Merge branch 'dev' of https://github.com/MODSetter/SurfSense into dev

Author: MODSetter

.dockerignore

@@ -26,6 +26,7 @@ permissions:
 jobs:
   tag_release:
     runs-on: ubuntu-latest
+    if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event_name == 'workflow_dispatch'
     outputs:
       new_tag: ${{ steps.tag_version.outputs.next_version }}
     steps:
@@ -86,6 +87,7 @@ jobs:
 
   build:
     needs: tag_release
+    if: always() && (needs.tag_release.result == 'success' || needs.tag_release.result == 'skipped')
     runs-on: ${{ matrix.os }}
     permissions:
       packages: write
@@ -121,6 +123,12 @@ jobs:
         id: image
         run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT
 
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.image.outputs.name }}
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
@@ -139,14 +147,15 @@ jobs:
           sudo rm -rf "$AGENT_TOOLSDIRECTORY" || true
           docker system prune -af
 
-      - name: Build and push ${{ matrix.name }} (${{ matrix.suffix }})
+      - name: Build and push by digest ${{ matrix.name }} (${{ matrix.suffix }})
         id: build
         uses: docker/build-push-action@v6
         with:
           context: ${{ matrix.context }}
           file: ${{ matrix.file }}
-          push: true
-          tags: ${{ steps.image.outputs.name }}:${{ needs.tag_release.outputs.new_tag }}-${{ matrix.suffix }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ${{ steps.image.outputs.name }}
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
           platforms: ${{ matrix.platform }}
           cache-from: type=gha,scope=${{ matrix.image }}-${{ matrix.suffix }}
           cache-to: type=gha,mode=max,scope=${{ matrix.image }}-${{ matrix.suffix }}
@@ -159,9 +168,24 @@ jobs:
             ${{ matrix.image == 'web' && 'NEXT_PUBLIC_ELECTRIC_AUTH_MODE=__NEXT_PUBLIC_ELECTRIC_AUTH_MODE__' || '' }}
             ${{ matrix.image == 'web' && 'NEXT_PUBLIC_DEPLOYMENT_MODE=__NEXT_PUBLIC_DEPLOYMENT_MODE__' || '' }}
 
+      - name: Export digest
+        run: |
+          mkdir -p /tmp/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ matrix.image }}-${{ matrix.suffix }}
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
   create_manifest:
     runs-on: ubuntu-latest
     needs: [tag_release, build]
+    if: always() && needs.build.result == 'success'
     permissions:
       packages: write
       contents: read
@@ -170,7 +194,9 @@ jobs:
       matrix:
         include:
           - name: surfsense-backend
+            image: backend
           - name: surfsense-web
+            image: web
     env:
       REGISTRY_IMAGE: ghcr.io/${{ github.repository_owner }}/${{ matrix.name }}
 
@@ -179,42 +205,63 @@ jobs:
         id: image
         run: echo "name=${REGISTRY_IMAGE,,}" >> $GITHUB_OUTPUT
 
+      - name: Download amd64 digest
+        uses: actions/download-artifact@v4
+        with:
+          name: digests-${{ matrix.image }}-amd64
+          path: /tmp/digests
+
+      - name: Download arm64 digest
+        uses: actions/download-artifact@v4
+        with:
+          name: digests-${{ matrix.image }}-arm64
+          path: /tmp/digests
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Create and push multi-arch manifest
+      - name: Compute app version
+        id: appver
         run: |
           VERSION_TAG="${{ needs.tag_release.outputs.new_tag }}"
-          IMAGE="${{ steps.image.outputs.name }}"
-          APP_VERSION=$(echo "$VERSION_TAG" | rev | cut -d. -f2- | rev)
-
-          docker manifest create ${IMAGE}:${VERSION_TAG} \
-            ${IMAGE}:${VERSION_TAG}-amd64 \
-            ${IMAGE}:${VERSION_TAG}-arm64
-
-          docker manifest push ${IMAGE}:${VERSION_TAG}
-
-          if [[ "${{ github.ref }}" == "refs/heads/${{ github.event.repository.default_branch }}" ]] || [[ "${{ github.event.inputs.branch }}" == "${{ github.event.repository.default_branch }}" ]]; then
-            docker manifest create ${IMAGE}:${APP_VERSION} \
-              ${IMAGE}:${VERSION_TAG}-amd64 \
-              ${IMAGE}:${VERSION_TAG}-arm64
-
-            docker manifest push ${IMAGE}:${APP_VERSION}
-
-            docker manifest create ${IMAGE}:latest \
-              ${IMAGE}:${VERSION_TAG}-amd64 \
-              ${IMAGE}:${VERSION_TAG}-arm64
-
-            docker manifest push ${IMAGE}:latest
+          if [ -n "$VERSION_TAG" ]; then
+            APP_VERSION=$(echo "$VERSION_TAG" | rev | cut -d. -f2- | rev)
+          else
+            APP_VERSION=""
           fi
+          echo "app_version=$APP_VERSION" >> $GITHUB_OUTPUT
 
-      - name: Summary
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ steps.image.outputs.name }}
+          tags: |
+            type=raw,value=${{ needs.tag_release.outputs.new_tag }},enable=${{ needs.tag_release.outputs.new_tag != '' }}
+            type=raw,value=${{ steps.appver.outputs.app_version }},enable=${{ needs.tag_release.outputs.new_tag != '' && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event.inputs.branch == github.event.repository.default_branch) }}
+            type=ref,event=branch
+            type=sha,prefix=git-
+          flavor: |
+            latest=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || github.event.inputs.branch == github.event.repository.default_branch }}
+
+      - name: Create manifest list and push
+        working-directory: /tmp/digests
         run: |
+          docker buildx imagetools create \
+            $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf '${{ steps.image.outputs.name }}@sha256:%s ' *)
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ${{ steps.image.outputs.name }}:${{ steps.meta.outputs.version }}
+
+      - name: Summary
+        run: | 
           echo "Multi-arch manifest created for ${{ matrix.name }}!"
-          echo "Versioned: ${{ steps.image.outputs.name }}:${{ needs.tag_release.outputs.new_tag }}"
-          echo "App version: ${{ steps.image.outputs.name }}:$(echo '${{ needs.tag_release.outputs.new_tag }}' | rev | cut -d. -f2- | rev)"
-          echo "Latest:    ${{ steps.image.outputs.name }}:latest"
+          echo "Tags: $(jq -cr '.tags | join(", ")' <<< "$DOCKER_METADATA_OUTPUT_JSON")"

.github/workflows/docker_build.yaml .github/workflows/docker-build.yml.github/workflows/docker_build.yaml renamed to .github/workflows/docker-build.yml

@@ -33,9 +33,9 @@ EMBEDDING_MODEL=sentence-transformers/all-MiniLM-L6-v2
 # Ports (change to avoid conflicts with other services on your machine)
 # ------------------------------------------------------------------------------
 
-# BACKEND_PORT=8000
-# FRONTEND_PORT=3000
-# ELECTRIC_PORT=5133
+# BACKEND_PORT=8929
+# FRONTEND_PORT=3929
+# ELECTRIC_PORT=5929
 # FLOWER_PORT=5555
 
 # ==============================================================================

docker/.env.example

@@ -8,7 +8,7 @@
 # For production with prebuilt images, use docker/docker-compose.yml instead.
 # =============================================================================
 
-name: surfsense
+name: surfsense-dev
 
 services:
   db:
@@ -162,8 +162,9 @@ services:
     image: electricsql/electric:1.4.10
     ports:
       - "${ELECTRIC_PORT:-5133}:3000"
-    # depends_on:
-    #   - db
+    depends_on:
+      db:
+        condition: service_healthy
     environment:
       - DATABASE_URL=${ELECTRIC_DATABASE_URL:-postgresql://${ELECTRIC_DB_USER:-electric}:${ELECTRIC_DB_PASSWORD:-electric_password}@${DB_HOST:-db}:${DB_PORT:-5432}/${DB_NAME:-surfsense}?sslmode=${DB_SSLMODE:-disable}}
       - ELECTRIC_INSECURE=true
@@ -197,10 +198,10 @@ services:
 
 volumes:
   postgres_data:
-    name: surfsense-postgres
+    name: surfsense-dev-postgres
   pgadmin_data:
-    name: surfsense-pgadmin
+    name: surfsense-dev-pgadmin
   redis_data:
-    name: surfsense-redis
+    name: surfsense-dev-redis
   shared_temp:
-    name: surfsense-shared-temp
+    name: surfsense-dev-shared-temp

docker/docker-compose.dev.yml

@@ -45,7 +45,7 @@ services:
   backend:
     image: ghcr.io/modsetter/surfsense-backend:${SURFSENSE_VERSION:-latest}
     ports:
-      - "${BACKEND_PORT:-8000}:8000"
+      - "${BACKEND_PORT:-8929}:8000"
     volumes:
       - shared_temp:/shared_tmp
     env_file:
@@ -61,7 +61,7 @@ services:
       UNSTRUCTURED_HAS_PATCHED_LOOP: "1"
       ELECTRIC_DB_USER: ${ELECTRIC_DB_USER:-electric}
       ELECTRIC_DB_PASSWORD: ${ELECTRIC_DB_PASSWORD:-electric_password}
-      NEXT_FRONTEND_URL: ${NEXT_FRONTEND_URL:-http://localhost:${FRONTEND_PORT:-3000}}
+      NEXT_FRONTEND_URL: ${NEXT_FRONTEND_URL:-http://localhost:${FRONTEND_PORT:-3929}}
       # Daytona Sandbox – uncomment and set credentials to enable cloud code execution
       # DAYTONA_SANDBOX_ENABLED: "TRUE"
       # DAYTONA_API_KEY: ${DAYTONA_API_KEY:-}
@@ -151,7 +151,7 @@ services:
   electric:
     image: electricsql/electric:1.4.10
     ports:
-      - "${ELECTRIC_PORT:-5133}:3000"
+      - "${ELECTRIC_PORT:-5929}:3000"
     environment:
       DATABASE_URL: ${ELECTRIC_DATABASE_URL:-postgresql://${ELECTRIC_DB_USER:-electric}:${ELECTRIC_DB_PASSWORD:-electric_password}@${DB_HOST:-db}:${DB_PORT:-5432}/${DB_NAME:-surfsense}?sslmode=${DB_SSLMODE:-disable}}
       ELECTRIC_INSECURE: "true"
@@ -169,10 +169,10 @@ services:
   frontend:
     image: ghcr.io/modsetter/surfsense-web:${SURFSENSE_VERSION:-latest}
     ports:
-      - "${FRONTEND_PORT:-3000}:3000"
+      - "${FRONTEND_PORT:-3929}:3000"
     environment:
-      NEXT_PUBLIC_FASTAPI_BACKEND_URL: ${NEXT_PUBLIC_FASTAPI_BACKEND_URL:-http://localhost:${BACKEND_PORT:-8000}}
-      NEXT_PUBLIC_ELECTRIC_URL: ${NEXT_PUBLIC_ELECTRIC_URL:-http://localhost:${ELECTRIC_PORT:-5133}}
+      NEXT_PUBLIC_FASTAPI_BACKEND_URL: ${NEXT_PUBLIC_FASTAPI_BACKEND_URL:-http://localhost:${BACKEND_PORT:-8929}}
+      NEXT_PUBLIC_ELECTRIC_URL: ${NEXT_PUBLIC_ELECTRIC_URL:-http://localhost:${ELECTRIC_PORT:-5929}}
       NEXT_PUBLIC_FASTAPI_BACKEND_AUTH_TYPE: ${AUTH_TYPE:-LOCAL}
       NEXT_PUBLIC_ETL_SERVICE: ${ETL_SERVICE:-DOCLING}
       NEXT_PUBLIC_DEPLOYMENT_MODE: ${DEPLOYMENT_MODE:-self-hosted}

docker/docker-compose.yml

@@ -321,9 +321,9 @@ Write-Host "         OSS Alternative to NotebookLM for Teams  [$versionDisplay]"
 Write-Host ("=" * 62) -ForegroundColor Cyan
 Write-Host ""
 
-Write-Info "  Frontend:  http://localhost:3000"
-Write-Info "  Backend:   http://localhost:8000"
-Write-Info "  API Docs:  http://localhost:8000/docs"
+Write-Info "  Frontend:  http://localhost:3929"
+Write-Info "  Backend:   http://localhost:8929"
+Write-Info "  API Docs:  http://localhost:8929/docs"
 Write-Info ""
 Write-Info "  Config:    $InstallDir\.env"
 Write-Info "  Logs:      cd $InstallDir; docker compose logs -f"

docker/scripts/install.ps1

@@ -304,9 +304,9 @@ _version_display="${_version_display:-latest}"
 printf "         OSS Alternative to NotebookLM for Teams  ${YELLOW}[%s]${NC}\n" "${_version_display}"
 printf "${CYAN}══════════════════════════════════════════════════════════════${NC}\n\n"
 
-info "  Frontend:  http://localhost:3000"
-info "  Backend:   http://localhost:8000"
-info "  API Docs:  http://localhost:8000/docs"
+info "  Frontend:  http://localhost:3929"
+info "  Backend:   http://localhost:8929"
+info "  API Docs:  http://localhost:8929/docs"
 info ""
 info "  Config:    ${INSTALL_DIR}/.env"
 info "  Logs:      cd ${INSTALL_DIR} && ${DC} logs -f"