feat: add ready to deploy stuff

Author: aurelleb

.dockerignore

@@ -0,0 +1,51 @@
+# Dependencies
+node_modules/
+bun.lock
+
+# Development
+.git/
+.gitignore
+*.md
+!README.md
+
+# Environment
+.env
+.env.*
+!.env.example
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# Build artifacts
+dist/
+build/
+*.log
+
+# Data directories (managed via volumes)
+storage/
+data/
+dev.db
+dev.db-journal
+
+# Prisma
+prisma/migrations/
+*.db
+*.db-journal
+
+# Docker
+Dockerfile
+docker-compose.yml
+.dockerignore
+
+# Testing
+coverage/
+*.test.ts
+*.spec.ts
+
+# OS
+.DS_Store
+Thumbs.db

.env.example

@@ -4,6 +4,11 @@ DATABASE_URL="file:./dev.db"
 # API Authentication
 API_SECRET="your-secret-key-here"
 
+# GitHub API (optional)
+# Personal access token to avoid rate limiting when fetching user info
+# Create at: https://github.com/settings/tokens (no scopes needed for public user info)
+GITHUB_TOKEN=
+
 # Upload Configuration
 MAX_UPLOAD_SIZE=10485760  # 10MB in bytes
 
@@ -13,3 +18,7 @@ DEFAULT_PAGE_SIZE=100
 # Local Storage Configuration
 LOCAL_STORAGE_PATH=./storage
 LOCAL_STORAGE_URL=http://localhost:3000/storage
+
+# Production Deployment (Docker Compose)
+# Your domain name for automatic HTTPS via Caddy
+DOMAIN=store.vicinae.dev

.github/workflows/ci.yml

@@ -0,0 +1,87 @@
+name: CI
+
+on:
+  pull_request:
+    branches: [main, develop]
+  push:
+    branches: [main, develop]
+
+jobs:
+  lint-and-test:
+    name: Lint and Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Generate Prisma Client
+        run: bun prisma generate
+
+      - name: Type check
+        run: bun run type-check || echo "No type-check script found, skipping..."
+        continue-on-error: true
+
+      - name: Lint
+        run: bun run lint || echo "No lint script found, skipping..."
+        continue-on-error: true
+
+      - name: Build check
+        run: |
+          # Verify that the app can be imported without errors
+          bun build src/index.ts --target=bun --outdir=./dist
+
+      - name: Test
+        run: bun test || echo "No tests found, skipping..."
+        continue-on-error: true
+
+  build-docker:
+    name: Build Docker Image
+    runs-on: ubuntu-latest
+    needs: lint-and-test
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          tags: vicinae-store:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          target: production
+
+      - name: Test Docker image
+        run: |
+          docker run --rm -d --name test-container \
+            -e DATABASE_URL="file:./test.db" \
+            -e API_SECRET="test-secret" \
+            -e LOCAL_STORAGE_PATH="/app/storage" \
+            -e LOCAL_STORAGE_URL="http://localhost:3000/storage" \
+            vicinae-store:test
+
+          # Wait for container to be healthy
+          sleep 10
+
+          # Check if container is running
+          docker ps | grep test-container
+
+          # Check health endpoint
+          docker exec test-container wget --spider --tries=3 http://localhost:3000/ || true
+
+          # Cleanup
+          docker stop test-container

.github/workflows/deploy.yml

@@ -0,0 +1,105 @@
+name: Deploy
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  build-and-push:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=sha,prefix={{branch}}-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          target: production
+
+  deploy:
+    name: Deploy to Server
+    runs-on: ubuntu-latest
+    needs: build-and-push
+    environment:
+      name: production
+      url: https://${{ vars.DOMAIN }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Deploy to server via SSH
+        uses: appleboy/ssh-action@v1.0.0
+        with:
+          host: ${{ secrets.DEPLOY_HOST }}
+          username: ${{ secrets.DEPLOY_USER }}
+          key: ${{ secrets.DEPLOY_SSH_KEY }}
+          port: ${{ secrets.DEPLOY_PORT || 22 }}
+          script: |
+            set -e
+
+            # Navigate to application directory
+            cd ${{ secrets.DEPLOY_PATH || '/opt/vicinae-store' }}
+
+            # Log in to GitHub Container Registry
+            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+            # Pull latest image
+            docker-compose pull app
+
+            # Run migrations (if any)
+            docker-compose run --rm app bun prisma migrate deploy || true
+
+            # Recreate and restart app container
+            docker-compose up -d --force-recreate app
+
+            # Wait for health check
+            echo "Waiting for application to be healthy..."
+            sleep 10
+
+            # Verify deployment
+            docker-compose ps app
+
+            # Clean up old images
+            docker image prune -f
+
+            echo "Deployment completed successfully!"
+
+      - name: Notify deployment status
+        if: always()
+        run: |
+          if [ "${{ job.status }}" == "success" ]; then
+            echo "✅ Deployment successful!"
+          else
+            echo "❌ Deployment failed!"
+            exit 1
+          fi

Caddyfile

@@ -0,0 +1,58 @@
+# Caddyfile for Vicinae Extension Store
+# Caddy automatically provisions and renews SSL certificates via Let's Encrypt
+
+{$DOMAIN} {
+	# Enable compression
+	encode gzip zstd
+
+	# Reverse proxy to Hono app
+	reverse_proxy app:3000 {
+		# Health check
+		health_uri /
+		health_interval 30s
+		health_timeout 5s
+
+		# Headers
+		header_up X-Real-IP {remote_host}
+		header_up X-Forwarded-For {remote_host}
+		header_up X-Forwarded-Proto {scheme}
+	}
+
+	# Security headers
+	header {
+		# Remove server header
+		-Server
+
+		# Security headers
+		X-Content-Type-Options "nosniff"
+		X-Frame-Options "DENY"
+		Referrer-Policy "strict-origin-when-cross-origin"
+
+		# CORS headers for extension downloads
+		Access-Control-Allow-Origin "*"
+		Access-Control-Allow-Methods "GET, POST, OPTIONS"
+		Access-Control-Allow-Headers "Content-Type, Authorization"
+	}
+
+	# Rate limiting for uploads (100 requests per minute)
+	rate_limit {
+		zone upload {
+			key {remote_host}
+			events 100
+			window 1m
+		}
+
+		match {
+			path /extension/upload
+		}
+	}
+
+	# Logging
+	log {
+		output file /data/access.log {
+			roll_size 100mb
+			roll_keep 5
+		}
+		format json
+	}
+}