diff --git a/.env.example b/.env.example
index 61d2a0206..89eba8011 100644
--- a/.env.example
+++ b/.env.example
@@ -9,6 +9,10 @@ JWT_SECRET="random string for your JWT secret, make it long"
FRONTEND_URL="http://localhost:4200"
NEXT_PUBLIC_BACKEND_URL="http://localhost:3000"
BACKEND_INTERNAL_URL="http://localhost:3000"
+# === This needs to be exactly the URL you're accessing Terms of Service and
+#=====Privacy Policy on need for youtube Authentication
+NEXT_PUBLIC_TERMS_URL=""
+NEXT_PUBLIC_PRIVACY_URL=""
## Remember to set your public internet IP address in the allow-list for the API token.
##
diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml
index e0fc50f64..537df22a5 100644
--- a/.github/workflows/build-containers.yml
+++ b/.github/workflows/build-containers.yml
@@ -1,11 +1,14 @@
----
name: "Build Containers"
on:
workflow_dispatch:
push:
tags:
- - '*'
+ - '*' # dispara ao push de qualquer tag (ex.: v1.0.0)
+
+permissions:
+ contents: read
+ packages: write # necessário para publicar no GHCR com o GITHUB_TOKEN
jobs:
build-containers-common:
@@ -25,7 +28,7 @@ jobs:
include:
- runnertags: ubuntu-latest
arch: amd64
- - runnertags: ubuntu-24.04-arm
+ - runnertags: ubuntu-24.04-arm # garanta que esse runner ARM exista; senão, remova esta linha
arch: arm64
runs-on: ${{ matrix.runnertags }}
steps:
@@ -34,68 +37,75 @@ jobs:
with:
fetch-depth: 0
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
+ - name: Compute GHCR image path (owner lowercase)
+ run: |
+ OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
+ echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV
+ echo "Will push to: $IMAGE"
- - name: Login to ghcr
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ github.token }}
+ # Buildx via CLI (sem ação externa)
+ - name: Enable Buildx
+ run: |
+ docker buildx create --name ci-builder --use || docker buildx use ci-builder
+ docker buildx inspect --bootstrap
+
+ # Login no GHCR via CLI usando o GITHUB_TOKEN
+ - name: Login to ghcr (CLI)
+ run: |
+ echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Build and Push Image
env:
CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
NEXT_PUBLIC_VERSION: ${{ github.ref_name }}
run: |
+ echo "Building $IMAGE:${CONTAINERVER}-${{ matrix.arch }}"
docker buildx build --platform linux/${{ matrix.arch }} \
-f Dockerfile.dev \
- -t ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }} \
- --build-arg NEXT_PUBLIC_VERSION=${{ env.NEXT_PUBLIC_VERSION }} \
+ -t "$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" \
+ --build-arg NEXT_PUBLIC_VERSION="${NEXT_PUBLIC_VERSION}" \
--provenance=false --sbom=false \
- --output "type=registry,name=ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }}" .
+ --output "type=registry,name=$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" .
build-container-manifest:
needs: [build-containers, build-containers-common]
runs-on: ubuntu-latest
steps:
- - name: Login to ghcr
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ github.token }}
+ - name: Compute GHCR image path (owner lowercase)
+ run: |
+ OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
+ echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV
+ echo "Using: $IMAGE"
+
+ # Login no GHCR via CLI usando o GITHUB_TOKEN
+ - name: Login to ghcr (CLI)
+ run: |
+ echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
- name: Create Docker Manifest
env:
CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
run: |
- # Verify the architecture images
- echo "Verifying AMD64 image:"
- docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64
-
- echo "Verifying ARM64 image:"
- docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
-
- # Try to remove any existing manifests first
- docker manifest rm ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} || true
- docker manifest rm ghcr.io/gitroomhq/postiz-app:latest || true
-
- # Create and push the version-specific manifest
- docker manifest create ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} \
- --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
- --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+ echo "Verifying per-arch images:"
+ docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-amd64"
+ docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-arm64"
- docker manifest push ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}
+ echo "Removing existing manifests (if any)"
+ docker manifest rm "$IMAGE:${CONTAINERVER}" || true
+ docker manifest rm "$IMAGE:latest" || true
- # Create and push the latest manifest
- docker manifest create ghcr.io/gitroomhq/postiz-app:latest \
- --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
- --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+ echo "Creating and pushing version manifest"
+ docker manifest create "$IMAGE:${CONTAINERVER}" \
+ --amend "$IMAGE:${CONTAINERVER}-amd64" \
+ --amend "$IMAGE:${CONTAINERVER}-arm64"
+ docker manifest push "$IMAGE:${CONTAINERVER}"
- docker manifest push ghcr.io/gitroomhq/postiz-app:latest
+ echo "Creating and pushing latest manifest"
+ docker manifest create "$IMAGE:latest" \
+ --amend "$IMAGE:${CONTAINERVER}-amd64" \
+ --amend "$IMAGE:${CONTAINERVER}-arm64"
+ docker manifest push "$IMAGE:latest"
- name: Verify Manifest
run: |
- docker manifest inspect ghcr.io/gitroomhq/postiz-app:latest
+ docker manifest inspect "$IMAGE:latest"
diff --git a/Dockerfile.dev b/Dockerfile.dev
index 72bb36549..6ffeb9bf4 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -1,21 +1,59 @@
FROM node:20-alpine3.19
+
ARG NEXT_PUBLIC_VERSION
ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION
-RUN apk add --no-cache g++ make py3-pip bash nginx
-RUN adduser -D -g 'www' www
-RUN mkdir /www
-RUN chown -R www:www /var/lib/nginx
-RUN chown -R www:www /www
+ENV NODE_ENV=production
+# deps úteis p/ Prisma + build em Alpine
+RUN apk add --no-cache g++ make py3-pip bash nginx openssl libc6-compat
-RUN npm --no-update-notifier --no-fund --global install pnpm@10.6.1 pm2
+# nginx user/dirs
+RUN adduser -D -g 'www' www \
+ && mkdir /www \
+ && chown -R www:www /var/lib/nginx /www
WORKDIR /app
+# ---- PNPM global (pinado) + PM2 ----
+# Copie manifestos primeiro (melhor cache)
+COPY package.json pnpm-lock.yaml ./
+
+# Lê versão do packageManager (pnpm@X.Y.Z); se não houver, usa 10.6.1
+RUN sh -lc '\
+ VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}") ; \
+ [ -z \"$VER\" ] && VER=10.6.1 ; \
+ echo Installing pnpm@$VER ; \
+ npm --no-update-notifier --no-fund -g install pnpm@$VER pm2 \
+'
+
+# (Opcional) se você tem .npmrc no repo, mantenha a linha abaixo; senão, remova.
+COPY .npmrc ./.npmrc
+
+# Alinha inject-workspace-packages ao lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH)
+RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \
+ [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true'
+
+# Evitar scripts (inclui postinstall do Prisma) durante o install
+ENV PRISMA_SKIP_POSTINSTALL=1
+RUN pnpm install --frozen-lockfile --ignore-scripts
+
+# ⬇️ Compile o bcrypt nativo (necessário no Alpine)
+RUN npm_config_build_from_source=true pnpm rebuild bcrypt
+
+# Agora copie o resto do código e nginx.conf
COPY . /app
COPY var/docker/nginx.conf /etc/nginx/nginx.conf
-RUN pnpm install
+# (Opcional) Se não quer runtime WASM/edge:
+# ENV PRISMA_CLIENT_ENGINE_TYPE=library
+
+# Gerar Prisma Client DEPOIS do install (ajuste o --schema se necessário)
+RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma
+# Se o CLI estiver em um pacote específico:
+# RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma
+
+# Build do app
RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build
+# Start
CMD ["sh", "-c", "nginx && pnpm run pm2"]
diff --git a/apps/frontend/src/components/auth/register.tsx b/apps/frontend/src/components/auth/register.tsx
index 13d925d28..9cda62009 100644
--- a/apps/frontend/src/components/auth/register.tsx
+++ b/apps/frontend/src/components/auth/register.tsx
@@ -29,6 +29,11 @@ const WalletProvider = dynamic(
loading: () => ,
}
);
+const TERMS_URL =
+ process.env.NEXT_PUBLIC_TERMS_URL ?? 'https://postiz.com/terms';
+const PRIVACY_URL =
+ process.env.NEXT_PUBLIC_PRIVACY_URL ?? 'https://postiz.com/privacy';
+
type Inputs = {
email: string;
password: string;
@@ -206,14 +211,14 @@ export function RegisterAfter({
'By registering you agree to our'
)}
{t('terms_of_service', 'Terms of Service')}
{t('and', 'and')}
{t('privacy_policy', 'Privacy Policy')}