@panoptic-it-solutions/coolify-setup 1.0.0

package/README.md

@@ -0,0 +1,92 @@
+# @panoptic-it-solutions/coolify-setup
+
+CLI tool for setting up Coolify deployment on Panoptic projects.
+
+## Usage
+
+```bash
+npx @panoptic-it-solutions/coolify-setup
+```
+
+Or install globally:
+
+```bash
+npm i -g @panoptic-it-solutions/coolify-setup
+coolify-setup
+```
+
+## What it does
+
+This CLI tool automates the setup of Coolify deployment for your project:
+
+1. **Detects your project type** (Next.js or Node.js)
+2. **Detects your package manager** (pnpm, npm, or yarn)
+3. **Generates deployment files**:
+   - `Dockerfile` - Multi-stage build optimized for your project
+   - `docker-compose.yml` - Production configuration with optional services
+   - `docker-compose.build.yml` - Build configuration for CI
+   - `.github/workflows/build-deploy.yml` - GitHub Actions workflow
+   - `entrypoint.sh` - Container startup script with migration support
+   - `.claude/rules/coolify.md` - Coolify deployment rules for Claude
+4. **Sets up GitHub repository** (optional):
+   - Creates repo in Panoptic-IT-Solutions org
+   - Pushes main, staging, and develop branches
+   - Sets develop as default branch
+
+## Hardcoded Panoptic Defaults
+
+- **Registry**: `10.0.0.2:5000`
+- **GitHub Org**: `Panoptic-IT-Solutions`
+- **CI Runner**: `self-hosted`
+- **Branch Strategy**:
+  - `develop` - Default branch for development
+  - `staging` - Deploy target for all branches
+  - `main` - Production (manual promotion)
+
+## Optional Services
+
+The CLI will prompt you to include:
+- PostgreSQL (with automatic migration support)
+- Redis
+- MinIO (S3-compatible storage)
+
+## Migration Handling
+
+If PostgreSQL is included, the CLI generates migration infrastructure:
+
+### Next.js Projects (with standalone output)
+
+Next.js uses `output: 'standalone'` which creates a minimal deployment without full node_modules. To handle migrations:
+
+1. **esbuild is added** to devDependencies (automatically)
+2. **Migration script is bundled** at Docker build time into a single JS file with all dependencies
+3. **Bundled JS runs** with plain Node.js at container startup (no tsx needed)
+
+Files generated:
+- `lib/db/migrate.ts` - Migration script source (if not existing)
+- `lib/db/migrate.bundle.js` - Bundled migration (created during Docker build)
+
+### Node.js Projects
+
+Node.js projects keep full node_modules, so migrations run with tsx:
+
+Files generated:
+- `scripts/migrate.ts` - Migration script
+- Uses `npx tsx` at runtime
+
+### Migration Behavior
+
+- **Skips during Docker build** - Detects placeholder database URLs
+- **Runs on container startup** - Before the application starts
+- **Idempotent** - Drizzle tracks applied migrations
+
+## Requirements
+
+- Node.js 18+
+- GitHub CLI (`gh`) installed and authenticated (for repo creation)
+- Git initialized in your project
+- **For Next.js + PostgreSQL**: esbuild (automatically added to devDependencies)
+
+## License
+
+MIT

package/dist/detector.d.ts

@@ -0,0 +1,8 @@
+export interface ProjectInfo {
+    type: 'nextjs' | 'node';
+    packageManager: 'pnpm' | 'npm' | 'yarn';
+    hasDockerfile: boolean;
+    hasDockerCompose: boolean;
+    name: string;
+}
+export declare function detectProject(): Promise<ProjectInfo>;

package/dist/detector.js

@@ -0,0 +1,34 @@
+import { existsSync, readFileSync } from 'fs';
+import { join } from 'path';
+function exists(filename) {
+    return existsSync(join(process.cwd(), filename));
+}
+function getProjectName() {
+    try {
+        const packageJson = JSON.parse(readFileSync(join(process.cwd(), 'package.json'), 'utf-8'));
+        return packageJson.name?.replace(/^@[^/]+\//, '') || 'my-project';
+    }
+    catch {
+        return 'my-project';
+    }
+}
+export async function detectProject() {
+    const hasPackageJson = exists('package.json');
+    const hasNextConfig = exists('next.config.ts') || exists('next.config.js') || exists('next.config.mjs');
+    const hasPnpmLock = exists('pnpm-lock.yaml');
+    const hasYarnLock = exists('yarn.lock');
+    const hasDockerfile = exists('Dockerfile');
+    const hasDockerCompose = exists('docker-compose.yml');
+    let packageManager = 'npm';
+    if (hasPnpmLock)
+        packageManager = 'pnpm';
+    else if (hasYarnLock)
+        packageManager = 'yarn';
+    return {
+        type: hasNextConfig ? 'nextjs' : 'node',
+        packageManager,
+        hasDockerfile,
+        hasDockerCompose,
+        name: hasPackageJson ? getProjectName() : 'my-project',
+    };
+}

package/dist/generator.d.ts

@@ -0,0 +1,9 @@
+export interface GenerateOptions {
+    projectName: string;
+    projectType: 'nextjs' | 'node';
+    packageManager: 'pnpm' | 'npm' | 'yarn';
+    includePostgres: boolean;
+    includeRedis: boolean;
+    includeMinio: boolean;
+}
+export declare function generateFiles(options: GenerateOptions): Promise<void>;

package/dist/generator.js

@@ -0,0 +1,97 @@
+import { existsSync, mkdirSync, writeFileSync, readFileSync } from 'fs';
+import { join, dirname } from 'path';
+import { generateDockerfile, generateDockerCompose, generateDockerComposeBuild, generateWorkflow, generateEntrypoint, generateMigrateScript, generateClaudeRules, } from './templates/index.js';
+function ensureDir(filePath) {
+    const dir = dirname(filePath);
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { recursive: true });
+    }
+}
+function writeFile(relativePath, content) {
+    const fullPath = join(process.cwd(), relativePath);
+    ensureDir(fullPath);
+    writeFileSync(fullPath, content, 'utf-8');
+}
+function addEsbuildToPackageJson() {
+    const packageJsonPath = join(process.cwd(), 'package.json');
+    if (!existsSync(packageJsonPath)) {
+        console.log('Warning: package.json not found, skipping esbuild addition');
+        return false;
+    }
+    try {
+        const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+        // Ensure devDependencies exists
+        if (!packageJson.devDependencies) {
+            packageJson.devDependencies = {};
+        }
+        // Add esbuild if not already present
+        if (!packageJson.devDependencies.esbuild) {
+            packageJson.devDependencies.esbuild = '^0.25.0';
+            writeFileSync(packageJsonPath, JSON.stringify(packageJson, null, 2) + '\n', 'utf-8');
+            return true;
+        }
+        return false;
+    }
+    catch (error) {
+        console.log('Warning: Failed to update package.json:', error);
+        return false;
+    }
+}
+export async function generateFiles(options) {
+    const { projectName, projectType, packageManager, includePostgres, includeRedis, includeMinio, } = options;
+    // Generate Dockerfile
+    const dockerfile = generateDockerfile({
+        projectType,
+        packageManager,
+        includePostgres,
+    });
+    writeFile('Dockerfile', dockerfile);
+    // Generate docker-compose.yml
+    const dockerCompose = generateDockerCompose({
+        projectName,
+        includePostgres,
+        includeRedis,
+        includeMinio,
+    });
+    writeFile('docker-compose.yml', dockerCompose);
+    // Generate docker-compose.build.yml
+    const dockerComposeBuild = generateDockerComposeBuild({
+        projectName,
+    });
+    writeFile('docker-compose.build.yml', dockerComposeBuild);
+    // Generate GitHub workflow
+    const workflow = generateWorkflow({
+        projectName,
+    });
+    writeFile('.github/workflows/build-deploy.yml', workflow);
+    // Generate entrypoint.sh
+    const entrypoint = generateEntrypoint({
+        projectType,
+        includePostgres,
+    });
+    writeFile('entrypoint.sh', entrypoint);
+    // Generate Claude rules
+    const claudeRules = generateClaudeRules();
+    writeFile('.claude/rules/coolify.md', claudeRules);
+    // Generate migrate.ts if postgres is included
+    if (includePostgres) {
+        const migrateScript = generateMigrateScript({ projectType });
+        // For Next.js standalone projects, we need esbuild to bundle the migration script
+        if (projectType === 'nextjs') {
+            const added = addEsbuildToPackageJson();
+            if (added) {
+                console.log('Added esbuild to devDependencies (required for migration bundling)');
+                console.log('Run your package manager install command to install it');
+            }
+            // Write migrate.ts to lib/db/ for Next.js projects (will be bundled at build time)
+            const existingMigratePath = join(process.cwd(), 'lib/db/migrate.ts');
+            if (!existsSync(existingMigratePath)) {
+                writeFile('lib/db/migrate.ts', migrateScript);
+            }
+        }
+        else {
+            // For Node.js projects, write to scripts/ directory
+            writeFile('scripts/migrate.ts', migrateScript);
+        }
+    }
+}

package/dist/git.d.ts

@@ -0,0 +1 @@
+export declare function setupGitHub(projectName: string): Promise<void>;

package/dist/git.js

@@ -0,0 +1,94 @@
+import { execSync, exec } from 'child_process';
+import { promisify } from 'util';
+const execAsync = promisify(exec);
+const ORG = 'Panoptic-IT-Solutions';
+function run(command) {
+    return execSync(command, { encoding: 'utf-8', stdio: 'pipe' }).trim();
+}
+async function runAsync(command) {
+    const { stdout } = await execAsync(command);
+    return stdout.trim();
+}
+function hasGitRemote() {
+    try {
+        run('git remote get-url origin');
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function isGitRepo() {
+    try {
+        run('git rev-parse --git-dir');
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function setupGitHub(projectName) {
+    // Initialize git if not already a repo
+    if (!isGitRepo()) {
+        run('git init');
+        run('git add .');
+        run('git commit -m "Initial commit"');
+    }
+    // Check if gh CLI is available
+    try {
+        run('gh --version');
+    }
+    catch {
+        throw new Error('GitHub CLI (gh) is not installed. Install it from https://cli.github.com/');
+    }
+    // Check if authenticated
+    try {
+        run('gh auth status');
+    }
+    catch {
+        throw new Error('Not authenticated with GitHub CLI. Run: gh auth login');
+    }
+    // Create repo if no remote exists
+    if (!hasGitRemote()) {
+        // Create the repository
+        await runAsync(`gh repo create ${ORG}/${projectName} --private --source=. --push`);
+    }
+    else {
+        // Remote exists, just push
+        run('git push origin HEAD');
+    }
+    // Ensure we're on main and push
+    const currentBranch = run('git branch --show-current');
+    if (currentBranch !== 'main') {
+        run('git checkout -b main 2>/dev/null || git checkout main');
+    }
+    // Push main
+    try {
+        run('git push origin main');
+    }
+    catch {
+        // May already be pushed
+    }
+    // Create staging branch from main
+    try {
+        run('git push origin main:staging');
+    }
+    catch {
+        // May already exist
+    }
+    // Create and checkout develop branch
+    try {
+        run('git checkout -b develop 2>/dev/null || git checkout develop');
+        run('git push origin develop -u');
+    }
+    catch {
+        // May already exist
+    }
+    // Set develop as default branch
+    try {
+        await runAsync(`gh repo edit ${ORG}/${projectName} --default-branch develop`);
+    }
+    catch {
+        // May fail if not owner or already set
+    }
+}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/index.js

@@ -0,0 +1,102 @@
+#!/usr/bin/env node
+import chalk from 'chalk';
+import ora from 'ora';
+import prompts from 'prompts';
+import { detectProject } from './detector.js';
+import { generateFiles } from './generator.js';
+import { setupGitHub } from './git.js';
+async function main() {
+    console.log(chalk.bold.cyan('\n🚀 Panoptic Coolify Setup\n'));
+    // Detect project type
+    const spinner = ora('Scanning project...').start();
+    const project = await detectProject();
+    spinner.succeed(`Detected: ${chalk.green(project.type)} project (${project.packageManager})`);
+    if (project.hasDockerfile) {
+        console.log(chalk.yellow('  ⚠️  Existing Dockerfile found - will be overwritten'));
+    }
+    if (project.hasDockerCompose) {
+        console.log(chalk.yellow('  ⚠️  Existing docker-compose.yml found - will be overwritten'));
+    }
+    // Get project name
+    const response = await prompts([
+        {
+            type: 'text',
+            name: 'projectName',
+            message: 'Project name:',
+            initial: project.name,
+            validate: (value) => value.length > 0 || 'Project name is required',
+        },
+        {
+            type: 'confirm',
+            name: 'includePostgres',
+            message: 'Include PostgreSQL?',
+            initial: true,
+        },
+        {
+            type: 'confirm',
+            name: 'includeRedis',
+            message: 'Include Redis?',
+            initial: true,
+        },
+        {
+            type: 'confirm',
+            name: 'includeMinio',
+            message: 'Include MinIO (S3-compatible storage)?',
+            initial: false,
+        },
+        {
+            type: 'confirm',
+            name: 'createRepo',
+            message: 'Create GitHub repo in Panoptic-IT-Solutions?',
+            initial: true,
+        },
+    ]);
+    if (!response.projectName) {
+        console.log(chalk.red('\n❌ Setup cancelled'));
+        process.exit(1);
+    }
+    // Generate files
+    console.log(chalk.bold('\nGenerating files...'));
+    await generateFiles({
+        projectName: response.projectName,
+        projectType: project.type,
+        packageManager: project.packageManager,
+        includePostgres: response.includePostgres,
+        includeRedis: response.includeRedis,
+        includeMinio: response.includeMinio,
+    });
+    console.log(chalk.green('  ✓ Dockerfile'));
+    console.log(chalk.green('  ✓ docker-compose.yml'));
+    console.log(chalk.green('  ✓ docker-compose.build.yml'));
+    console.log(chalk.green('  ✓ .github/workflows/build-deploy.yml'));
+    console.log(chalk.green('  ✓ .claude/rules/coolify.md'));
+    console.log(chalk.green('  ✓ entrypoint.sh'));
+    if (response.includePostgres) {
+        console.log(chalk.green('  ✓ scripts/migrate.ts'));
+    }
+    // Setup GitHub
+    if (response.createRepo) {
+        console.log(chalk.bold('\nSetting up GitHub...'));
+        try {
+            await setupGitHub(response.projectName);
+            console.log(chalk.green(`  ✓ Created repo: Panoptic-IT-Solutions/${response.projectName}`));
+            console.log(chalk.green('  ✓ Pushed main branch'));
+            console.log(chalk.green('  ✓ Created staging branch'));
+            console.log(chalk.green('  ✓ Created develop branch (default)'));
+        }
+        catch (error) {
+            console.log(chalk.red(`  ✗ GitHub setup failed: ${error}`));
+            console.log(chalk.yellow('  You can manually run: gh repo create Panoptic-IT-Solutions/' + response.projectName));
+        }
+    }
+    console.log(chalk.bold.green('\n✅ Setup complete!\n'));
+    console.log('Next steps:');
+    console.log(chalk.cyan('  1. Review the generated files'));
+    console.log(chalk.cyan('  2. Update .env with your secrets'));
+    console.log(chalk.cyan('  3. Push to develop to trigger first build'));
+    console.log(chalk.cyan('  4. Configure Coolify to deploy from staging branch\n'));
+}
+main().catch((error) => {
+    console.error(chalk.red('Error:'), error);
+    process.exit(1);
+});

package/dist/templates/claude-rules.d.ts

@@ -0,0 +1 @@
+export declare function generateClaudeRules(): string;

package/dist/templates/claude-rules.js

@@ -0,0 +1,105 @@
+export function generateClaudeRules() {
+    return `# Coolify Deployment Rules
+
+## Overview
+
+This project uses Coolify for deployment. Coolify has specific behaviors that require careful handling of Docker Compose configurations.
+
+## Critical Coolify Behaviors
+
+### 1. Helper Container Architecture
+
+Coolify runs \`docker compose\` inside an ephemeral helper container, not directly on the Docker host. This means:
+
+- **Bind mounts with relative paths will fail** - The helper container clones the repo to \`/artifacts/<deployment-uuid>/\`, but Docker resolves paths on the host where these files don't exist
+- **Docker Compose \`configs\` feature will fail** - Same issue as bind mounts; config file paths are resolved on the host, not inside the helper container
+- **Volume mounts work fine** - Named volumes are managed by Docker and work correctly
+
+### 2. Path Transformation
+
+Coolify transforms relative bind mount paths like \`./config/file.yaml\` to \`/data/coolify/applications/<app-uuid>/config/file.yaml\`, but it does NOT copy the actual files to that location.
+
+## Rules for Configuration Files
+
+### DO: Bake configs into custom images
+
+If a service needs configuration files (like Loki, Promtail, Grafana, Nginx, etc.), create a custom Dockerfile that COPYs the config into the image:
+
+\`\`\`dockerfile
+# Dockerfile.servicename
+FROM base-image:version
+COPY config/servicename.yaml /etc/servicename/config.yaml
+\`\`\`
+
+Then reference the custom image in docker-compose.yml:
+
+\`\`\`yaml
+servicename:
+  image: \${REGISTRY}/project-servicename:\${TAG}
+  # NO bind mounts or configs for config files
+\`\`\`
+
+### DON'T: Use bind mounts for config files
+
+\`\`\`yaml
+# THIS WILL FAIL IN COOLIFY
+servicename:
+  volumes:
+    - ./config/servicename.yaml:/etc/servicename/config.yaml
+\`\`\`
+
+### DON'T: Use Docker Compose configs feature
+
+\`\`\`yaml
+# THIS WILL FAIL IN COOLIFY
+servicename:
+  configs:
+    - source: myconfig
+      target: /etc/servicename/config.yaml
+
+configs:
+  myconfig:
+    file: ./config/servicename.yaml
+\`\`\`
+
+### DO: Use named volumes for persistent data
+
+\`\`\`yaml
+# This works correctly
+servicename:
+  volumes:
+    - servicename-data:/var/lib/servicename
+
+volumes:
+  servicename-data:
+    driver: local
+\`\`\`
+
+## Build Workflow Requirements
+
+When adding services that need baked-in configs:
+
+1. Create a \`Dockerfile.servicename\` that COPYs the config
+2. Add the service to \`docker-compose.build.yml\` with build context
+3. Update the GitHub Actions workflow to:
+   - Build the new image
+   - Tag and push as both \`\${COMMIT_SHA}\` and \`latest\`
+   - Sync the new Dockerfile to the deploy branch
+   - Update image tags in docker-compose.yml via sed
+
+## Private Registry Configuration
+
+This project uses a private registry at \`10.0.0.2:5000\`. The staging server has \`insecure-registries\` configured, but Coolify's helper container may not inherit this. Pre-pulling images on the target server can help avoid registry issues.
+
+## Debugging Failed Deployments
+
+1. Check deployment logs: \`coolify deploy get <uuid> --format pretty\`
+2. Look for "bind source path does not exist" errors - indicates config file issue
+3. SSH to staging and check container logs: \`docker logs <container-name>\`
+4. Verify images exist in registry and can be pulled manually
+
+## Migration Handling
+
+Database migrations are copied to \`/app/scripts/\` (not \`/app/lib/db/\`) to avoid conflicts with Next.js standalone output. The entrypoint.sh runs migrations before starting the server.
+`;
+}

package/dist/templates/docker-compose-build.d.ts

@@ -0,0 +1,4 @@
+export interface DockerComposeBuildOptions {
+    projectName: string;
+}
+export declare function generateDockerComposeBuild(options: DockerComposeBuildOptions): string;

package/dist/templates/docker-compose-build.js

@@ -0,0 +1,16 @@
+const REGISTRY = '10.0.0.2:5000';
+export function generateDockerComposeBuild(options) {
+    const { projectName } = options;
+    return `# Used by GitHub Actions to build and push images
+# Do not use this file with Coolify directly
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      args:
+        SKIP_ENV_VALIDATION: "true"
+    image: ${REGISTRY}/\${COMPOSE_PROJECT_NAME:-${projectName}}-app:\${COMMIT_SHA:-latest}
+`;
+}

package/dist/templates/docker-compose.d.ts

@@ -0,0 +1,7 @@
+export interface DockerComposeOptions {
+    projectName: string;
+    includePostgres: boolean;
+    includeRedis: boolean;
+    includeMinio: boolean;
+}
+export declare function generateDockerCompose(options: DockerComposeOptions): string;

package/dist/templates/docker-compose.js

@@ -0,0 +1,86 @@
+const REGISTRY = '10.0.0.2:5000';
+export function generateDockerCompose(options) {
+    const { projectName, includePostgres, includeRedis, includeMinio } = options;
+    const services = [];
+    const volumes = [];
+    // App service
+    services.push(`  app:
+    image: ${REGISTRY}/${projectName}-app:latest
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_ENV=production${includePostgres ? `
+      - POSTGRES_URL=postgres://\${POSTGRES_USER:-postgres}:\${POSTGRES_PASSWORD:-postgres}@postgres:5432/\${POSTGRES_DB:-app}` : ''}${includeRedis ? `
+      - REDIS_URL=redis://redis:6379` : ''}${includeMinio ? `
+      - MINIO_ENDPOINT=http://minio:9000
+      - MINIO_ACCESS_KEY=\${MINIO_ACCESS_KEY:-minioadmin}
+      - MINIO_SECRET_KEY=\${MINIO_SECRET_KEY:-minioadmin}
+      - MINIO_BUCKET=\${MINIO_BUCKET:-uploads}` : ''}
+    labels:
+      - coolify.autoUpdate=true
+      - coolify.preserveRepository=true${includePostgres || includeRedis || includeMinio ? `
+    depends_on:${includePostgres ? `
+      postgres:
+        condition: service_healthy` : ''}${includeRedis ? `
+      redis:
+        condition: service_healthy` : ''}${includeMinio ? `
+      minio:
+        condition: service_started` : ''}` : ''}`);
+    // PostgreSQL service
+    if (includePostgres) {
+        services.push(`  postgres:
+    image: postgres:16-alpine
+    restart: unless-stopped
+    environment:
+      - POSTGRES_USER=\${POSTGRES_USER:-postgres}
+      - POSTGRES_PASSWORD=\${POSTGRES_PASSWORD:-postgres}
+      - POSTGRES_DB=\${POSTGRES_DB:-app}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U \${POSTGRES_USER:-postgres}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5`);
+        volumes.push('  postgres-data:');
+    }
+    // Redis service
+    if (includeRedis) {
+        services.push(`  redis:
+    image: redis:7-alpine
+    restart: unless-stopped
+    volumes:
+      - redis-data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+      interval: 10s
+      timeout: 5s
+      retries: 5`);
+        volumes.push('  redis-data:');
+    }
+    // MinIO service
+    if (includeMinio) {
+        services.push(`  minio:
+    image: minio/minio:latest
+    restart: unless-stopped
+    command: server /data --console-address ":9001"
+    environment:
+      - MINIO_ROOT_USER=\${MINIO_ACCESS_KEY:-minioadmin}
+      - MINIO_ROOT_PASSWORD=\${MINIO_SECRET_KEY:-minioadmin}
+    volumes:
+      - minio-data:/data
+    ports:
+      - "9001:9001"`);
+        volumes.push('  minio-data:');
+    }
+    let compose = `services:
+${services.join('\n\n')}`;
+    if (volumes.length > 0) {
+        compose += `
+
+volumes:
+${volumes.join('\n')}`;
+    }
+    return compose + '\n';
+}

package/dist/templates/dockerfile.d.ts

@@ -0,0 +1,6 @@
+export interface DockerfileOptions {
+    projectType: 'nextjs' | 'node';
+    packageManager: 'pnpm' | 'npm' | 'yarn';
+    includePostgres: boolean;
+}
+export declare function generateDockerfile(options: DockerfileOptions): string;

package/dist/templates/dockerfile.js

@@ -0,0 +1,175 @@
+export function generateDockerfile(options) {
+    if (options.projectType === 'nextjs') {
+        return generateNextjsDockerfile(options);
+    }
+    return generateNodeDockerfile(options);
+}
+function generateNextjsDockerfile(options) {
+    const { packageManager, includePostgres } = options;
+    const installCmd = packageManager === 'pnpm'
+        ? 'pnpm install --frozen-lockfile'
+        : packageManager === 'yarn'
+            ? 'yarn install --frozen-lockfile'
+            : 'npm ci';
+    const buildCmd = packageManager === 'pnpm'
+        ? 'pnpm build'
+        : packageManager === 'yarn'
+            ? 'yarn build'
+            : 'npm run build';
+    const esbuildCmd = packageManager === 'pnpm'
+        ? 'pnpm exec esbuild'
+        : packageManager === 'yarn'
+            ? 'yarn esbuild'
+            : 'npx esbuild';
+    const packageFiles = packageManager === 'pnpm'
+        ? 'COPY package.json pnpm-lock.yaml ./'
+        : packageManager === 'yarn'
+            ? 'COPY package.json yarn.lock ./'
+            : 'COPY package.json package-lock.json ./';
+    const corepackSetup = packageManager === 'pnpm'
+        ? 'RUN corepack enable && corepack prepare pnpm@latest --activate'
+        : packageManager === 'yarn'
+            ? 'RUN corepack enable'
+            : '';
+    // For Next.js standalone, we bundle the migration script with esbuild at build time
+    // This avoids module resolution issues in the minimal standalone container
+    const migrationBundle = includePostgres ? `
+
+# Build the migration bundle (single JS file with all deps baked in)
+# This avoids module resolution issues in the standalone container
+RUN ${esbuildCmd} lib/db/migrate.ts --bundle --platform=node --target=node22 --outfile=lib/db/migrate.bundle.js --external:dotenv` : '';
+    const migrationCopy = includePostgres ? `
+
+# Copy database migrations and bundled migration script
+COPY --from=builder --chown=nextjs:nodejs /app/lib/db/migrations ./lib/db/migrations
+COPY --from=builder --chown=nextjs:nodejs /app/lib/db/migrate.bundle.js ./lib/db/migrate.bundle.js` : '';
+    return `# syntax=docker.io/docker/dockerfile:1
+
+FROM node:22-alpine AS base
+
+# Install package manager
+${corepackSetup}
+
+# Dependencies stage
+FROM base AS deps
+WORKDIR /app
+
+# Copy package files
+${packageFiles}
+
+# Install dependencies
+RUN ${installCmd}
+
+# Builder stage
+FROM base AS builder
+WORKDIR /app
+
+# Copy dependencies
+COPY --from=deps /app/node_modules ./node_modules
+COPY . .
+
+# Build-time environment configuration
+# These are placeholder values used only during the build process
+# Real values are provided at runtime via environment variables
+ENV SKIP_ENV_VALIDATION=true
+ENV NEXT_TELEMETRY_DISABLED=1
+ENV NODE_ENV=production
+
+# Placeholder values for build (required by Next.js build process)
+# These are overridden at runtime via docker-compose environment
+ENV POSTGRES_URL=postgres://placeholder:placeholder@localhost:5432/placeholder
+ENV REDIS_URL=redis://localhost:6379
+
+# Build the application
+RUN ${buildCmd}
+${migrationBundle}
+
+# Runner stage
+FROM base AS runner
+WORKDIR /app
+
+ENV NODE_ENV=production
+ENV NEXT_TELEMETRY_DISABLED=1
+
+# Create non-root user for security
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+# Copy public assets
+COPY --from=builder /app/public ./public
+
+# Copy built application (standalone output)
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+${migrationCopy}
+
+# Copy entrypoint script
+COPY --chown=nextjs:nodejs entrypoint.sh ./entrypoint.sh
+RUN chmod +x ./entrypoint.sh
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT=3000
+ENV HOSTNAME="0.0.0.0"
+
+CMD ["./entrypoint.sh"]
+`;
+}
+function generateNodeDockerfile(options) {
+    const { packageManager, includePostgres } = options;
+    const installCmd = packageManager === 'pnpm'
+        ? 'pnpm install --frozen-lockfile --prod'
+        : packageManager === 'yarn'
+            ? 'yarn install --frozen-lockfile --production'
+            : 'npm ci --only=production';
+    const packageFiles = packageManager === 'pnpm'
+        ? 'COPY package.json pnpm-lock.yaml ./'
+        : packageManager === 'yarn'
+            ? 'COPY package.json yarn.lock ./'
+            : 'COPY package.json package-lock.json ./';
+    const corepackSetup = packageManager === 'pnpm'
+        ? 'RUN corepack enable && corepack prepare pnpm@latest --activate'
+        : packageManager === 'yarn'
+            ? 'RUN corepack enable'
+            : '';
+    const migrationCopy = includePostgres ? `
+# Copy migration files
+COPY --chown=node:node lib/db/migrations ./scripts/migrations
+COPY --chown=node:node lib/db/migrate.ts ./scripts/migrate.ts` : '';
+    const tsxInstall = includePostgres ? `
+# Install tsx globally for running TypeScript migration scripts
+RUN npm install -g tsx` : '';
+    return `FROM node:22-alpine
+
+# Install package manager
+${corepackSetup}
+
+WORKDIR /app
+
+# Copy package files
+${packageFiles}
+
+# Install production dependencies
+RUN ${installCmd}
+${tsxInstall}
+
+# Copy application code
+COPY --chown=node:node . .
+${migrationCopy}
+
+# Copy entrypoint script
+COPY --chown=node:node entrypoint.sh ./entrypoint.sh
+RUN chmod +x ./entrypoint.sh
+
+USER node
+
+EXPOSE 3000
+
+ENV NODE_ENV=production
+ENV PORT=3000
+
+CMD ["./entrypoint.sh"]
+`;
+}

package/dist/templates/entrypoint.d.ts

@@ -0,0 +1,5 @@
+export interface EntrypointOptions {
+    projectType: 'nextjs' | 'node';
+    includePostgres: boolean;
+}
+export declare function generateEntrypoint(options: EntrypointOptions): string;

package/dist/templates/entrypoint.js

@@ -0,0 +1,30 @@
+export function generateEntrypoint(options) {
+    const { projectType, includePostgres } = options;
+    // For Next.js standalone, we run the bundled JS file (no tsx needed)
+    // For Node.js, we use tsx since full node_modules is available
+    const migrationStep = includePostgres
+        ? projectType === 'nextjs'
+            ? `
+# Run database migrations (bundled JS with all deps baked in)
+echo "⏳ Running database migrations..."
+node lib/db/migrate.bundle.js
+`
+            : `
+# Run database migrations
+echo "⏳ Running database migrations..."
+npx tsx scripts/migrate.ts
+`
+        : '';
+    const startCmd = projectType === 'nextjs'
+        ? 'exec node server.js'
+        : 'exec node dist/index.js';
+    return `#!/bin/sh
+set -e
+
+echo "🚀 Starting application..."
+${migrationStep}
+# Start the application
+echo "✅ Starting server..."
+${startCmd}
+`;
+}

package/dist/templates/index.d.ts

@@ -0,0 +1,7 @@
+export { generateDockerfile, type DockerfileOptions } from './dockerfile.js';
+export { generateDockerCompose, type DockerComposeOptions } from './docker-compose.js';
+export { generateDockerComposeBuild, type DockerComposeBuildOptions } from './docker-compose-build.js';
+export { generateWorkflow, type WorkflowOptions } from './workflow.js';
+export { generateEntrypoint, type EntrypointOptions } from './entrypoint.js';
+export { generateMigrateScript, type MigrateScriptOptions } from './migrate.js';
+export { generateClaudeRules } from './claude-rules.js';

package/dist/templates/index.js

@@ -0,0 +1,7 @@
+export { generateDockerfile } from './dockerfile.js';
+export { generateDockerCompose } from './docker-compose.js';
+export { generateDockerComposeBuild } from './docker-compose-build.js';
+export { generateWorkflow } from './workflow.js';
+export { generateEntrypoint } from './entrypoint.js';
+export { generateMigrateScript } from './migrate.js';
+export { generateClaudeRules } from './claude-rules.js';

package/dist/templates/migrate.d.ts

@@ -0,0 +1,4 @@
+export interface MigrateScriptOptions {
+    projectType: 'nextjs' | 'node';
+}
+export declare function generateMigrateScript(options?: MigrateScriptOptions): string;

package/dist/templates/migrate.js

@@ -0,0 +1,48 @@
+export function generateMigrateScript(options) {
+    const projectType = options?.projectType ?? 'nextjs';
+    // For Next.js, migrations are in lib/db/migrations (bundled with esbuild)
+    // For Node.js, migrations are in scripts/migrations (run with tsx)
+    const migrationsFolder = projectType === 'nextjs'
+        ? './lib/db/migrations'
+        : './scripts/migrations';
+    return `import { drizzle } from 'drizzle-orm/postgres-js';
+import { migrate } from 'drizzle-orm/postgres-js/migrator';
+import postgres from 'postgres';
+
+const runMigrate = async () => {
+  // Only load dotenv in development (not needed in Docker where env vars are injected)
+  if (process.env.NODE_ENV !== 'production') {
+    const { config } = await import('dotenv');
+    config({ path: '.env.local' });
+  }
+
+  // Skip migrations during Docker build (placeholder values or explicit skip)
+  if (
+    !process.env.POSTGRES_URL ||
+    process.env.SKIP_ENV_VALIDATION === 'true' ||
+    process.env.POSTGRES_URL.includes('placeholder')
+  ) {
+    console.log('⏭️  Skipping migrations (build-time or no database configured)');
+    process.exit(0);
+  }
+
+  const connection = postgres(process.env.POSTGRES_URL, { max: 1 });
+  const db = drizzle(connection);
+
+  console.log('⏳ Running migrations...');
+
+  const start = Date.now();
+  await migrate(db, { migrationsFolder: '${migrationsFolder}' });
+  const end = Date.now();
+
+  console.log('✅ Migrations completed in', end - start, 'ms');
+  process.exit(0);
+};
+
+runMigrate().catch((err) => {
+  console.error('❌ Migration failed');
+  console.error(err);
+  process.exit(1);
+});
+`;
+}

package/dist/templates/workflow.d.ts

@@ -0,0 +1,4 @@
+export interface WorkflowOptions {
+    projectName: string;
+}
+export declare function generateWorkflow(options: WorkflowOptions): string;

package/dist/templates/workflow.js

@@ -0,0 +1,77 @@
+const REGISTRY = '10.0.0.2:5000';
+export function generateWorkflow(options) {
+    const { projectName } = options;
+    return `name: Build and Deploy
+
+on:
+  push:
+    branches:
+      - develop
+      - 'feature/**'
+      - 'fix/**'
+      - 'hotfix/**'
+
+env:
+  REGISTRY: ${REGISTRY}
+  PROJECT_NAME: ${projectName}
+
+jobs:
+  build-and-push:
+    runs-on: self-hosted
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get commit SHA
+        id: sha
+        run: echo "sha=\$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Build and push images
+        run: |
+          export COMMIT_SHA=\${{ steps.sha.outputs.sha }}
+          export COMPOSE_PROJECT_NAME=\${{ env.PROJECT_NAME }}
+
+          docker compose -f docker-compose.build.yml build
+          docker compose -f docker-compose.build.yml push
+
+          # Also tag and push as latest
+          docker tag \${{ env.REGISTRY }}/\${{ env.PROJECT_NAME }}-app:\${{ steps.sha.outputs.sha }} \${{ env.REGISTRY }}/\${{ env.PROJECT_NAME }}-app:latest
+          docker push \${{ env.REGISTRY }}/\${{ env.PROJECT_NAME }}-app:latest
+
+      - name: Determine target branch
+        id: target
+        run: |
+          # All branches deploy to staging
+          # Promotion to main is a manual step
+          echo "branch=staging" >> $GITHUB_OUTPUT
+
+      - name: Create deploy PR
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TARGET_BRANCH=\${{ steps.target.outputs.branch }}
+          SOURCE_BRANCH=\${{ github.ref_name }}
+
+          # Check if PR already exists
+          EXISTING_PR=\$(gh pr list --head "\$SOURCE_BRANCH" --base "\$TARGET_BRANCH" --json number -q '.[0].number' || echo "")
+
+          if [ -n "\$EXISTING_PR" ]; then
+            echo "PR #\$EXISTING_PR already exists for \$SOURCE_BRANCH -> \$TARGET_BRANCH"
+          else
+            gh pr create \\
+              --title "Deploy: \$SOURCE_BRANCH -> \$TARGET_BRANCH" \\
+              --body "Automated deployment PR from \$SOURCE_BRANCH to \$TARGET_BRANCH.
+
+              **Commit:** \${{ steps.sha.outputs.sha }}
+              **Image:** \${{ env.REGISTRY }}/\${{ env.PROJECT_NAME }}-app:\${{ steps.sha.outputs.sha }}
+
+              Merge this PR to trigger deployment." \\
+              --base "\$TARGET_BRANCH" \\
+              --head "\$SOURCE_BRANCH" || echo "PR creation skipped (may already exist or no changes)"
+          fi
+`;
+}

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@panoptic-it-solutions/coolify-setup",
+  "version": "1.0.0",
+  "description": "CLI tool for setting up Coolify deployment on Panoptic projects",
+  "type": "module",
+  "main": "dist/index.js",
+  "bin": {
+    "coolify-setup": "dist/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx src/index.ts",
+    "start": "node dist/index.js",
+    "prepublishOnly": "npm run build"
+  },
+  "keywords": [
+    "coolify",
+    "docker",
+    "deployment",
+    "panoptic",
+    "cli"
+  ],
+  "author": "Panoptic IT Solutions",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Panoptic-IT-Solutions/coolify-setup.git"
+  },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "ora": "^8.0.0",
+    "prompts": "^2.4.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "@types/prompts": "^2.4.9",
+    "tsx": "^4.19.0",
+    "typescript": "^5.6.0"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}