From 8f86294312520fb40277dd3feeca7d8869cc31c1 Mon Sep 17 00:00:00 2001
From: Elio Bischof <elio@zitadel.com>
Date: Thu, 5 Jun 2025 10:59:20 +0200
Subject: [PATCH] bake

---
 .dockerignore                        |  4 +--
 Dockerfile                           | 18 -------------
 apps/login/package.json              | 28 +++++++++----------
 bake/base.Dockerfile                 | 30 +++++++++++++++++++++
 bake/login-for-docker.Dockerfile     | 24 +++++++++++++++++
 bake/proto.Dockerfile                |  4 +++
 docker-bake.hcl                      | 37 +++++++++++++++++++++++++
 package.json                         | 40 ++++++++++++++--------------
 packages/zitadel-client/package.json |  8 +++---
 packages/zitadel-proto/package.json  |  2 +-
 10 files changed, 136 insertions(+), 59 deletions(-)
 delete mode 100644 Dockerfile
 create mode 100644 bake/base.Dockerfile
 create mode 100644 bake/login-for-docker.Dockerfile
 create mode 100644 bake/proto.Dockerfile
 create mode 100644 docker-bake.hcl

diff --git a/.dockerignore b/.dockerignore
index b328b97284..85dcc16df6 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,2 @@
-/*
-!/docker
+.git
+node_modules
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index 65f3326053..0000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,18 +0,0 @@
-FROM node:20-alpine
-
-WORKDIR /app
-
-RUN addgroup --system --gid 1001 nodejs
-RUN adduser --system --uid 1001 nextjs
-
-# If /.env-file/.env is mounted into the container, its variables are made available to the server before it starts up.
-RUN mkdir -p /.env-file && touch /.env-file/.env && chown -R nextjs:nodejs /.env-file
-
-COPY --chown=nextjs:nodejs ./docker/apps/login/.next/standalone ./
-COPY --chown=nextjs:nodejs ./docker/apps/login/.next/static ./apps/login/.next/static
-COPY --chown=nextjs:nodejs ./docker/apps/login/public ./apps/login/public
-
-USER nextjs
-ENV HOSTNAME="0.0.0.0"
-
-CMD ["/bin/sh", "-c", " set -o allexport && . /.env-file/.env && set +o allexport && node apps/login/server.js"]
diff --git a/apps/login/package.json b/apps/login/package.json
index b8afa2007f..d9573db8dd 100644
--- a/apps/login/package.json
+++ b/apps/login/package.json
@@ -3,30 +3,30 @@
   "private": true,
   "type": "module",
   "scripts": {
-    "dev": "next dev --turbopack",
-    "test": "concurrently --timings --kill-others-on-fail 'npm:test:unit' 'npm:test:integration'",
-    "test:watch": "concurrently --kill-others 'npm:test:unit:watch' 'npm:test:integration:watch'",
-    "test:unit": "vitest",
+    "dev": "pnpm exec next dev --turbopack",
+    "test": "pnpm exec concurrently --timings --kill-others-on-fail 'npm:test:unit' 'npm:test:integration'",
+    "test:watch": "cpnpm exec oncurrently --kill-others 'npm:test:unit:watch' 'npm:test:integration:watch'",
+    "test:unit": "pnpm exec vitest",
     "test:unit:watch": "pnpm test:unit --watch",
-    "test:integration": "pnpm mock:build && concurrently --names 'mock,test' --success command-test --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test start http://localhost:3000 \"test:integration:run\"'",
-    "test:integration:watch:run": "concurrently --names 'mock,test' --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test dev http://localhost:3000 \"pnpm nodemon -e js,jsx,ts,tsx,css,scss --ignore \\\"__test__/**\\\" --exec \\\"pnpm test:integration:run\\\"\"'",
-    "test:integration:watch:open": "concurrently --names 'mock,test' --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test dev http://localhost:3000 \"pnpm nodemon -e js,jsx,ts,tsx,css,scss --ignore \\\"__test__/**\\\" --exec \\\"pnpm test:integration:open\\\"\"'",
-    "test:integration:run": "cypress run --config-file ./cypress/cypress.config.ts --quiet",
-    "test:integration:open": "cypress open --config-file ./cypress/cypress.config.ts",
+    "test:integration": "pnpm mock:build && pnpm exec concurrently --names 'mock,test' --success command-test --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test start http://localhost:3000 \"test:integration:run\"'",
+    "test:integration:watch:run": "pnpm exec concurrently --names 'mock,test' --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test dev http://localhost:3000 \"pnpm nodemon -e js,jsx,ts,tsx,css,scss --ignore \\\"__test__/**\\\" --exec \\\"pnpm test:integration:run\\\"\"'",
+    "test:integration:watch:open": "pnpm exec concurrently --names 'mock,test' --kill-others 'pnpm:mock' 'env-cmd -f ./.env.integration start-server-and-test dev http://localhost:3000 \"pnpm nodemon -e js,jsx,ts,tsx,css,scss --ignore \\\"__test__/**\\\" --exec \\\"pnpm test:integration:open\\\"\"'",
+    "test:integration:run": "pnpm exec cypress run --config-file ./cypress/cypress.config.ts --quiet",
+    "test:integration:open": "pnpm exec cypress open --config-file ./cypress/cypress.config.ts",
     "mock": "pnpm mock:build && pnpm mock:run",
     "mock:run": "pnpm mock:stop && docker run --rm --name zitadel-mock-grpc-server --publish 22220:22220 --publish 22222:22222 zitadel-mock-grpc-server",
     "mock:build": "DOCKER_BUILDKIT=1 docker build --tag zitadel-mock-grpc-server ./mock",
     "mock:build:nocache": "pnpm mock:build --no-cache",
     "mock:stop": "docker rm --force zitadel-mock-grpc-server 2>/dev/null || true",
     "mock:destroy": "docker rmi --force zitadel-mock-grpc-server 2>/dev/null || true",
-    "lint": "next lint && prettier --check .",
-    "lint:fix": "prettier --write .",
+    "lint": "pnpm exec next lint && pnpm exec prettier --check .",
+    "lint:fix": "pnpm exec prettier --write .",
     "lint-staged": "lint-staged",
-    "build": "next build",
+    "build": "pnpm exec next build",
     "build:standalone": "NEXT_OUTPUT_MODE=standalone pnpm build",
     "prestart": "pnpm build",
-    "start": "next start",
-    "start:built": "next start",
+    "start": "pnpm exec next start",
+    "start:built": "pnpm exec next start",
     "clean": "pnpm mock:destroy && rm -rf .turbo && rm -rf node_modules && rm -rf .next"
   },
   "git": {
diff --git a/bake/base.Dockerfile b/bake/base.Dockerfile
new file mode 100644
index 0000000000..fd2b61653c
--- /dev/null
+++ b/bake/base.Dockerfile
@@ -0,0 +1,30 @@
+# BUILD STAGE
+FROM node:20-alpine
+
+WORKDIR /app
+
+RUN apk add --no-cache libc6-compat bash git
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+# Copy remote turbo.json config for pruning
+COPY turbo.json ./
+COPY .npmrc ./
+
+# pnpm store + turbo build cache
+RUN mkdir -p .pnpm-store .next
+
+# Copy just lockfile & manifests for better cache-hit
+COPY package.json pnpm-lock.yaml pnpm-workspace.yaml ./
+COPY packages/zitadel-client/package.json ./packages/zitadel-client/
+COPY packages/zitadel-eslint-config/package.json ./packages/zitadel-eslint-config/
+COPY packages/zitadel-prettier-config/package.json ./packages/zitadel-prettier-config/
+COPY packages/zitadel-proto/package.json ./packages/zitadel-proto/
+COPY packages/zitadel-tailwind-config/package.json ./packages/zitadel-tailwind-config/
+COPY packages/zitadel-tsconfig/package.json ./packages/zitadel-tsconfig/
+COPY apps/login/package.json ./apps/login/
+
+RUN --mount=type=cache,target=/app/.pnpm-store \
+    pnpm install --frozen-lockfile --store-dir .pnpm-store
+
+# Full source
+COPY . .
diff --git a/bake/login-for-docker.Dockerfile b/bake/login-for-docker.Dockerfile
new file mode 100644
index 0000000000..38df779127
--- /dev/null
+++ b/bake/login-for-docker.Dockerfile
@@ -0,0 +1,24 @@
+# BUILD STAGE
+FROM proto AS build-for-docker
+
+RUN NEXT_PUBLIC_BASE_PATH=/ui/v2/login pnpm build:docker
+
+# RUNTIME
+FROM node:20-alpine
+
+WORKDIR /app
+
+RUN addgroup --system --gid 1001 nodejs && \
+    adduser --system --uid 1001 nextjs
+
+# If /.env-file/.env is mounted into the container, its variables are made available to the server before it starts up.
+RUN mkdir -p /.env-file && touch /.env-file/.env && chown -R nextjs:nodejs /.env-file
+
+COPY --chown=nextjs:nodejs --from=build-for-docker /app/docker/apps/login/.next/standalone ./
+COPY --chown=nextjs:nodejs --from=build-for-docker /app/docker/apps/login/.next/static ./apps/login/.next/static
+COPY --chown=nextjs:nodejs --from=build-for-docker /app/docker/apps/login/public ./apps/login/public
+
+USER nextjs
+ENV HOSTNAME="0.0.0.0"
+
+CMD ["/bin/sh", "-c", " set -o allexport && . /.env-file/.env && set +o allexport && node apps/login/server.js"]
diff --git a/bake/proto.Dockerfile b/bake/proto.Dockerfile
new file mode 100644
index 0000000000..da4f241504
--- /dev/null
+++ b/bake/proto.Dockerfile
@@ -0,0 +1,4 @@
+# BUILD STAGE
+FROM base
+
+RUN pnpm generate
diff --git a/docker-bake.hcl b/docker-bake.hcl
new file mode 100644
index 0000000000..289b6ce8d7
--- /dev/null
+++ b/docker-bake.hcl
@@ -0,0 +1,37 @@
+variable "tags" {
+  default = ["zitadel-login:local"]
+}
+
+variable "login-context" {
+  default = "."
+}
+
+group "default" {
+  targets = ["login-docker-image"]
+}
+
+target "typescript-base" {
+    context = "${login-context}"
+    dockerfile = "bake/base.Dockerfile"
+}
+
+target "proto" {
+  context = "${login-context}"
+  dockerfile = "bake/proto.Dockerfile"
+  output = ["type=local,dest=./packages/zitadel-proto"]
+  contexts = {
+    base = "target:typescript-base"
+  }
+}
+
+target "login-docker-image" {
+  context = "${login-context}"
+  dockerfile = "bake/login-for-docker.Dockerfile"
+  tags = "${tags}"
+  args = {
+    NODE_ENV = "production"
+  }
+  contexts = {
+    proto = "target:proto"
+  }
+}
diff --git a/package.json b/package.json
index c96663b83d..4d2ee088ab 100644
--- a/package.json
+++ b/package.json
@@ -3,27 +3,27 @@
   "private": true,
   "name": "typescript-monorepo",
   "scripts": {
-    "generate": "turbo run generate",
-    "build": "turbo run build",
-    "build:docker": "rm -rf ./out ./docker && turbo run build --filter=./packages/zitadel-client && turbo prune @zitadel/login --docker && mkdir -p ./docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && turbo run build:standalone && cd ..",
-    "build:packages": "turbo run build --filter=./packages/*",
-    "build:apps": "turbo run build --filter=./apps/*",
-    "test": "turbo run test",
-    "start": "turbo run start",
-    "start:built": "turbo run start:built",
-    "test:unit": "turbo run test:unit -- --passWithNoTests",
-    "test:integration": "turbo run test:integration",
+    "generate": "pnpm exec turbo run generate",
+    "build": "pnpm exec turbo run build",
+    "build:docker": "rm -rf ./out ./docker && pnpm exec turbo run build --filter=./packages/zitadel-client && pnpm exec turbo prune @zitadel/login --docker && mkdir -p ./docker && cd ./docker && cp -r ../out/json/* . && pnpm install --frozen-lockfile && cp -r ../out/full/* . && pnpm exec turbo run build:standalone && cd ..",
+    "build:packages": "pnpm exec turbo run build --filter=./packages/*",
+    "build:apps": "pnpm exec turbo run build --filter=./apps/*",
+    "test": "pnpm exec turbo run test",
+    "start": "pnpm exec turbo run start",
+    "start:built": "pnpm exec turbo run start:built",
+    "test:unit": "pnpm exec turbo run test:unit -- --passWithNoTests",
+    "test:integration": "pnpm exec turbo run test:integration",
     "test:acceptance": "pnpm exec playwright test",
-    "test:watch": "turbo run test:watch",
-    "dev": "turbo run dev --no-cache --continue",
-    "lint": "turbo run lint",
-    "lint:fix": "turbo run lint:fix",
-    "clean": "turbo run clean && rm -rf node_modules",
-    "format:fix": "prettier --write \"**/*.{ts,tsx,md}\"",
-    "format": "prettier --check \"**/*.{ts,tsx,md}\"",
-    "changeset": "changeset",
-    "version-packages": "changeset version",
-    "release": "turbo run build --filter=login^... && changeset publish",
+    "test:watch": "pnpm exec turbo run test:watch",
+    "dev": "pnpm exec turbo run dev --no-cache --continue",
+    "lint": "pnpm exec turbo run lint",
+    "lint:fix": "pnpm exec turbo run lint:fix",
+    "clean": "pnpm exec turbo run clean && rm -rf node_modules",
+    "format:fix": "pnpm exec prettier --write \"**/*.{ts,tsx,md}\"",
+    "format": "pnpm exec prettier --check \"**/*.{ts,tsx,md}\"",
+    "changeset": "pnpm exec changeset",
+    "version-packages": "pnpm exec changeset version",
+    "release": "pnpm exec turbo run build --filter=login^... && pnpm exec changeset publish",
     "run-zitadel": "docker compose -f ./acceptance/docker-compose.yaml run setup",
     "run-sink": "docker compose -f ./acceptance/docker-compose.yaml up -d sink",
     "run-samlsp": "docker compose -f ./acceptance/saml/docker-compose.yaml up -d",
diff --git a/packages/zitadel-client/package.json b/packages/zitadel-client/package.json
index a47e3e56e9..973176c170 100644
--- a/packages/zitadel-client/package.json
+++ b/packages/zitadel-client/package.json
@@ -43,12 +43,12 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "build": "tsup",
+    "build": "pnpm exec tsup",
     "test": "pnpm test:unit",
     "test:watch": "pnpm test:unit:watch",
-    "test:unit": "vitest",
-    "test:unit:watch": "vitest --watch",
-    "dev": "tsup --watch --dts",
+    "test:unit": "pnpm exec vitest",
+    "test:unit:watch": "pnpm exec vitest --watch",
+    "dev": "pnpm exec tsup --watch --dts",
     "lint": "eslint \"src/**/*.ts*\"",
     "clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist"
   },
diff --git a/packages/zitadel-proto/package.json b/packages/zitadel-proto/package.json
index 61ef296616..2c60bced4b 100644
--- a/packages/zitadel-proto/package.json
+++ b/packages/zitadel-proto/package.json
@@ -14,7 +14,7 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "generate": "buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel",
+    "generate": "pnpm exec buf generate https://github.com/zitadel/zitadel.git --path ./proto/zitadel",
     "clean": "rm -rf zitadel .turbo node_modules google protoc-gen-openapiv2 validate"
   },
   "dependencies": {