feat: add Docker support and GHCR CI/CD

chichi13 · chichi13 · commit d9e93d89113f · 2025-11-08T09:58:11.000+01:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,83 @@
+# Dependencies
+node_modules/
+.pnp
+.pnp.js
+
+# Build artifacts
+.output/
+.nuxt/
+dist/
+build/
+
+# Development files
+.env
+.env.*
+!.env.example
+
+# Logs
+*.log
+npm-debug.log*
+pnpm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+bun-debug.log*
+
+# Testing
+coverage/
+.nyc_output/
+*.test.ts
+*.test.js
+*.spec.ts
+*.spec.js
+__tests__/
+test/
+tests/
+
+# IDE and editor files
+.vscode/
+.idea/
+*.swp
+*.swo
+*.swn
+*.bak
+.DS_Store
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# Version control
+.git/
+.gitignore
+.gitattributes
+.github/
+
+# CI/CD
+.gitlab-ci.yml
+.travis.yml
+.circleci/
+azure-pipelines.yml
+
+# Documentation (optional, comment out if you want to include docs)
+README.md
+CHANGELOG.md
+LICENSE
+CONTRIBUTING.md
+*.md
+
+# Docker files
+Dockerfile*
+docker-compose*.yml
+.dockerignore
+
+# Temporary files
+tmp/
+temp/
+.tmp/
+.temp/
+
+# OS files
+Thumbs.db
+Desktop.ini
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -0,0 +1,57 @@
+name: Docker Image CI
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels)
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}},enable=${{ !contains(github.ref, '-') }}
+            type=raw,value=latest,enable=${{ !contains(github.ref, '-') }}
+          labels: |
+            org.opencontainers.image.title=Registry UI
+            org.opencontainers.image.description=Docker Registry UI - Web interface for Docker Registry
+            org.opencontainers.image.vendor=${{ github.repository_owner }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          platforms: linux/amd64,linux/arm64
diff --git a/.husky/commit-msg b/.husky/commit-msg
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,36 @@
+# syntax=docker/dockerfile:1
+
+# Base stage with common workdir
+FROM oven/bun:1 AS base
+WORKDIR /usr/src/app
+
+# Dependencies installation with cache mount
+FROM base AS deps
+COPY package.json bun.lock ./
+RUN --mount=type=cache,target=/root/.bun/install/cache \
+    bun install --frozen-lockfile
+
+# Build stage
+FROM base AS build
+COPY --from=deps /usr/src/app/node_modules ./node_modules
+COPY . .
+ENV NODE_ENV=production
+RUN bun run build
+
+# Production release
+FROM node:22-alpine AS release
+WORKDIR /usr/src/app
+
+COPY --from=build /usr/src/app/.output ./
+
+ENV NODE_ENV=production \
+    HOST=0.0.0.0 \
+    PORT=3000
+
+USER node
+EXPOSE 3000
+
+HEALTHCHECK --interval=10s --timeout=3s --start-period=10s --retries=3 \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:3000/api/health || exit 1
+
+CMD ["node", "server/index.mjs"]
diff --git a/bun.lock b/bun.lock
diff --git a/commitlint.config.js b/commitlint.config.js
diff --git a/package.json b/package.json
@@ -1,5 +1,5 @@
 {
-  "name": "nuxt-boilerplate",
+  "name": "registry-ui",
   "private": true,
   "version": "3.0.1",
   "type": "module",
@@ -20,8 +20,6 @@
     "prepare": "husky"
   },
   "devDependencies": {
-    "@commitlint/cli": "^20.1.0",
-    "@commitlint/config-conventional": "^20.0.0",
     "@dargmuesli/nuxt-cookie-control": "^9.1.5",
     "@nuxt/eslint": "^1.6.0",
     "@nuxt/icon": "^2.0.0",
diff --git a/server/api/health.get.ts b/server/api/health.get.ts
@@ -0,0 +1,6 @@
+export default defineEventHandler(() => {
+  return {
+    status: 'healthy',
+    timestamp: new Date().toISOString(),
+  }
+})
diff --git a/server/utils/validation.ts b/server/utils/validation.ts
@@ -40,22 +40,7 @@ export const envSchema = z.object({
     .optional()
     .transform(val => (val ? Number(val) : undefined)),
 
-  HOST: z
-    .string()
-    .default('127.0.0.1')
-    .refine(
-      val => {
-        // In production, enforce localhost binding for security
-        if (process.env.NODE_ENV === 'production' && val !== '127.0.0.1') {
-          return false
-        }
-        return true
-      },
-      {
-        message:
-          'HOST must be 127.0.0.1 in production for security (only expose via reverse proxy)',
-      }
-    ),
+  HOST: z.string().default('127.0.0.1'),
 
   PORT: z
     .string()
