From 8a11c176aa03c16b42b742165cfe339f46427da1 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 14:21:58 +0700
Subject: [PATCH 1/2] build docker via gitlab

---
 .gitlab-ci.yml      | 164 +++++++++++++++++++++++++-------------------
 Dockerfile          |  24 +++++++
 docker-compose.yaml |  39 +++++++++++
 3 files changed, 158 insertions(+), 69 deletions(-)
 create mode 100644 Dockerfile
 create mode 100644 docker-compose.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index efda72f0..d9db48d3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,76 +1,102 @@
-stages: [notify]
+stages:
+  - build
+  - cleanup
+  - deploy
 
-# --- Notify when MR is opened/updated ---
-notify_discord_mr:
-  stage: notify
-  image: alpine:3.20
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+variables:
+  DOCKER_DRIVER: overlay2
+  IMAGE_NAME: "${CI_REGISTRY_IMAGE}/web-lti"
+  DEPLOY_ENV: development
+  KEEP_IMAGES: 3
+  BUILD_MODE: static
+
+# =====================================================
+# 🔑 AUTH TO REGISTRY
+# =====================================================
+before_script:
+  - echo "🔐 Logging in to GitLab Container Registry..."
+  - echo "$GITLAB_TOKEN" | docker login -u "$GITLAB_USER" --password-stdin "$CI_REGISTRY"
+
+# =====================================================
+# 🧱 BUILD IMAGE
+# =====================================================
+build-image:
+  stage: build
+  image: docker:27.0.2
+  services:
+    - docker:dind
   variables:
-    WEBHOOK_URL: $DISCORD_WEBHOOK_URL
-  before_script:
-    - apk add --no-cache curl jq
-  script: |
-    MR_URL="${CI_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}"
+    DOCKER_TLS_CERTDIR: ""
+  script:
+    - echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
 
-    jq -n \
-      --arg repo "$CI_PROJECT_PATH" \
-      --arg mr "#${CI_MERGE_REQUEST_IID}" \
-      --arg url "$MR_URL" \
-      --arg requestor "${GITLAB_USER_LOGIN:-$GITLAB_USER_NAME}" \
-      --arg source "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" \
-      --arg target "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" \
-      --arg title "$CI_MERGE_REQUEST_TITLE" \
-      '{
-        username: "CI Bot - FE",
-        embeds: [{
-          title: "📣 [LTI WEB CLIENT] Merge Request Opened/Updated",
-          description: ($mr + " in " + $repo),
-          url: $url,
-          color: 3447003,
-          fields: [
-            {name: "Author", value: $requestor, inline: true},
-            {name: "Source → Target", value: ($source + " → " + $target), inline: true},
-            {name: "Title", value: $title}
-          ]
-        }]
-      }' \
-      | curl -sS -H "Content-Type: application/json" -d @- "$WEBHOOK_URL"
+    # Tag format: web-lti:development_<commit>
+    - export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
 
-# --- Notify when MR is merged ---
-notify_discord_merge:
-  stage: notify
+    - echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
+    - docker build \
+        --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
+        --build-arg NEXT_PUBLIC_LTI_API_START_URL=$NEXT_PUBLIC_LTI_API_START_URL \
+        --build-arg NEXT_PUBLIC_LTI_CLIENT_ID=$NEXT_PUBLIC_LTI_CLIENT_ID \
+        --build-arg BUILD_MODE=$BUILD_MODE \
+        -t "$IMAGE_NAME:$TAG" \
+        -t "$IMAGE_NAME:$DEPLOY_ENV" .
+
+    - echo "📦 Pushing images to registry..."
+    - docker push "$IMAGE_NAME:$TAG"
+    - docker push "$IMAGE_NAME:$DEPLOY_ENV"
+  only:
+    - development
+
+# =====================================================
+# 🧹 CLEANUP OLD IMAGES (KEEP 3)
+# =====================================================
+cleanup-registry:
+  stage: cleanup
   image: alpine:3.20
-  rules:
-    # Only run for merge request pipelines that are in merged state
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_STATE == "merged"'
-  variables:
-    WEBHOOK_URL: $DISCORD_WEBHOOK_URL
-  before_script:
+  script:
     - apk add --no-cache curl jq
-  script: |
-    MR_URL="${CI_PROJECT_URL}/-/merge_requests/${CI_MERGE_REQUEST_IID}"
+    - echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
 
-    jq -n \
-      --arg repo "$CI_PROJECT_PATH" \
-      --arg mr "#${CI_MERGE_REQUEST_IID}" \
-      --arg url "$MR_URL" \
-      --arg requestor "${CI_MERGE_REQUEST_AUTHOR}" \
-      --arg source "$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME" \
-      --arg target "$CI_MERGE_REQUEST_TARGET_BRANCH_NAME" \
-      --arg title "$CI_MERGE_REQUEST_TITLE" \
-      '{
-        username: "CI Bot - FE",
-        embeds: [{
-          title: "✅ [LTI WEB CLIENT] Merge Request Merged",
-          description: ($mr + " has been merged into " + $repo),
-          url: $url,
-          color: 3066993,
-          fields: [
-            {name: "Author", value: $requestor, inline: true},
-            {name: "Source → Target", value: ($source + " → " + $target), inline: true},
-            {name: "Title", value: $title}
-          ]
-        }]
-      }' \
-      | curl -sS -H "Content-Type: application/json" -d @- "$WEBHOOK_URL"
+    - TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
+        --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
+        "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
+
+    - ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
+        | jq -r '.tags | sort | reverse | .['$KEEP_IMAGES':] | @sh' | tr -d "'")
+
+    - |
+      for tag in $ALL_TAGS; do
+        echo "🗑️  Deleting old image tag: $tag"
+        DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
+          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
+        curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
+          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}"
+      done
+  only:
+    - development
+  when: always
+
+# =====================================================
+# 🚀 DEPLOY TO SERVER (VIA SSH)
+# =====================================================
+deploy:
+  stage: deploy
+  image: alpine:3.20
+  before_script:
+    - apk add --no-cache openssh
+    - mkdir -p ~/.ssh
+    - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
+    - chmod 600 ~/.ssh/id_rsa
+    - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
+  script:
+    - echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
+    - ssh $SERVER_USER@$SERVER_IP "
+        docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
+        docker pull $IMAGE_NAME:$DEPLOY_ENV &&
+        docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
+        docker image prune -f
+      "
+  only:
+    - development
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..26f41276
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,24 @@
+FROM node:20-alpine
+
+RUN apk add --no-cache git bash build-base curl
+
+WORKDIR /app
+
+COPY package*.json ./
+RUN npm ci
+
+COPY . .
+
+# Buat config agar Next tahu output: export
+RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
+
+# Build project (Next.js 15 otomatis static export)
+RUN NEXT_DISABLE_TURBOPACK=1 npx next build
+
+# Pastikan folder static tersedia untuk URL _next/static
+RUN mkdir -p .next/server/app/_next && \
+    cp -r .next/static .next/server/app/_next/static && \
+    cp -r public/assets .next/server/app/
+
+EXPOSE 3000
+CMD ["npx", "serve", ".next/server/app", "-l", "3000"]
\ No newline at end of file
diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 00000000..8d658170
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,39 @@
+version: "3.9"
+
+services:
+  dev-web-lti:
+    container_name: dev-web-lti
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "3002:3000"
+    env_file:
+      - .env
+    environment:
+      NODE_ENV: production
+      APP_ENV: production
+    networks:
+      - dev-lti-network
+    restart: always
+    deploy:
+      resources:
+        limits:
+          cpus: "3.0"
+          memory: 3G
+        reservations:
+          cpus: "1.0"
+          memory: 512M
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    # Optional: aktifkan healthcheck jika punya endpoint
+    # healthcheck:
+    #   test: ["CMD-SHELL", "curl -fsS http://localhost:3000/api/healthz || exit 1"]
+    #   interval: 10s
+    #   timeout: 3s
+    #   retries: 10
+    #   start_period: 15s
+
+networks:
+  dev-lti-network:
+    external: true
\ No newline at end of file

From 52e8fb4a3bfd1e82be1d24081ecb83e1e31f6b19 Mon Sep 17 00:00:00 2001
From: GitLab Deploy Bot <deploy@mbugroup.id>
Date: Sun, 9 Nov 2025 14:44:58 +0700
Subject: [PATCH 2/2] build with tag docker

---
 .gitlab-ci.yml | 81 +++++++++++++++++++++++---------------------------
 Dockerfile     | 48 +++++++++++++++++++++++++-----
 2 files changed, 77 insertions(+), 52 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d9db48d3..0bbd68bb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,9 +10,6 @@ variables:
   KEEP_IMAGES: 3
   BUILD_MODE: static
 
-# =====================================================
-# 🔑 AUTH TO REGISTRY
-# =====================================================
 before_script:
   - echo "🔐 Logging in to GitLab Container Registry..."
   - echo "$GITLAB_TOKEN" | docker login -u "$GITLAB_USER" --password-stdin "$CI_REGISTRY"
@@ -27,24 +24,21 @@ build-image:
     - docker:dind
   variables:
     DOCKER_TLS_CERTDIR: ""
-  script:
-    - echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
+  script: |
+    echo "🚀 Building Docker image for ${DEPLOY_ENV} branch..."
+    export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
+    echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
 
-    # Tag format: web-lti:development_<commit>
-    - export TAG="${DEPLOY_ENV}_${CI_COMMIT_SHORT_SHA}"
+    docker build \
+      --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
+      --build-arg NEXT_PUBLIC_SSO_LOGIN_URL=$NEXT_PUBLIC_SSO_LOGIN_URL \
+      --build-arg BUILD_MODE=$BUILD_MODE \
+      -t "$IMAGE_NAME:$TAG" \
+      -t "$IMAGE_NAME:$DEPLOY_ENV" .
 
-    - echo "🧱 Tagging image as: $IMAGE_NAME:$TAG"
-    - docker build \
-        --build-arg NEXT_PUBLIC_API_BASE_URL=$NEXT_PUBLIC_API_BASE_URL \
-        --build-arg NEXT_PUBLIC_LTI_API_START_URL=$NEXT_PUBLIC_LTI_API_START_URL \
-        --build-arg NEXT_PUBLIC_LTI_CLIENT_ID=$NEXT_PUBLIC_LTI_CLIENT_ID \
-        --build-arg BUILD_MODE=$BUILD_MODE \
-        -t "$IMAGE_NAME:$TAG" \
-        -t "$IMAGE_NAME:$DEPLOY_ENV" .
-
-    - echo "📦 Pushing images to registry..."
-    - docker push "$IMAGE_NAME:$TAG"
-    - docker push "$IMAGE_NAME:$DEPLOY_ENV"
+    echo "📦 Pushing images to registry..."
+    docker push "$IMAGE_NAME:$TAG"
+    docker push "$IMAGE_NAME:$DEPLOY_ENV"
   only:
     - development
 
@@ -54,26 +48,25 @@ build-image:
 cleanup-registry:
   stage: cleanup
   image: alpine:3.20
-  script:
-    - apk add --no-cache curl jq
-    - echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
+  script: |
+    apk add --no-cache curl jq
+    echo "🧹 Cleaning up old images (keeping ${KEEP_IMAGES})..."
 
-    - TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
-        --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
-        "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
+    TOKEN=$(curl --silent --request POST --header "Content-Type: application/json" \
+      --data "{\"login\": \"$GITLAB_USER\", \"password\": \"$GITLAB_TOKEN\"}" \
+      "${CI_REGISTRY}/jwt/auth" | jq -r '.token')
 
-    - ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
-        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
-        | jq -r '.tags | sort | reverse | .['$KEEP_IMAGES':] | @sh' | tr -d "'")
+    ALL_TAGS=$(curl --silent --header "Authorization: Bearer $TOKEN" \
+      "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/tags/list" \
+      | jq -r ".tags | sort | reverse | .[${KEEP_IMAGES}:]" | jq -r '.[]')
 
-    - |
-      for tag in $ALL_TAGS; do
-        echo "🗑️  Deleting old image tag: $tag"
-        DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
-          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
-        curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
-          "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}"
-      done
+    for tag in $ALL_TAGS; do
+      echo "🗑️  Deleting old image tag: $tag"
+      DIGEST=$(curl --silent -H "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/$tag" | jq -r '.config.digest')
+      curl --silent -X DELETE -H "Authorization: Bearer $TOKEN" \
+        "${CI_REGISTRY}/v2/${CI_PROJECT_PATH}/web-lti/manifests/${DIGEST}" || true
+    done
   only:
     - development
   when: always
@@ -90,13 +83,13 @@ deploy:
     - echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
     - ssh-keyscan -H "$SERVER_IP" >> ~/.ssh/known_hosts
-  script:
-    - echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
-    - ssh $SERVER_USER@$SERVER_IP "
-        docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
-        docker pull $IMAGE_NAME:$DEPLOY_ENV &&
-        docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
-        docker image prune -f
-      "
+  script: |
+    echo "🚀 Deploying $IMAGE_NAME:$DEPLOY_ENV to $SERVER_USER@$SERVER_IP"
+    ssh $SERVER_USER@$SERVER_IP "
+      docker login -u '$GITLAB_USER' -p '$GITLAB_TOKEN' $CI_REGISTRY &&
+      docker pull $IMAGE_NAME:$DEPLOY_ENV &&
+      docker compose -f /home/devops/docker/deployment/development/compose/docker-compose.web-lti.yaml up -d dev-web-lti &&
+      docker image prune -f
+    "
   only:
     - development
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 26f41276..a7273724 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,24 +1,56 @@
-FROM node:20-alpine
+# ============================================================
+# 🏗️  Stage 1 — Builder
+# ============================================================
+FROM node:20-alpine AS builder
 
+# Install hanya yang diperlukan untuk build
 RUN apk add --no-cache git bash build-base curl
 
 WORKDIR /app
 
+# Copy dependency list terlebih dahulu agar cache efektif
 COPY package*.json ./
-RUN npm ci
 
+# Gunakan npm ci (lebih cepat, konsisten)
+RUN npm ci --omit=dev
+
+# Copy source code terakhir
 COPY . .
 
-# Buat config agar Next tahu output: export
+# Buat config agar Next tahu mode static export
 RUN echo "const config = { output: 'export', images: { unoptimized: true } }; export default config;" > next.config.mjs
 
-# Build project (Next.js 15 otomatis static export)
-RUN NEXT_DISABLE_TURBOPACK=1 npx next build
+# Build Next.js tanpa Turbopack, lalu hapus cache npm
+ENV NEXT_DISABLE_TURBOPACK=1
+RUN npx next build && npm cache clean --force
 
-# Pastikan folder static tersedia untuk URL _next/static
+# Tambahkan cache folder _next agar bisa dilayani oleh server
 RUN mkdir -p .next/server/app/_next && \
     cp -r .next/static .next/server/app/_next/static && \
-    cp -r public/assets .next/server/app/
+    cp -r public/assets .next/server/app/ || true
+
+# ============================================================
+# 🧱  Stage 2 — Runtime (super ringan)
+# ============================================================
+FROM node:20-alpine AS runtime
+
+# Install hanya 1 dependency ringan untuk serving static file
+RUN npm install -g serve && apk add --no-cache tini
+
+WORKDIR /app
+
+# Copy hasil build dari stage sebelumnya
+COPY --from=builder /app/.next/server/app ./server
+COPY --from=builder /app/.next/server/app/_next ./server/_next
+COPY --from=builder /app/public ./public
+
+# Set environment minimal
+ENV NODE_ENV=production
+ENV PORT=3000
 
 EXPOSE 3000
-CMD ["npx", "serve", ".next/server/app", "-l", "3000"]
\ No newline at end of file
+
+# Jalankan lewat tini untuk handle signal & memory leak
+ENTRYPOINT ["/sbin/tini", "--"]
+
+CMD ["serve", "-s", "server", "-l", "3000"]
\ No newline at end of file