CI debug

www/app/lib/apiClient.tsx

@@ -10,8 +10,11 @@ import {
 } from "@tanstack/react-query";
 import createFetchClient from "openapi-react-query";
 import { assertExistsAndNonEmptyString } from "./utils";
+import { isBuildPhase } from "./next";
 
-const API_URL = assertExistsAndNonEmptyString(process.env.NEXT_PUBLIC_API_URL);
+const API_URL = !isBuildPhase
+  ? assertExistsAndNonEmptyString(process.env.NEXT_PUBLIC_API_URL)
+  : "http://localhost";
 
 // Create the base openapi-fetch client with a default URL
 // The actual URL will be set via middleware in AuthProvider

www/app/lib/authBackend.ts

@@ -2,11 +2,7 @@ import { AuthOptions } from "next-auth";
 import AuthentikProvider from "next-auth/providers/authentik";
 import type { JWT } from "next-auth/jwt";
 import { JWTWithAccessToken, CustomSession } from "./types";
-import {
-  assertExists,
-  assertExistsAndNonEmptyString,
-  parseMaybeNonEmptyString,
-} from "./utils";
+import { assertExists, assertExistsAndNonEmptyString } from "./utils";
 import {
   REFRESH_ACCESS_TOKEN_BEFORE,
   REFRESH_ACCESS_TOKEN_ERROR,
@@ -17,18 +13,19 @@ import {
   deleteTokenCache,
 } from "./redisTokenCache";
 import { tokenCacheRedis } from "./redisClient";
+import { isBuildPhase } from "./next";
 
 // REFRESH_ACCESS_TOKEN_BEFORE because refresh is based on access token expiration (imagine we cache it 30 days)
 const TOKEN_CACHE_TTL = REFRESH_ACCESS_TOKEN_BEFORE;
 
 const refreshLocks = new Map<string, Promise<JWTWithAccessToken>>();
 
-const CLIENT_ID = assertExistsAndNonEmptyString(
-  process.env.AUTHENTIK_CLIENT_ID,
-);
-const CLIENT_SECRET = assertExistsAndNonEmptyString(
-  process.env.AUTHENTIK_CLIENT_SECRET,
-);
+const CLIENT_ID = !isBuildPhase
+  ? assertExistsAndNonEmptyString(process.env.AUTHENTIK_CLIENT_ID)
+  : "noop";
+const CLIENT_SECRET = !isBuildPhase
+  ? assertExistsAndNonEmptyString(process.env.AUTHENTIK_CLIENT_SECRET)
+  : "noop";
 
 export const authOptions: AuthOptions = {
   providers: [