From 19a98210344e684caf02a22c326774a62c2991da Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Tue, 19 May 2026 13:19:37 -0700 Subject: [PATCH 1/2] fix(docker): restore NEXT_PUBLIC_APP_URL build arg with dummy fallback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit getBaseUrl() in lib/core/utils/urls is evaluated at module load during next build's page-data collection and throws if NEXT_PUBLIC_APP_URL is unset. PR #4658 removed the build arg, breaking the Docker build at the "/_not-found" page-data collection step. Restore the dummy localhost fallback (mirroring DATABASE_URL). The CORS fix from #4658 is preserved: next.config.ts no longer reads NEXT_PUBLIC_APP_URL at build time, and no module-level expression captures getBaseUrl() — every caller invokes it at request time, where getEnv() reads the deployed container env. The dummy localhost value cannot leak into runtime CORS response headers. Co-Authored-By: Claude Opus 4.7 --- docker/app.Dockerfile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docker/app.Dockerfile b/docker/app.Dockerfile index 7940024649..e65e7a8035 100644 --- a/docker/app.Dockerfile +++ b/docker/app.Dockerfile @@ -69,11 +69,19 @@ ENV NEXT_TELEMETRY_DISABLED=1 \ VERCEL_TELEMETRY_DISABLED=1 \ DOCKER_BUILD=1 -# Provide dummy database URLs during image build so server code that imports @sim/db -# can be evaluated without crashing. Runtime environments should override these. +# Provide dummy values during image build so module-eval-time validators +# (e.g. @sim/db connection init, getBaseUrl() in lib/core/utils/urls) don't +# crash next build during page-data collection. Runtime environments must +# override both. NEXT_PUBLIC_APP_URL is intentionally NOT read by +# next.config.ts at build time — response CORS is computed at request time +# in proxy.ts via getEnv(), so the localhost fallback below cannot leak +# into production CORS response headers. ARG DATABASE_URL="postgresql://user:pass@localhost:5432/dummy" ENV DATABASE_URL=${DATABASE_URL} +ARG NEXT_PUBLIC_APP_URL="http://localhost:3000" +ENV NEXT_PUBLIC_APP_URL=${NEXT_PUBLIC_APP_URL} + # Per-platform cache id keeps arm64/amd64 SWC artifacts isolated. RUN --mount=type=cache,id=next-cache-${TARGETPLATFORM},target=/app/apps/sim/.next/cache \ --mount=type=cache,id=turbo-cache-${TARGETPLATFORM},target=/app/.turbo \ From 8681cb800f97bc74f54ab514a912b58f3f157bf0 Mon Sep 17 00:00:00 2001 From: Waleed Latif Date: Tue, 19 May 2026 13:20:36 -0700 Subject: [PATCH 2/2] chore(docker): trim verbose comment on build-time env args Co-Authored-By: Claude Opus 4.7 --- docker/app.Dockerfile | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/docker/app.Dockerfile b/docker/app.Dockerfile index e65e7a8035..67eb5f02c7 100644 --- a/docker/app.Dockerfile +++ b/docker/app.Dockerfile @@ -69,13 +69,7 @@ ENV NEXT_TELEMETRY_DISABLED=1 \ VERCEL_TELEMETRY_DISABLED=1 \ DOCKER_BUILD=1 -# Provide dummy values during image build so module-eval-time validators -# (e.g. @sim/db connection init, getBaseUrl() in lib/core/utils/urls) don't -# crash next build during page-data collection. Runtime environments must -# override both. NEXT_PUBLIC_APP_URL is intentionally NOT read by -# next.config.ts at build time — response CORS is computed at request time -# in proxy.ts via getEnv(), so the localhost fallback below cannot leak -# into production CORS response headers. +# Dummy values so next build can evaluate modules. Override at runtime. ARG DATABASE_URL="postgresql://user:pass@localhost:5432/dummy" ENV DATABASE_URL=${DATABASE_URL}