Fix port conflict, healthcheck, and mirror routing

docker-compose.yml:
- Add top-level name: soroushasadi so Compose uses a stable project name
  regardless of which temp directory the runner checks out into. Without
  this, each run gets a different project name and the old container is not
  recognised as an orphan — it stays bound to port 3000 and the new
  container fails to start.
- Fix healthcheck: wget is not in node:20-slim; use Node 20's built-in
  fetch instead.
- Set NODE_IMAGE default to the Nexus docker-group mirror.

Workflows:
- Add GIT_SSL_NO_VERIFY=true to checkout steps (self-signed cert on
  git.soroushasadi.com).
- Pass NODE_IMAGE to build step in deploy.
- Add git remote remove guard to CI checkout (prevents failure on
  second run in the same workspace).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.gitea/workflows/ci.yml

@@ -19,8 +19,10 @@ jobs:
         env:
           TOKEN: ${{ github.token }}
           REF: ${{ github.ref }}
+          GIT_SSL_NO_VERIFY: "true"
         run: |
           git init
+          git remote remove origin 2>/dev/null || true
           git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
           git config http.extraheader "Authorization: Bearer ${TOKEN}"
           git fetch --depth=1 origin "${REF}"
@@ -28,8 +30,10 @@ jobs:
 
       - name: Docker Build Test
         env:
+          NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           docker build \
+            --build-arg NODE_IMAGE="$NODE_IMAGE" \
             --build-arg NPM_TOKEN="$NPM_TOKEN" \
             -t soroushasadi-site:test .

.gitea/workflows/deploy.yml

@@ -19,6 +19,7 @@ jobs:
         env:
           TOKEN: ${{ github.token }}
           REF: ${{ github.ref }}
+          GIT_SSL_NO_VERIFY: "true"
         run: |
           git init
           git remote remove origin 2>/dev/null || true
@@ -39,6 +40,8 @@ jobs:
           EOF
 
       - name: Build Container
+        env:
+          NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
         run: |
           docker compose build
 

docker-compose.yml

@@ -1,13 +1,12 @@
+name: soroushasadi
+
 services:
   web:
     build:
       context: .
       dockerfile: Dockerfile
       args:
-        # Pull the base image through the Nexus docker-group proxy. Override per
-        # environment, e.g. NODE_IMAGE=node:20-slim docker compose build.
-        NODE_IMAGE: node:20-slim
-        # Optional Nexus npm-group token, consumed only by the deps stage.
+        NODE_IMAGE: ${NODE_IMAGE:-mirror.soroushasadi.com/repository/docker-group/node:20-slim}
         NPM_TOKEN: ${NPM_TOKEN:-}
     image: soroushasadi-site:latest
     container_name: soroushasadi-site
@@ -17,21 +16,20 @@ services:
     environment:
       NODE_ENV: production
       DATA_DIR: /data
-      # Set these in a sibling .env file (NOT committed) or your host env.
       ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD}
       ADMIN_SESSION_SECRET: ${ADMIN_SESSION_SECRET:?set ADMIN_SESSION_SECRET}
       RESEND_API_KEY: ${RESEND_API_KEY:-}
       CONTACT_INBOX: ${CONTACT_INBOX:-}
       CONTACT_FROM: ${CONTACT_FROM:-}
     volumes:
-      # SQLite content DB + uploaded media persist across rebuilds.
       - cms-data:/data
     healthcheck:
-      test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000"]
+      test: ["CMD", "node", "-e",
+        "fetch('http://127.0.0.1:3000/').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
       interval: 30s
-      timeout: 5s
+      timeout: 10s
       retries: 3
-      start_period: 20s
+      start_period: 30s
 
 volumes:
   cms-data: