker image prune -af --filter "until=72h"
 
   after_script: "echo 'Build complete: $IMAGE_NAME' && docker system prune -af || true && docker volume prune -f || true"
 

From 773aa2dbb1df3566237f27deabbda3615c577d71 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 10:10:19 +0000
Subject: [PATCH 13/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d161aff3..d5145dfc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -45,13 +45,13 @@ deploy-dev:
   image: alpine:3.20
 
   before_script:
-    - apk add --no-cache openssh curl
-    - mkdir -p ~/.ssh
-    - echo \"$SSH_PRIVATE_KEY\" > ~/.ssh/id_rsa
-    - chmod 600 ~/.ssh/id_rsa
-    - eval $(ssh-agent -s)
-    - ssh-add ~/.ssh/id_rsa
-    - ssh-keyscan -H \"$SERVER_IP\" >> ~/.ssh/known_hosts
+  - apk add --no-cache openssh curl
+  - mkdir -p ~/.ssh
+  - printf "%b" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+  - chmod 600 ~/.ssh/id_rsa
+  - eval $(ssh-agent -s)
+  - ssh-add ~/.ssh/id_rsa
+  - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
 
   script:
     - ssh -o StrictHostKeyChecking=no \"$SERVER_USER@$SERVER_IP\" \"docker stop dev-web-lti || true && docker rm dev-web-lti || true && docker pull $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA} && docker run -d --name dev-web-lti --network dev-lti-network -p 3002:3000 $CI_REGISTRY_IMAGE/web-lti:development_${CI_COMMIT_SHORT_SHA}\"

From 13d57c206bb5c9e861f0493096fc67a6703b60f5 Mon Sep 17 00:00:00 2001
From: kris <cristian.anggita.parjaman@gmail.com>
Date: Sun, 9 Nov 2025 10:21:06 +0000
Subject: [PATCH 14/14] Update .gitlab-ci.yml file

---
 .gitlab-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d5145dfc..f829f049 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -47,7 +47,7 @@ deploy-dev:
   before_script:
   - apk add --no-cache openssh curl
   - mkdir -p ~/.ssh
-  - printf "%b" "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+  - echo "$SSH_PRIVATE_KEY" | base64 -d > ~/.ssh/id_rsa
   - chmod 600 ~/.ssh/id_rsa
   - eval $(ssh-agent -s)
   - ssh-add ~/.ssh/id_rsa