fixup! feat(DEV-10495): add image build task

.github/workflows/pull-preview-deploy.yml

@@ -68,6 +68,7 @@ jobs:
       - name: Update docker-compose.pull-preview.yml
         run: |
           sed -i "s|\${PREVIEW_SDK_DEMO_WITH_NEXTJS_AND_CLERK_AUTH_IMAGE}|${{ env.preview_sdk_demo_with_nextjs_and_clerk_auth_image }}|g" docker-compose.pull-preview.yml
+          sed -i "s|\${CLERK_SECRET_KEY}|${{ secrets.PULL_PREVIEW_CLERK_SECRET_KEY_DEV }}|g" docker-compose.pull-preview.yml
 
       - uses: pullpreview/action@v5
         # see https://github.com/pullpreview/action/wiki/Inputs

Caddyfile.pull-preview

@@ -0,0 +1,25 @@
+{
+    auto_https disable_redirects
+}
+
+{$CLERK_APP_DOMAIN} {
+    reverse_proxy web:3000
+
+    handle_path /__clerk/* {
+        uri strip_prefix /__clerk
+        reverse_proxy https://frontend-api.clerk.dev {
+            header_up Clerk-Proxy-Url https://{$CLERK_APP_DOMAIN}/__clerk
+            header_up Clerk-Secret-Key {$CLERK_SECRET_KEY}
+            header_up X-Forwarded-For {remote_host}
+        }
+    }
+
+    log {
+        output file /var/log/caddy/access.log
+        format console
+    }
+
+    tls {
+        on_demand
+    }
+}

docker-compose.pull-preview.yml

@@ -2,18 +2,21 @@ services:
   proxy:
     image: caddy:2
     restart: unless-stopped
-    command: "caddy reverse-proxy --from '${PULLPREVIEW_URL}' --to web:3000"
+    command: caddy run --config /etc/caddy/Caddyfile.pull-preview --adapter caddyfile
     depends_on:
       - web
     ports:
       - "80:80"
       - "443:443"
+    environment:
+      CLERK_SECRET_KEY: "${CLERK_SECRET_KEY}"
+      CLERK_APP_DOMAIN: "${PULLPREVIEW_PUBLIC_DNS}"
     volumes:
-      - "/data"
+      - "./Caddyfile.pull-preview:/etc/caddy/Caddyfile.pull-preview:ro"
 
   web:
     restart: unless-stopped
     image: "${PREVIEW_SDK_DEMO_WITH_NEXTJS_AND_CLERK_AUTH_IMAGE}"
     environment:
       MONITE_API_URL: "https://api.dev.monite.com/v1"
-      CLERK_SATELLITE_APP_DOMAIN: "${PULLPREVIEW_PUBLIC_DNS}"
+      CLERK_PROXY_URL: "https://${PULLPREVIEW_PUBLIC_DNS}/__clerk"

examples/with-nextjs-and-clerk-auth/src/app/layout.tsx

@@ -36,7 +36,7 @@ export default async function RootLayout({
     <ClerkProvider
       publishableKey={process.env.CLERK_PUBLISHABLE_KEY}
       signInUrl={process.env.APP_SIGN_IN_URL}
-      domain={process.env.CLERK_SATELLITE_APP_DOMAIN}
+      proxyUrl={process.env.CLERK_PROXY_URL}
     >
       <MultisessionAppSupport>
         <html lang="en">

examples/with-nextjs-and-clerk-auth/src/middleware.ts

@@ -6,18 +6,30 @@ import { authMiddleware as createAuthMiddleware } from '@clerk/nextjs';
 // Please edit this to allow other routes to be public as needed.
 // See https://clerk.com/docs/references/nextjs/auth-middleware for more information about configuring your middleware
 
-const authMiddlewareDomainOptions = process.env.CLERK_SATELLITE_APP_DOMAIN
-  ? {
-      domain: process.env.CLERK_SATELLITE_APP_DOMAIN,
-    }
-  : undefined;
-
-const authMiddleware = createAuthMiddleware({
+if (
+  process.env.NEXT_PUBLIC_CLERK_IS_SATELLITE &&
+  !process.env.CLERK_PROXY_URL
+) {
+  throw new Error('Clerk Proxy URL must be set when using Clerk Satellite');
+}
+
+const authMiddlewareBaseOptions = {
   publicRoutes: ['/api/in/clerk', '/api/healthcheck', '/public'],
   publishableKey: process.env.CLERK_PUBLISHABLE_KEY,
-  signInUrl: process.env.APP_SIGN_IN_URL, // main domain SignIn URL, not satellite
-  ...authMiddlewareDomainOptions,
-} as never);
+};
+
+const authMiddleware = createAuthMiddleware(
+  // See Clerk's Satellite Domain documentation for more information
+  // https://clerk.com/docs/advanced-usage/satellite-domains
+  process.env.NEXT_PUBLIC_CLERK_IS_SATELLITE && process.env.CLERK_PROXY_URL
+    ? {
+        ...authMiddlewareBaseOptions,
+        isSatellite: true,
+        proxyUrl: process.env.CLERK_PROXY_URL,
+        signInUrl: process.env.APP_SIGN_IN_URL, // main domain SignIn URL, not satellite
+      }
+    : authMiddlewareBaseOptions
+);
 
 const authMiddlewareNo401Response: NextMiddleware = async (request, event) => {
   const response = await authMiddleware(request, event);