Self-host docker (#353)

.dockerignore

@@ -0,0 +1,139 @@
+# Git ignore rules
+*.untracked
+*.untracked.*
+
+.vercel
+
+# Misc
+.DS_Store
+.eslintcache
+.env.local
+.env.*.local
+
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+firebase-debug.log
+ui-debug.log
+.pnpm-debug.log
+.husky
+tmp
+
+vitest.config.ts.timestamp-*
+tsup.config.bundled_*
+
+# Dependencies
+node_modules
+
+# Build dirs
+.next
+build
+dist
+
+# Generated files
+.docusaurus
+.cache-loader
+**.tsbuildinfo
+
+.xata*
+
+# VS
+/.vs/slnx.sqlite-journal
+/.vs/slnx.sqlite
+/.vs
+.vscode/generated*
+
+# Jetbrains
+.idea
+
+# GitHub Actions runner
+/actions-runner
+/_work
+
+# DB
+dev.db*
+packages/adapter-prisma/prisma/dev.db
+packages/adapter-prisma/prisma/migrations
+db.sqlite
+packages/adapter-supabase/supabase/.branches
+packages/adapter-drizzle/.drizzle
+
+# Tests
+coverage
+dynamodblocal-bin
+firestore-debug.log
+test.schema.gql
+test-results
+playwright-report
+blob-report
+playwright/.cache
+
+# Turborepo
+.turbo
+
+# docusaurus
+docs/.docusaurus
+docs/manifest.mjs
+
+# Core
+packages/core/src/providers/oauth-types.ts
+packages/core/lib
+packages/core/providers
+docs/docs/reference/core
+
+# Next.js
+docs/docs/reference/nextjs
+next-env.d.ts
+
+# SvelteKit
+packages/frameworks-sveltekit/index.*
+packages/frameworks-sveltekit/client.*
+packages/frameworks-sveltekit/.svelte-kit
+packages/frameworks-sveltekit/package
+packages/frameworks-sveltekit/vite.config.js.timestamp-*
+packages/frameworks-sveltekit/vite.config.ts.timestamp-*
+docs/docs/reference/sveltekit
+
+# SolidStart
+docs/docs/reference/solidstart
+
+# Express
+docs/docs/reference/express
+
+# Adapters
+docs/docs/reference/adapter
+
+## Drizzle migration folder
+.drizzle
+
+# Sentry Config File
+.sentryclirc
+
+# Python
+__pycache__/
+.venv/
+
+# Docker ignore rules
+.changeset
+.git
+.github
+.turbo
+**/.turbo
+.vscode
+
+.env
+.env.*
+**/.env
+**/.env.*
+**/.next
+
+**/dist
+
+examples
+
+node_modules
+**/node_modules
+
+deploy
+!deploy/docker/**/entrypoint.sh
+docker-compose.yaml

.github/workflows/docker-build.yaml

@@ -0,0 +1,60 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - docker-build
+    tags:
+      - "*.*.*"
+  pull_request:
+
+jobs:
+  build-server:
+    name: Docker Build and Push Server
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ secrets.DOCKER_REPO }}/server
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix=
+            type=match,pattern=\d.\d.\d
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set push condition
+        id: push-condition
+        run: |
+          if [[ ${{ github.event_name == 'push' }} == 'true' ]]; then
+            echo "should_push=true" >> $GITHUB_OUTPUT
+          else
+            echo "should_push=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Login to DockerHub
+        if: steps.push-condition.outputs.should_push == 'true'
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/server/Dockerfile
+          push: ${{ steps.push-condition.outputs.should_push }}
+          tags: ${{ steps.meta.outputs.tags == 'main' && 'latest' || steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/publish-docs.yaml

@@ -9,7 +9,7 @@ jobs:
   run:
     runs-on: ubuntu-latest
     env:
-      NEXT_PUBLIC_STACK_URL: http://localhost:8102
+      NEXT_PUBLIC_STACK_API_URL: http://localhost:8102
       NEXT_PUBLIC_STACK_PROJECT_ID: internal
       NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY: internal-project-publishable-client-key
       STACK_SECRET_SERVER_KEY: internal-project-secret-server-key

.gitignore

@@ -113,6 +113,6 @@ docs/docs/reference/adapter
 # Sentry Config File
 .sentryclirc
 
-# python
+# Python
 __pycache__/
 .venv/

.vscode/settings.json

@@ -44,6 +44,7 @@
     "pageview",
     "pkcco",
     "PKCE",
+    "pooler",
     "posthog",
     "preconfigured",
     "Proxied",
@@ -55,6 +56,7 @@
     "RPID",
     "simplewebauthn",
     "spoofable",
+    "stackauth",
     "stackframe",
     "supabase",
     "Svix",

apps/backend/.env

@@ -1,5 +1,5 @@
 # Basic
-STACK_BASE_URL=# the base URL of Stack's backend/API. For local development, this is `http://localhost:8102`; for the managed service, this is `https://api.stack-auth.com`.
+NEXT_PUBLIC_STACK_API_URL=# the base URL of Stack's backend/API. For local development, this is `http://localhost:8102`; for the managed service, this is `https://api.stack-auth.com`.
 NEXT_PUBLIC_STACK_DASHBOARD_URL=# the URL of Stack's dashboard. For local development, this is `http://localhost:8101`; for the managed service, this is `https://app.stack-auth.com`.
 STACK_SERVER_SECRET=# a random, unguessable secret key generated by `pnpm generate-keys`
 

apps/backend/.env.development

@@ -1,4 +1,4 @@
-STACK_BASE_URL=http://localhost:8102
+NEXT_PUBLIC_STACK_API_URL=http://localhost:8102
 NEXT_PUBLIC_STACK_DASHBOARD_URL=http://localhost:8101
 STACK_SERVER_SECRET=23-wuNpik0gIW4mruTz25rbIvhuuvZFrLOLtL7J4tyo
 

apps/backend/next.config.mjs

@@ -47,6 +47,10 @@ const withConfiguredSentryConfig = (nextConfig) =>
 
 /** @type {import('next').NextConfig} */
 const nextConfig = {
+  // optionally set output to "standalone" for Docker builds
+  // https://nextjs.org/docs/pages/api-reference/next-config-js/output
+  output: process.env.NEXT_CONFIG_OUTPUT,
+
   // we're open-source, so we can provide source maps
   productionBrowserSourceMaps: true,
   poweredByHeader: false,

apps/backend/package.json

@@ -9,6 +9,8 @@
     "with-env:prod": "dotenv -c --",
     "dev": "concurrently -n \"dev,codegen,prisma-studio\" -k \"next dev --port 8102\" \"pnpm run codegen:watch\" \"pnpm run prisma-studio\"",
     "build": "pnpm run codegen && next build",
+    "docker-build": "pnpm run codegen && next build --experimental-build-mode compile",
+    "self-host-seed-script": "tsup --config prisma/tsup.config.ts",
     "analyze-bundle": "ANALYZE_BUNDLE=1 pnpm run build",
     "start": "next start --port 8102",
     "codegen-prisma": "pnpm run prisma generate",
@@ -78,8 +80,9 @@
     "@types/semver": "^7.5.8",
     "concurrently": "^8.2.2",
     "glob": "^10.4.1",
-    "prisma": "^5.9.1",
+    "prisma": "^5.20.0",
     "rimraf": "^5.0.5",
+    "tsup": "^8.3.0",
     "tsx": "^4.7.2"
   }
 }