soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: Gitea CI/CD pipeline + server deploy (Nexus mirror, Caddy HTTPS)
CI/CD / CI · Web (tsc) (push) Successful in 1m8s
Details
CI/CD / Deploy · full stack (push) Failing after 1m41s
Details

Browse Source 
- .gitea/workflows/ci-cd.yml: frontend tsc check → self-hosted deploy job that
  builds the full compose stack and brings it up behind Caddy. Locks
  COMPOSE_PROJECT_NAME=flatrender (stable volumes), backs up the DB before each
  deploy, health-waits gateway+frontend, no `down -v`.
- Route all package installs through mirror.soroushasadi.com:
  frontend Dockerfile npm registry → NPM_REGISTRY build arg (Nexus default);
  3× NuGet.Config (content/identity/studio) → HTTPS nuget-group (were a bare IP).
- Harden host ports: ${HOST_BIND:-0.0.0.0} prefix on postgres/minio/render/gateway/
  frontend so prod (HOST_BIND=127.0.0.1) keeps them off the public internet — only
  Caddy 80/443 is public. Dev (unset → 0.0.0.0) unchanged.
- render-svc MINIO_USE_SSL now env-driven (MINIO_HOST_USE_SSL) for HTTPS storage domain.
- deploy/ENV_FILE.production.example (the Gitea secret template) + deploy/README.md
  (one-time setup + go-live checklist).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-12 13:29:09 +03:30
parent 61ba526122
commit 127f40e1c1
8 changed files with 262 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+6 -5
View File
@@ -4,12 +4,13 @@ RUN apk add --no-cache libc6-compat
WORKDIR /app
COPY package.json package-lock.json* ./
# The Nexus npm proxy intermittently returns 500s / corrupted tarballs while it
# back-fills its cache from upstream. Retry the whole install a few times — each
# pass re-requests only what's still missing, so successive runs converge once
# Nexus has cached every package. Bump npm's own retry budget too.
# npm installs through the self-hosted Nexus mirror (override with --build-arg
# NPM_REGISTRY=... for a different mirror). The proxy intermittently returns 500s
# / corrupted tarballs while it back-fills from upstream, so retry the whole
# install a few times — each pass re-requests only what's still missing.
ARG NPM_REGISTRY=https://mirror.soroushasadi.com/repository/npm-group/
RUN for i in 1 2 3 4 5; do \
npm ci --registry http://171.22.25.73:8081/repository/npm-group/ \
npm ci --registry "${NPM_REGISTRY}" \
--fetch-retries=5 --fetch-retry-factor=2 \
--fetch-retry-mintimeout=20000 --fetch-retry-maxtimeout=120000 && exit 0; \
echo "npm ci attempt $i failed; retrying in 10s..."; sleep 10; \