Fix Next.js standalone Dockerfile cache permissions

[davidfowl]

Description

Update the generated Dockerfile for Next.js standalone publish so the runtime image follows the ownership pattern from the official Next.js sample and allows the non-root node user to write to .next at runtime.

• copy public, .next/standalone, and .next/static with --chown=node:node
• create .next in the runtime image and assign it to node:node before switching to USER node
• update the Next.js standalone Dockerfile snapshots for both npm and pnpm cases

Validation:

• dotnet test tests/Aspire.Hosting.JavaScript.Tests/Aspire.Hosting.JavaScript.Tests.csproj -- --filter-not-trait "quarantined=true" --filter-not-trait "outerloop=true"
• LocalHive-based manual aspire deploy of a TypeScript AppHost with a real Next.js app, including:
  • a real /api/hello route
  • a real next/image optimization request returning X-Nextjs-Cache: MISS then X-Nextjs-Cache: HIT
  • verification that the running node user can write files under /app/.next/cache
  • clean Next.js container logs after startup

Fixes #16277

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Link to aspire.dev issue:
      • New issue
  • No

[github-actions]

🚀 Dogfood this PR with:

⚠️ WARNING: Do not do this without first carefully reviewing the code of this PR to satisfy yourself it is safe.

curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16290

Or

• Run remotely in PowerShell:

iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16290"

[Copilot]

Pull request overview

Updates Aspire’s generated Dockerfile for Next.js “standalone” publishes so the runtime image follows the official Next.js ownership pattern and allows the non-root node user to write to .next (notably .next/cache) at runtime.

Changes:

• Generate COPY --chown=node:node for public, .next/standalone, and .next/static in the Next.js standalone runtime stage.
• Ensure .next exists and is owned by node:node before switching to USER node.
• Update Verify snapshots for both npm and pnpm Next.js standalone Dockerfile cases.

Show a summary per file

File	Description
src/Aspire.Hosting.JavaScript/JavaScriptHostingExtensions.cs	Adjusts Next.js standalone runtime-stage Dockerfile generation to set correct ownership and create/chown .next before USER node.
tests/Aspire.Hosting.JavaScript.Tests/Snapshots/AddViteAppTests.VerifyDockerfileWhenPublishedAsNextStandalone.verified.txt	Updates expected generated Dockerfile snapshot for Next.js standalone (npm).
tests/Aspire.Hosting.JavaScript.Tests/Snapshots/AddViteAppTests.VerifyDockerfileWhenNextJsAppUsesPnpm.verified.txt	Updates expected generated Dockerfile snapshot for Next.js standalone (pnpm).

Copilot's findings

• Files reviewed: 3/3 changed files
• Comments generated: 1

[Copilot]

The runtime stage uses two separate RUN instructions (mkdir then chown), which adds an extra layer to the generated image. Consider combining these into a single RUN to keep the generated Dockerfile leaner and improve build/cache performance.

Suggested change

	.Run("mkdir .next")
	.Run("chown node:node .next")
	.Run("mkdir .next && chown node:node .next")

[davidfowl]

Agree BUT I rather keep it matching the recommended dockerfile for standalone mode as much as possible.

[JamesNK]

LGTM — the generated Dockerfile now correctly follows the official Next.js Docker example for file ownership, ensuring the non-root node user can write to .next/cache at runtime. Snapshots are consistent with the code change.

One minor note already raised in the existing review thread: the two separate RUN mkdir .next / RUN chown node:node .next could be combined into a single RUN mkdir .next && chown node:node .next to save a Docker layer.

[github-actions]

🎬 CLI E2E Test Recordings — 72 recordings uploaded (commit dcd05ac)

View recordings

Test	Recording
AddPackageInteractiveWhileAppHostRunningDetached	▶️ View Recording
AddPackageWhileAppHostRunningDetached	▶️ View Recording
AgentCommands_AllHelpOutputs_AreCorrect	▶️ View Recording
AgentInitCommand_DefaultSelection_InstallsSkillOnly	▶️ View Recording
AgentInitCommand_MigratesDeprecatedConfig	▶️ View Recording
AspireAddPackageVersionToDirectoryPackagesProps	▶️ View Recording
AspireUpdateRemovesAppHostPackageVersionFromDirectoryPackagesProps	▶️ View Recording
Banner_DisplayedOnFirstRun	▶️ View Recording
Banner_DisplayedWithExplicitFlag	▶️ View Recording
Banner_NotDisplayedWithNoLogoFlag	▶️ View Recording
CertificatesClean_RemovesCertificates	▶️ View Recording
CertificatesTrust_WithNoCert_CreatesAndTrustsCertificate	▶️ View Recording
CertificatesTrust_WithUntrustedCert_TrustsCertificate	▶️ View Recording
ConfigSetGet_CreatesNestedJsonFormat	▶️ View Recording
CreateAndRunAspireStarterProject	▶️ View Recording
CreateAndRunAspireStarterProjectWithBundle	▶️ View Recording
CreateAndRunEmptyAppHostProject	▶️ View Recording
CreateAndRunJavaEmptyAppHostProject	▶️ View Recording
CreateAndRunJsReactProject	▶️ View Recording
CreateAndRunPythonReactProject	▶️ View Recording
CreateAndRunTypeScriptEmptyAppHostProject	▶️ View Recording
CreateAndRunTypeScriptStarterProject	▶️ View Recording
CreateJavaAppHostWithViteApp	▶️ View Recording
CreateTypeScriptAppHostWithViteApp	▶️ View Recording
DashboardRunWithOtelTracesReturnsNoTraces	▶️ View Recording
DeployK8sBasicApiService	▶️ View Recording
DeployK8sWithGarnet	▶️ View Recording
DeployK8sWithMongoDB	▶️ View Recording
DeployK8sWithMySql	▶️ View Recording
DeployK8sWithPostgres	▶️ View Recording
DeployK8sWithRabbitMQ	▶️ View Recording
DeployK8sWithRedis	▶️ View Recording
DeployK8sWithSqlServer	▶️ View Recording
DeployK8sWithValkey	▶️ View Recording
DeployTypeScriptAppToKubernetes	▶️ View Recording
DescribeCommandResolvesReplicaNames	▶️ View Recording
DescribeCommandShowsRunningResources	▶️ View Recording
DetachFormatJsonProducesValidJson	▶️ View Recording
DetachFormatJsonProducesValidJsonWhenRestartingExistingInstance	▶️ View Recording
DoListStepsShowsPipelineSteps	▶️ View Recording
DoctorCommand_DetectsDeprecatedAgentConfig	▶️ View Recording
DoctorCommand_WithSslCertDir_ShowsTrusted	▶️ View Recording
DoctorCommand_WithoutSslCertDir_ShowsPartiallyTrusted	▶️ View Recording
GlobalMigration_HandlesCommentsAndTrailingCommas	▶️ View Recording
GlobalMigration_HandlesMalformedLegacyJson	▶️ View Recording
GlobalMigration_PreservesAllValueTypes	▶️ View Recording
GlobalMigration_SkipsWhenNewConfigExists	▶️ View Recording
GlobalSettings_MigratedFromLegacyFormat	▶️ View Recording
InitTypeScriptAppHost_AugmentsExistingViteRepoAtRoot	▶️ View Recording
InvalidAppHostPathWithComments_IsHealedOnRun	▶️ View Recording
LegacySettingsMigration_AdjustsRelativeAppHostPath	▶️ View Recording
LogsCommandShowsResourceLogs	▶️ View Recording
OtelLogsReturnsStructuredLogsFromStarterApp	▶️ View Recording
PsCommandListsRunningAppHost	▶️ View Recording
PsFormatJsonOutputsOnlyJsonToStdout	▶️ View Recording
PublishWithConfigureEnvFileUpdatesEnvOutput	▶️ View Recording
PublishWithDockerComposeServiceCallbackSucceeds	▶️ View Recording
PublishWithoutOutputPathUsesAppHostDirectoryDefault	▶️ View Recording
RestoreGeneratesSdkFiles	▶️ View Recording
RestoreRefreshesGeneratedSdkAfterAddingIntegration	▶️ View Recording
RestoreSupportsConfigOnlyHelperPackageAndCrossPackageTypes	▶️ View Recording
RunFromParentDirectory_UsesExistingConfigNearAppHost	▶️ View Recording
SecretCrudOnDotNetAppHost	▶️ View Recording
SecretCrudOnTypeScriptAppHost	▶️ View Recording
StagingChannel_ConfigureAndVerifySettings_ThenSwitchChannels	▶️ View Recording
StartAndWaitForTypeScriptSqlServerAppHostWithNativeAssets	▶️ View Recording
StopAllAppHostsFromAppHostDirectory	▶️ View Recording
StopAllAppHostsFromUnrelatedDirectory	▶️ View Recording
StopNonInteractiveMultipleAppHostsShowsError	▶️ View Recording
StopNonInteractiveSingleAppHost	▶️ View Recording
StopWithNoRunningAppHostExitsSuccessfully	▶️ View Recording
UnAwaitedChainsCompileWithAutoResolvePromises	▶️ View Recording

---

_{📹 Recordings uploaded automatically from CI run #24595139815}