alexei.dolgolyov
80868e0f7a
Adopt the proven notify-bridge pipeline pattern and fix deployment bugs. Workflows: - build.yml: split into parallel frontend / backend / build-image jobs. Run svelte-check + vitest + `go vet ./...` + `go test ./internal/...` (tests were never executed in CI). Use buildx with GHA layer cache and pin Go to 1.25. Quote the `if:` skip-guard so it is valid YAML. - release.yml: gate the release on a passing test job, then build & push the image, then create the Gitea release LAST so a failed image build can no longer leave an orphan release. Use buildx + registry buildcache, a hard registry login (a push failure now fails the release), and auto-generate a changelog between tags. Docker: - Dockerfile: pin golang to 1.25 (matches go.mod's `go 1.25.0`), add BuildKit cache mounts for the module + build caches, an OCI source label, VOLUME /app/data, and a HEALTHCHECK on /readyz. - docker-compose.yml: fix the healthcheck — it targeted POST-only /api/auth/login (405 -> always unhealthy); now /readyz. Point the image name at the Gitea registry tag with build-from-source as the default. - .dockerignore: exclude ~95 MB of stray binaries, logs, env, and CI/doc files from the build context.
58 lines
2.3 KiB
YAML
58 lines
2.3 KiB
YAML
services:
|
|
tinyforge:
|
|
# Default: build from source so a fresh clone works out of the box.
|
|
build: .
|
|
# Image name doubles as the Gitea registry tag. To DEPLOY the pre-built
|
|
# image instead of building (e.g. Portainer pulling on a webhook), comment
|
|
# out `build:` above — compose will then pull this tag. `:latest` is pushed
|
|
# only for stable (non pre-release) releases, and the registry may require
|
|
# `docker login git.dolgolyov-family.by` first if the package is private.
|
|
image: git.dolgolyov-family.by/alexei.dolgolyov/tiny-forge:latest
|
|
container_name: tinyforge
|
|
restart: unless-stopped
|
|
ports:
|
|
- "8080:8080"
|
|
volumes:
|
|
# Mount Docker socket for container management.
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
# Persistent data (SQLite database).
|
|
- tinyforge-data:/app/data
|
|
# Optional seed config (read on first launch only).
|
|
- ./tinyforge.yaml:/app/tinyforge.yaml:ro
|
|
environment:
|
|
# Required: protects all credentials stored in the database.
|
|
- ENCRYPTION_KEY=${ENCRYPTION_KEY:?Set ENCRYPTION_KEY in .env}
|
|
# Required on first launch: password for the default admin user.
|
|
- ADMIN_PASSWORD=${ADMIN_PASSWORD:?Set ADMIN_PASSWORD in .env}
|
|
# Optional: override seed file location.
|
|
- SEED_FILE=/app/tinyforge.yaml
|
|
# Optional: override data directory.
|
|
- DATA_DIR=/app/data
|
|
# Optional: override listen address.
|
|
- LISTEN_ADDR=:8080
|
|
# Optional: override NPM URL (otherwise uses value from settings).
|
|
# - NPM_URL=http://npm:81
|
|
# Optional: override polling interval.
|
|
# - POLLING_INTERVAL=5m
|
|
networks:
|
|
- staging-net
|
|
healthcheck:
|
|
# /readyz is the public readiness probe (pings the DB, rate-limited).
|
|
# The previous target (/api/auth/login) is POST-only, so a GET/spider
|
|
# request returned 405 and the container was always reported unhealthy.
|
|
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/readyz"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 10s
|
|
|
|
volumes:
|
|
tinyforge-data:
|
|
driver: local
|
|
|
|
# NOTE: The staging-net network must exist before starting.
|
|
# Create it with: docker network create staging-net
|
|
networks:
|
|
staging-net:
|
|
external: true
|