@@ -19,8 +19,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
TOKEN: ${{ github.token }}
|
TOKEN: ${{ github.token }}
|
||||||
REF: ${{ github.ref }}
|
REF: ${{ github.ref }}
|
||||||
|
GIT_SSL_NO_VERIFY: "true"
|
||||||
run: |
|
run: |
|
||||||
git init
|
git init
|
||||||
|
git remote remove origin 2>/dev/null || true
|
||||||
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
git remote add origin "${{ github.server_url }}/${{ github.repository }}.git"
|
||||||
git config http.extraheader "Authorization: Bearer ${TOKEN}"
|
git config http.extraheader "Authorization: Bearer ${TOKEN}"
|
||||||
git fetch --depth=1 origin "${REF}"
|
git fetch --depth=1 origin "${REF}"
|
||||||
@@ -28,8 +30,10 @@ jobs:
|
|||||||
|
|
||||||
- name: Docker Build Test
|
- name: Docker Build Test
|
||||||
env:
|
env:
|
||||||
|
NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
|
||||||
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
docker build \
|
docker build \
|
||||||
|
--build-arg NODE_IMAGE="$NODE_IMAGE" \
|
||||||
--build-arg NPM_TOKEN="$NPM_TOKEN" \
|
--build-arg NPM_TOKEN="$NPM_TOKEN" \
|
||||||
-t soroushasadi-site:test .
|
-t soroushasadi-site:test .
|
||||||
@@ -19,6 +19,7 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
TOKEN: ${{ github.token }}
|
TOKEN: ${{ github.token }}
|
||||||
REF: ${{ github.ref }}
|
REF: ${{ github.ref }}
|
||||||
|
GIT_SSL_NO_VERIFY: "true"
|
||||||
run: |
|
run: |
|
||||||
git init
|
git init
|
||||||
git remote remove origin 2>/dev/null || true
|
git remote remove origin 2>/dev/null || true
|
||||||
@@ -39,6 +40,8 @@ jobs:
|
|||||||
EOF
|
EOF
|
||||||
|
|
||||||
- name: Build Container
|
- name: Build Container
|
||||||
|
env:
|
||||||
|
NODE_IMAGE: mirror.soroushasadi.com/repository/docker-group/node:20-slim
|
||||||
run: |
|
run: |
|
||||||
docker compose build
|
docker compose build
|
||||||
|
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
# the registry.npmjs.org hosts found in package-lock.json to this mirror at
|
# the registry.npmjs.org hosts found in package-lock.json to this mirror at
|
||||||
# install time (default replace-registry-host=npmjs), so the committed lockfile
|
# install time (default replace-registry-host=npmjs), so the committed lockfile
|
||||||
# is reused as-is — no regeneration needed.
|
# is reused as-is — no regeneration needed.
|
||||||
registry=https://mirror.soroushasadi.com/repository/npm-group/
|
registry=http://mirror.soroushasadi.com/repository/npm-group/
|
||||||
|
|
||||||
# Auth is never committed. CI and the Docker build append an `_authToken` line
|
# Auth is never committed. CI and the Docker build append an `_authToken` line
|
||||||
# from the NPM_TOKEN secret at install time; for local installs put the token in
|
# from the NPM_TOKEN secret at install time; for local installs put the token in
|
||||||
|
|||||||
+4
-4
@@ -4,7 +4,7 @@
|
|||||||
# as mirror.soroushasadi.com/repository/docker-group/<image>.
|
# as mirror.soroushasadi.com/repository/docker-group/<image>.
|
||||||
# Build directly against Docker Hub instead with:
|
# Build directly against Docker Hub instead with:
|
||||||
# --build-arg NODE_IMAGE=node:20-slim
|
# --build-arg NODE_IMAGE=node:20-slim
|
||||||
ARG NODE_IMAGE=node:20-slim
|
ARG NODE_IMAGE=mirror.soroushasadi.com/repository/docker-group/node:20-slim
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
# 1. Dependencies — installs node_modules and compiles the better-sqlite3
|
# 1. Dependencies — installs node_modules and compiles the better-sqlite3
|
||||||
# native addon (needs python3 + a C++ toolchain).
|
# native addon (needs python3 + a C++ toolchain).
|
||||||
@@ -15,9 +15,9 @@ RUN apt-get update \
|
|||||||
&& apt-get install -y --no-install-recommends python3 make g++ ca-certificates \
|
&& apt-get install -y --no-install-recommends python3 make g++ ca-certificates \
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
&& rm -rf /var/lib/apt/lists/*
|
||||||
# .npmrc points npm at the Nexus npm-group; NPM_TOKEN (optional) authenticates.
|
# .npmrc points npm at the Nexus npm-group; NPM_TOKEN (optional) authenticates.
|
||||||
# The token is written only into this build stage and never reaches the runner
|
# The token is appended at build time only — never reaches the runner image.
|
||||||
# image, which copies node_modules — not .npmrc.
|
ARG NPM_TOKEN=""
|
||||||
COPY package.json package-lock.json ./
|
COPY package.json package-lock.json .npmrc ./
|
||||||
RUN if [ -n "$NPM_TOKEN" ]; then \
|
RUN if [ -n "$NPM_TOKEN" ]; then \
|
||||||
echo "//mirror.soroushasadi.com/repository/npm-group/:_authToken=${NPM_TOKEN}" >> .npmrc ; \
|
echo "//mirror.soroushasadi.com/repository/npm-group/:_authToken=${NPM_TOKEN}" >> .npmrc ; \
|
||||||
fi \
|
fi \
|
||||||
|
|||||||
+7
-9
@@ -1,13 +1,12 @@
|
|||||||
|
name: soroushasadi
|
||||||
|
|
||||||
services:
|
services:
|
||||||
web:
|
web:
|
||||||
build:
|
build:
|
||||||
context: .
|
context: .
|
||||||
dockerfile: Dockerfile
|
dockerfile: Dockerfile
|
||||||
args:
|
args:
|
||||||
# Pull the base image through the Nexus docker-group proxy. Override per
|
NODE_IMAGE: ${NODE_IMAGE:-mirror.soroushasadi.com/repository/docker-group/node:20-slim}
|
||||||
# environment, e.g. NODE_IMAGE=node:20-slim docker compose build.
|
|
||||||
NODE_IMAGE: node:20-slim
|
|
||||||
# Optional Nexus npm-group token, consumed only by the deps stage.
|
|
||||||
NPM_TOKEN: ${NPM_TOKEN:-}
|
NPM_TOKEN: ${NPM_TOKEN:-}
|
||||||
image: soroushasadi-site:latest
|
image: soroushasadi-site:latest
|
||||||
container_name: soroushasadi-site
|
container_name: soroushasadi-site
|
||||||
@@ -17,21 +16,20 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
NODE_ENV: production
|
NODE_ENV: production
|
||||||
DATA_DIR: /data
|
DATA_DIR: /data
|
||||||
# Set these in a sibling .env file (NOT committed) or your host env.
|
|
||||||
ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD}
|
ADMIN_PASSWORD: ${ADMIN_PASSWORD:?set ADMIN_PASSWORD}
|
||||||
ADMIN_SESSION_SECRET: ${ADMIN_SESSION_SECRET:?set ADMIN_SESSION_SECRET}
|
ADMIN_SESSION_SECRET: ${ADMIN_SESSION_SECRET:?set ADMIN_SESSION_SECRET}
|
||||||
RESEND_API_KEY: ${RESEND_API_KEY:-}
|
RESEND_API_KEY: ${RESEND_API_KEY:-}
|
||||||
CONTACT_INBOX: ${CONTACT_INBOX:-}
|
CONTACT_INBOX: ${CONTACT_INBOX:-}
|
||||||
CONTACT_FROM: ${CONTACT_FROM:-}
|
CONTACT_FROM: ${CONTACT_FROM:-}
|
||||||
volumes:
|
volumes:
|
||||||
# SQLite content DB + uploaded media persist across rebuilds.
|
|
||||||
- cms-data:/data
|
- cms-data:/data
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3000"]
|
test: ["CMD", "node", "-e",
|
||||||
|
"fetch('http://127.0.0.1:3000/').then(r=>process.exit(r.ok?0:1)).catch(()=>process.exit(1))"]
|
||||||
interval: 30s
|
interval: 30s
|
||||||
timeout: 5s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
start_period: 20s
|
start_period: 30s
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
cms-data:
|
cms-data:
|
||||||
|
|||||||
Reference in New Issue
Block a user