feat(manadeck): add Docker deployment for backend and web

Create web Dockerfile and add both manadeck-backend (port 3009) and
manadeck-web (port 5023) to docker-compose.macmini.yml. Add Cloudflare
tunnel routes for manadeck.mana.how and manadeck-api.mana.how.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

apps/manadeck/apps/web/Dockerfile

@@ -0,0 +1,97 @@
+# syntax=docker/dockerfile:1
+# Build stage
+FROM node:20-alpine AS builder
+
+# Build arguments for SvelteKit static env vars
+ARG PUBLIC_BACKEND_URL=http://manadeck-backend:3009
+ARG PUBLIC_MANA_CORE_AUTH_URL=http://mana-core-auth:3001
+
+# Set as environment variables for build
+ENV PUBLIC_BACKEND_URL=$PUBLIC_BACKEND_URL
+ENV PUBLIC_MANA_CORE_AUTH_URL=$PUBLIC_MANA_CORE_AUTH_URL
+
+# Install pnpm
+RUN corepack enable && corepack prepare pnpm@9.15.0 --activate
+
+WORKDIR /app
+
+# Copy root workspace files
+COPY pnpm-workspace.yaml ./
+COPY package.json ./
+COPY pnpm-lock.yaml ./
+
+# --- AUTO-GENERATED COPY STATEMENTS (do not edit manually) ---
+COPY patches/ ./patches/
+COPY packages/shared-app-onboarding ./packages/shared-app-onboarding
+COPY packages/shared-auth ./packages/shared-auth
+COPY packages/shared-auth-ui ./packages/shared-auth-ui
+COPY packages/shared-branding ./packages/shared-branding
+COPY packages/shared-config ./packages/shared-config
+COPY packages/shared-error-tracking ./packages/shared-error-tracking
+COPY packages/shared-feedback-service ./packages/shared-feedback-service
+COPY packages/shared-feedback-ui ./packages/shared-feedback-ui
+COPY packages/shared-help-content ./packages/shared-help-content
+COPY packages/shared-help-types ./packages/shared-help-types
+COPY packages/shared-help-ui ./packages/shared-help-ui
+COPY packages/shared-i18n ./packages/shared-i18n
+COPY packages/shared-icons ./packages/shared-icons
+COPY packages/shared-profile-ui ./packages/shared-profile-ui
+COPY packages/shared-pwa ./packages/shared-pwa
+COPY packages/shared-stores ./packages/shared-stores
+COPY packages/shared-subscription-types ./packages/shared-subscription-types
+COPY packages/shared-subscription-ui ./packages/shared-subscription-ui
+COPY packages/shared-tailwind ./packages/shared-tailwind
+COPY packages/shared-theme ./packages/shared-theme
+COPY packages/shared-theme-ui ./packages/shared-theme-ui
+COPY packages/shared-types ./packages/shared-types
+COPY packages/shared-ui ./packages/shared-ui
+COPY packages/shared-utils ./packages/shared-utils
+COPY packages/shared-vite-config ./packages/shared-vite-config
+# --- END AUTO-GENERATED ---
+
+# Copy manadeck web
+COPY apps/manadeck/apps/web ./apps/manadeck/apps/web
+
+# Install dependencies
+RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store pnpm install --frozen-lockfile
+
+# Build shared packages that need building
+WORKDIR /app/packages/shared-vite-config
+RUN pnpm build
+
+WORKDIR /app/packages/shared-auth
+RUN pnpm build || true
+
+WORKDIR /app/packages/shared-error-tracking
+RUN pnpm build
+
+WORKDIR /app/packages/shared-pwa
+RUN pnpm build
+
+# Build the web app
+WORKDIR /app/apps/manadeck/apps/web
+RUN pnpm exec svelte-kit sync
+RUN pnpm build
+
+# Production stage
+FROM node:20-alpine AS production
+
+# Keep same directory structure as builder so pnpm symlinks resolve correctly
+WORKDIR /app/apps/manadeck/apps/web
+
+# Copy the pnpm store that symlinks point to (at /app/node_modules/.pnpm)
+COPY --from=builder /app/node_modules/.pnpm /app/node_modules/.pnpm
+
+# Copy the app's node_modules (contains symlinks to the pnpm store)
+COPY --from=builder /app/apps/manadeck/apps/web/node_modules ./node_modules
+
+# Copy built application
+COPY --from=builder /app/apps/manadeck/apps/web/build ./build
+COPY --from=builder /app/apps/manadeck/apps/web/package.json ./
+
+# Set environment variables
+ENV NODE_ENV=production
+ENV HOST=0.0.0.0
+
+# Run the app
+CMD ["node", "build"]

cloudflared-config.yml

@@ -64,6 +64,12 @@ ingress:
   - hostname: planta-api.mana.how
     service: http://localhost:3022
 
+  # ManaDeck App
+  - hostname: manadeck.mana.how
+    service: http://localhost:5023
+  - hostname: manadeck-api.mana.how
+    service: http://localhost:3009
+
   # Storage App
   - hostname: storage.mana.how
     service: http://localhost:5015
@@ -145,8 +151,6 @@ ingress:
     service: http://localhost:4400
   - hostname: clocks.mana.how
     service: http://localhost:4400
-  - hostname: manadeck.mana.how
-    service: http://localhost:4400
   - hostname: nutriphi.mana.how
     service: http://localhost:4400
   - hostname: citycorners.mana.how

docker-compose.macmini.yml

@@ -619,6 +619,37 @@ services:
       retries: 3
       start_period: 55s
 
+  manadeck-backend:
+    build:
+      context: .
+      dockerfile: apps/manadeck/apps/backend/Dockerfile
+    image: manadeck-backend:local
+    container_name: mana-app-manadeck-backend
+    restart: always
+    depends_on:
+      mana-auth:
+        condition: service_healthy
+    environment:
+      NODE_ENV: production
+      PORT: 3009
+      DATABASE_URL: postgresql://postgres:${POSTGRES_PASSWORD:-mana123}@postgres:5432/manadeck
+      MANA_CORE_AUTH_URL: http://mana-auth:3001
+      CORS_ORIGINS: https://manadeck.mana.how,https://mana.how
+      S3_ENDPOINT: http://minio:9000
+      S3_REGION: us-east-1
+      S3_ACCESS_KEY: ${MINIO_ROOT_USER:-minioadmin}
+      S3_SECRET_KEY: ${MINIO_ROOT_PASSWORD:-minioadmin}
+      S3_BUCKET: manadeck-storage
+      GLITCHTIP_DSN: ""
+    ports:
+      - "3009:3009"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:3009/api/health"]
+      interval: 120s
+      timeout: 10s
+      retries: 3
+      start_period: 55s
+
   nutriphi-backend:
     build:
       context: .
@@ -1624,6 +1655,32 @@ services:
       retries: 3
       start_period: 45s
 
+  manadeck-web:
+    build:
+      context: .
+      dockerfile: apps/manadeck/apps/web/Dockerfile
+    image: manadeck-web:local
+    container_name: mana-app-manadeck-web
+    restart: always
+    depends_on:
+      manadeck-backend:
+        condition: service_healthy
+    environment:
+      NODE_ENV: production
+      PORT: 5023
+      PUBLIC_BACKEND_URL: http://manadeck-backend:3009
+      PUBLIC_MANA_CORE_AUTH_URL: http://mana-auth:3001
+      PUBLIC_BACKEND_URL_CLIENT: https://manadeck-api.mana.how
+      PUBLIC_MANA_CORE_AUTH_URL_CLIENT: https://auth.mana.how
+    ports:
+      - "5023:5023"
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:5023/health"]
+      interval: 180s
+      timeout: 10s
+      retries: 3
+      start_period: 45s
+
   nutriphi-web:
     image: ghcr.io/memo-2023/nutriphi-web:latest
     container_name: mana-app-nutriphi-web