From 478ded4bfb1cb8a88c6e5e58d089eb7be77c9bec Mon Sep 17 00:00:00 2001 From: caitano28 Date: Fri, 12 Sep 2025 06:03:18 -0400 Subject: [PATCH 01/13] TermsAndPolicy for ENV --- .env.example | 4 ++++ apps/frontend/src/components/auth/register.tsx | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 9a017b3ac..fae21630e 100644 --- a/.env.example +++ b/.env.example @@ -9,6 +9,10 @@ JWT_SECRET="random string for your JWT secret, make it long" FRONTEND_URL="http://localhost:4200" NEXT_PUBLIC_BACKEND_URL="http://localhost:3000" BACKEND_INTERNAL_URL="http://localhost:3000" +# === This needs to be exactly the URL you're accessing Terms of Service and +#=====Privacy Policy on need for youtube Authentication +NEXT_PUBLIC_TERMS_URL="" +NEXT_PUBLIC_PRIVACY_URL="" ## Remember to set your public internet IP address in the allow-list for the API token. ## diff --git a/apps/frontend/src/components/auth/register.tsx b/apps/frontend/src/components/auth/register.tsx index 13d925d28..9cda62009 100644 --- a/apps/frontend/src/components/auth/register.tsx +++ b/apps/frontend/src/components/auth/register.tsx @@ -29,6 +29,11 @@ const WalletProvider = dynamic( loading: () => , } ); +const TERMS_URL = + process.env.NEXT_PUBLIC_TERMS_URL ?? 'https://postiz.com/terms'; +const PRIVACY_URL = + process.env.NEXT_PUBLIC_PRIVACY_URL ?? 'https://postiz.com/privacy'; + type Inputs = { email: string; password: string; @@ -206,14 +211,14 @@ export function RegisterAfter({ 'By registering you agree to our' )}  {t('terms_of_service', 'Terms of Service')}   {t('and', 'and')}  {t('privacy_policy', 'Privacy Policy')} From c57dff0677aaca0cd9cb98624c7bcf9d58d8b0f2 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Fri, 12 Sep 2025 23:20:50 -0400 Subject: [PATCH 02/13] Update build-containers.yml for my repositori --- .github/workflows/build-containers.yml | 81 ++++++++++++++++---------- 1 file changed, 49 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index e0fc50f64..5591c2154 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -1,11 +1,10 @@ ---- name: "Build Containers" on: workflow_dispatch: push: tags: - - '*' + - '*' # publique quando fizer push de qualquer tag (ex.: v1.0.0) jobs: build-containers-common: @@ -20,82 +19,100 @@ jobs: build-containers: needs: build-containers-common + runs-on: ${{ matrix.runnertags }} + permissions: + contents: read + packages: write # << necessário para publicar no GHCR strategy: matrix: include: - runnertags: ubuntu-latest arch: amd64 - - runnertags: ubuntu-24.04-arm + - runnertags: ubuntu-24.04-arm # garanta que esse runner existe arch: arm64 - runs-on: ${{ matrix.runnertags }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Compute GHCR image path (owner lowercase) + run: | + OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') + echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV + echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV + - name: Login to ghcr uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ github.token }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push Image env: CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }} NEXT_PUBLIC_VERSION: ${{ github.ref_name }} run: | - docker buildx build --platform linux/${{ matrix.arch }} \ + echo "Pushing $IMAGE:${CONTAINERVER}-${{ matrix.arch }}" + docker buildx build \ + --platform linux/${{ matrix.arch }} \ -f Dockerfile.dev \ - -t ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }} \ - --build-arg NEXT_PUBLIC_VERSION=${{ env.NEXT_PUBLIC_VERSION }} \ + -t "$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" \ + --build-arg NEXT_PUBLIC_VERSION="${NEXT_PUBLIC_VERSION}" \ --provenance=false --sbom=false \ - --output "type=registry,name=ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }}" . + --push . build-container-manifest: needs: [build-containers, build-containers-common] runs-on: ubuntu-latest + permissions: + contents: read + packages: write # << necessário para manipular manifest no GHCR steps: + - name: Compute GHCR image path (owner lowercase) + run: | + OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') + echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV + echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV + - name: Login to ghcr uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ github.token }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Create Docker Manifest env: CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }} run: | - # Verify the architecture images - echo "Verifying AMD64 image:" - docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 - - echo "Verifying ARM64 image:" - docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64 - - # Try to remove any existing manifests first - docker manifest rm ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} || true - docker manifest rm ghcr.io/gitroomhq/postiz-app:latest || true - - # Create and push the version-specific manifest - docker manifest create ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} \ - --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \ - --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64 + echo "Verifying images:" + docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-amd64" + docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-arm64" - docker manifest push ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} + echo "Removing existing manifests (if any)" + docker manifest rm "$IMAGE:${CONTAINERVER}" || true + docker manifest rm "$IMAGE:latest" || true - # Create and push the latest manifest - docker manifest create ghcr.io/gitroomhq/postiz-app:latest \ - --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \ - --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64 + echo "Creating and pushing version manifest" + docker manifest create "$IMAGE:${CONTAINERVER}" \ + --amend "$IMAGE:${CONTAINERVER}-amd64" \ + --amend "$IMAGE:${CONTAINERVER}-arm64" + docker manifest push "$IMAGE:${CONTAINERVER}" - docker manifest push ghcr.io/gitroomhq/postiz-app:latest + echo "Creating and pushing latest manifest" + docker manifest create "$IMAGE:latest" \ + --amend "$IMAGE:${CONTAINERVER}-amd64" \ + --amend "$IMAGE:${CONTAINERVER}-arm64" + docker manifest push "$IMAGE:latest" - name: Verify Manifest run: | - docker manifest inspect ghcr.io/gitroomhq/postiz-app:latest + docker manifest inspect "$IMAGE:latest" From 709c44831961d7edf4690d437506c7ecbcb79d63 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Fri, 12 Sep 2025 23:36:27 -0400 Subject: [PATCH 03/13] Update build-containers.yml token --- .github/workflows/build-containers.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index 5591c2154..dc99de0cc 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -53,7 +53,7 @@ jobs: with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + password: ${{ github.token }} - name: Build and Push Image env: From bc605b83a09d0758441018ed0ffa2121b8810022 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Fri, 12 Sep 2025 23:39:52 -0400 Subject: [PATCH 04/13] Update build-containers.yml permissions --- .github/workflows/build-containers.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index dc99de0cc..bb1711049 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -1,5 +1,8 @@ name: "Build Containers" - +permissions: + contents: read + packages: write + on: workflow_dispatch: push: From 5e90dd5bd8f0daeaffec312311175d18ef5fd4ff Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sat, 13 Sep 2025 23:54:45 -0400 Subject: [PATCH 05/13] Update build-containers.yml ajuste build docker img --- .github/workflows/build-containers.yml | 37 +++++++++++--------------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index bb1711049..407acf065 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -1,13 +1,14 @@ name: "Build Containers" -permissions: - contents: read - packages: write - + on: workflow_dispatch: push: tags: - - '*' # publique quando fizer push de qualquer tag (ex.: v1.0.0) + - '*' # dispara ao push de qualquer tag (ex.: v1.0.0) + +permissions: + contents: read + packages: write # necessário para publicar no GHCR com o GITHUB_TOKEN jobs: build-containers-common: @@ -22,26 +23,20 @@ jobs: build-containers: needs: build-containers-common - runs-on: ${{ matrix.runnertags }} - permissions: - contents: read - packages: write # << necessário para publicar no GHCR strategy: matrix: include: - runnertags: ubuntu-latest arch: amd64 - - runnertags: ubuntu-24.04-arm # garanta que esse runner existe + - runnertags: ubuntu-24.04-arm # mantenho como você pediu (garanta que exista) arch: arm64 + runs-on: ${{ matrix.runnertags }} steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -50,40 +45,38 @@ jobs: OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV + echo "Will push to: $IMAGE" - name: Login to ghcr uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} - password: ${{ github.token }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and Push Image env: CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }} NEXT_PUBLIC_VERSION: ${{ github.ref_name }} run: | - echo "Pushing $IMAGE:${CONTAINERVER}-${{ matrix.arch }}" - docker buildx build \ - --platform linux/${{ matrix.arch }} \ + echo "Building $IMAGE:${CONTAINERVER}-${{ matrix.arch }}" + docker buildx build --platform linux/${{ matrix.arch }} \ -f Dockerfile.dev \ -t "$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" \ --build-arg NEXT_PUBLIC_VERSION="${NEXT_PUBLIC_VERSION}" \ --provenance=false --sbom=false \ - --push . + --output "type=registry,name=$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" . build-container-manifest: needs: [build-containers, build-containers-common] runs-on: ubuntu-latest - permissions: - contents: read - packages: write # << necessário para manipular manifest no GHCR steps: - name: Compute GHCR image path (owner lowercase) run: | OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV + echo "Using: $IMAGE" - name: Login to ghcr uses: docker/login-action@v3 @@ -96,7 +89,7 @@ jobs: env: CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }} run: | - echo "Verifying images:" + echo "Verifying per-arch images:" docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-amd64" docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-arm64" From 0c350ea59f2a9924076bb2d32c53ca9bc299e325 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:06:04 -0400 Subject: [PATCH 06/13] Update Dockerfile.dev --- Dockerfile.dev | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index 72bb36549..e692a7c1d 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -1,21 +1,47 @@ FROM node:20-alpine3.19 + ARG NEXT_PUBLIC_VERSION ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION -RUN apk add --no-cache g++ make py3-pip bash nginx -RUN adduser -D -g 'www' www -RUN mkdir /www -RUN chown -R www:www /var/lib/nginx -RUN chown -R www:www /www +ENV NODE_ENV=production + +# deps úteis p/ Prisma no Alpine + seu stack +RUN apk add --no-cache g++ make py3-pip bash nginx openssl libc6-compat +# nginx user/dirs +RUN adduser -D -g 'www' www \ + && mkdir /www \ + && chown -R www:www /var/lib/nginx /www +# pnpm/pm2 globais RUN npm --no-update-notifier --no-fund --global install pnpm@10.6.1 pm2 WORKDIR /app +# Copia apenas manifests primeiro (melhor cache) +COPY pnpm-lock.yaml package.json ./ +# se for monorepo, copie tbm os package.json relevantes +# COPY packages/*/package.json ./packages/*/ + +# 👉 Evita scripts durante install (inclui postinstall do Prisma) +ENV PRISMA_SKIP_POSTINSTALL=1 +RUN pnpm install --frozen-lockfile --ignore-scripts + +# Agora sim, copie o resto do código COPY . /app COPY var/docker/nginx.conf /etc/nginx/nginx.conf -RUN pnpm install +# 👉 Gera o Prisma Client DEPOIS do install +# Ajuste o --schema conforme seu path real: +RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma +# Se o CLI estiver em um pacote específico, use: +# RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma + +# (Opcional) se você NÃO quer wasm/edge, use engineType=library no schema. +# Como workaround sem editar schema, pode exportar: +# ENV PRISMA_CLIENT_ENGINE_TYPE=library + +# Build do app RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build +# Start CMD ["sh", "-c", "nginx && pnpm run pm2"] From bf9f88f357d35361f63ffe1b4407dad0bc67c40c Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:13:51 -0400 Subject: [PATCH 07/13] Update Dockerfile.dev --- Dockerfile.dev | 41 ++++++++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index e692a7c1d..ba57cae3e 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -4,7 +4,7 @@ ARG NEXT_PUBLIC_VERSION ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION ENV NODE_ENV=production -# deps úteis p/ Prisma no Alpine + seu stack +# deps úteis p/ Prisma + build em Alpine RUN apk add --no-cache g++ make py3-pip bash nginx openssl libc6-compat # nginx user/dirs @@ -12,34 +12,41 @@ RUN adduser -D -g 'www' www \ && mkdir /www \ && chown -R www:www /var/lib/nginx /www -# pnpm/pm2 globais -RUN npm --no-update-notifier --no-fund --global install pnpm@10.6.1 pm2 - WORKDIR /app -# Copia apenas manifests primeiro (melhor cache) -COPY pnpm-lock.yaml package.json ./ -# se for monorepo, copie tbm os package.json relevantes -# COPY packages/*/package.json ./packages/*/ +# Use a versão de pnpm do projeto (Corepack) e deixe o PM2 global +RUN corepack enable +RUN npm --no-update-notifier --no-fund --global install pm2 + +# Copie manifestos antes (melhor cache) +COPY package.json pnpm-lock.yaml ./ +# (Se você tiver workspaces com package.json próprios, copie-os aqui também) + +# ⚙️ Alinhar pnpm à versão do packageManager (se existir) +RUN sh -lc 'PM=$(node -e "try{console.log(require(\"./package.json\").packageManager.split(\"@\")[1])}catch{process.exit(0)}"); \ + if [ -n \"$PM\" ]; then corepack prepare pnpm@\"$PM\" --activate; fi' + +# ⚙️ Fazer o inject-workspace-packages combinar com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) +RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \ + [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true' -# 👉 Evita scripts durante install (inclui postinstall do Prisma) +# Evitar scripts (inclui postinstall do Prisma) durante o install ENV PRISMA_SKIP_POSTINSTALL=1 RUN pnpm install --frozen-lockfile --ignore-scripts -# Agora sim, copie o resto do código +# Agora copie o resto do código e nginx.conf COPY . /app COPY var/docker/nginx.conf /etc/nginx/nginx.conf -# 👉 Gera o Prisma Client DEPOIS do install -# Ajuste o --schema conforme seu path real: +# (Opcional) Se não quer runtime WASM/edge: +# ENV PRISMA_CLIENT_ENGINE_TYPE=library + +# Gerar Prisma Client DEPOIS do install +# Ajuste o --schema se necessário RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma -# Se o CLI estiver em um pacote específico, use: +# Se o CLI estiver em um pacote específico: # RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma -# (Opcional) se você NÃO quer wasm/edge, use engineType=library no schema. -# Como workaround sem editar schema, pode exportar: -# ENV PRISMA_CLIENT_ENGINE_TYPE=library - # Build do app RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build From 5043bf82517de880eae75852df224336c79748fd Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:17:59 -0400 Subject: [PATCH 08/13] Update Dockerfile.dev --- Dockerfile.dev | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index ba57cae3e..f8efb5ce8 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -14,17 +14,18 @@ RUN adduser -D -g 'www' www \ WORKDIR /app -# Use a versão de pnpm do projeto (Corepack) e deixe o PM2 global -RUN corepack enable -RUN npm --no-update-notifier --no-fund --global install pm2 - -# Copie manifestos antes (melhor cache) +# ---- PNPM global (pinado) + PM2 ---- +# Lê versão do packageManager (pnpm@X.Y.Z); se não tiver, usa 10.6.1 COPY package.json pnpm-lock.yaml ./ -# (Se você tiver workspaces com package.json próprios, copie-os aqui também) +RUN sh -lc 'VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}"); \ + [ -z \"$VER\" ] && VER=10.6.1; \ + echo \"Instalando pnpm@$VER\"; \ + npm --no-update-notifier --no-fund -g install pnpm@\"$VER\" pm2' -# ⚙️ Alinhar pnpm à versão do packageManager (se existir) -RUN sh -lc 'PM=$(node -e "try{console.log(require(\"./package.json\").packageManager.split(\"@\")[1])}catch{process.exit(0)}"); \ - if [ -n \"$PM\" ]; then corepack prepare pnpm@\"$PM\" --activate; fi' +# (Opcional) copie configs se existirem (ajuda a manter o comportamento do lockfile) +COPY .npmrc ./.npmrc +COPY .pnpmrc ./.pnpmrc +COPY .pnpmrc.yaml ./.pnpmrc.yaml # ⚙️ Fazer o inject-workspace-packages combinar com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \ @@ -41,8 +42,7 @@ COPY var/docker/nginx.conf /etc/nginx/nginx.conf # (Opcional) Se não quer runtime WASM/edge: # ENV PRISMA_CLIENT_ENGINE_TYPE=library -# Gerar Prisma Client DEPOIS do install -# Ajuste o --schema se necessário +# Gerar Prisma Client DEPOIS do install (ajuste o --schema se necessário) RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma # Se o CLI estiver em um pacote específico: # RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma From 1c568b4666274e14605f7c002e20ffe4d8ec40a3 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:27:36 -0400 Subject: [PATCH 09/13] Update build-containers.yml --- .github/workflows/build-containers.yml | 33 ++++++++++++-------------- 1 file changed, 15 insertions(+), 18 deletions(-) diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml index 407acf065..537df22a5 100644 --- a/.github/workflows/build-containers.yml +++ b/.github/workflows/build-containers.yml @@ -28,7 +28,7 @@ jobs: include: - runnertags: ubuntu-latest arch: amd64 - - runnertags: ubuntu-24.04-arm # mantenho como você pediu (garanta que exista) + - runnertags: ubuntu-24.04-arm # garanta que esse runner ARM exista; senão, remova esta linha arch: arm64 runs-on: ${{ matrix.runnertags }} steps: @@ -37,22 +37,22 @@ jobs: with: fetch-depth: 0 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Compute GHCR image path (owner lowercase) run: | OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') - echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV echo "Will push to: $IMAGE" - - name: Login to ghcr - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # Buildx via CLI (sem ação externa) + - name: Enable Buildx + run: | + docker buildx create --name ci-builder --use || docker buildx use ci-builder + docker buildx inspect --bootstrap + + # Login no GHCR via CLI usando o GITHUB_TOKEN + - name: Login to ghcr (CLI) + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin - name: Build and Push Image env: @@ -74,16 +74,13 @@ jobs: - name: Compute GHCR image path (owner lowercase) run: | OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]') - echo "OWNER_LOWER=$OWNER_LOWER" >> $GITHUB_ENV echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV echo "Using: $IMAGE" - - name: Login to ghcr - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # Login no GHCR via CLI usando o GITHUB_TOKEN + - name: Login to ghcr (CLI) + run: | + echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin - name: Create Docker Manifest env: From 1914f49f13469c7b7a662e6963f7f9b2d03102b6 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:33:58 -0400 Subject: [PATCH 10/13] Update Dockerfile.dev --- Dockerfile.dev | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index f8efb5ce8..99724134c 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -15,19 +15,20 @@ RUN adduser -D -g 'www' www \ WORKDIR /app # ---- PNPM global (pinado) + PM2 ---- -# Lê versão do packageManager (pnpm@X.Y.Z); se não tiver, usa 10.6.1 +# Copie manifestos primeiro (melhor cache) COPY package.json pnpm-lock.yaml ./ + +# Lê versão do packageManager (pnpm@X.Y.Z); se não houver, usa 10.6.1 RUN sh -lc 'VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}"); \ [ -z \"$VER\" ] && VER=10.6.1; \ echo \"Instalando pnpm@$VER\"; \ npm --no-update-notifier --no-fund -g install pnpm@\"$VER\" pm2' -# (Opcional) copie configs se existirem (ajuda a manter o comportamento do lockfile) -COPY .npmrc ./.npmrc -COPY .pnpmrc ./.pnpmrc -COPY .pnpmrc.yaml ./.pnpmrc.yaml +# (Opcional) se existir .npmrc no repo, copiamos (não quebra se faltar? -> então mantenha só se existir) +# Se você TEM .npmrc, deixe a linha abaixo. Se não tiver, remova. +#COPY .npmrc ./.npmrc -# ⚙️ Fazer o inject-workspace-packages combinar com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) +# ⚙️ alinhar inject-workspace-packages com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \ [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true' From c6f3aeb0aaf07f8a4c59c33b587b24bc6f57bbb6 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:34:56 -0400 Subject: [PATCH 11/13] Update Dockerfile.dev --- Dockerfile.dev | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index 99724134c..62c73c113 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -26,7 +26,7 @@ RUN sh -lc 'VER=$(node -e "try{const pm=require(\"./package.json\").packageManag # (Opcional) se existir .npmrc no repo, copiamos (não quebra se faltar? -> então mantenha só se existir) # Se você TEM .npmrc, deixe a linha abaixo. Se não tiver, remova. -#COPY .npmrc ./.npmrc +COPY .npmrc ./.npmrc # ⚙️ alinhar inject-workspace-packages com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \ From c38ba002a6d871ba08800156f3f4b03cc40554f9 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 01:40:35 -0400 Subject: [PATCH 12/13] Update Dockerfile.dev --- Dockerfile.dev | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Dockerfile.dev b/Dockerfile.dev index 62c73c113..407fe08ea 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -19,16 +19,17 @@ WORKDIR /app COPY package.json pnpm-lock.yaml ./ # Lê versão do packageManager (pnpm@X.Y.Z); se não houver, usa 10.6.1 -RUN sh -lc 'VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}"); \ - [ -z \"$VER\" ] && VER=10.6.1; \ - echo \"Instalando pnpm@$VER\"; \ - npm --no-update-notifier --no-fund -g install pnpm@\"$VER\" pm2' - -# (Opcional) se existir .npmrc no repo, copiamos (não quebra se faltar? -> então mantenha só se existir) -# Se você TEM .npmrc, deixe a linha abaixo. Se não tiver, remova. +RUN sh -lc '\ + VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}") ; \ + [ -z \"$VER\" ] && VER=10.6.1 ; \ + echo Installing pnpm@$VER ; \ + npm --no-update-notifier --no-fund -g install pnpm@$VER pm2 \ +' + +# (Opcional) se você tem .npmrc no repo, mantenha a linha abaixo; senão, remova. COPY .npmrc ./.npmrc -# ⚙️ alinhar inject-workspace-packages com o lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) +# Alinha inject-workspace-packages ao lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH) RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \ [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true' From 902be50a7aab69d70247b6a34c0513c870200e72 Mon Sep 17 00:00:00 2001 From: Rodrigo Caitano <31899397+ViperTecCorporation@users.noreply.github.com> Date: Sun, 14 Sep 2025 02:09:57 -0400 Subject: [PATCH 13/13] Update Dockerfile.dev --- Dockerfile.dev | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile.dev b/Dockerfile.dev index 407fe08ea..6ffeb9bf4 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -37,6 +37,9 @@ RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lo ENV PRISMA_SKIP_POSTINSTALL=1 RUN pnpm install --frozen-lockfile --ignore-scripts +# ⬇️ Compile o bcrypt nativo (necessário no Alpine) +RUN npm_config_build_from_source=true pnpm rebuild bcrypt + # Agora copie o resto do código e nginx.conf COPY . /app COPY var/docker/nginx.conf /etc/nginx/nginx.conf