mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
Julien G.
c130ed41be
* chore: fix monorepo build pipeline and migrate shared to built package
- Root package.json: add workspace scripts (dev, build, test, test:cov, test:e2e)
that delegate to actual scripts in shared/server/client workspaces
- shared: add tsup build step (CJS + ESM dual output, .d.ts); consumers now import
from the built dist instead of raw TS source via path aliases
- server: replace tsc-alias with tsconfig-paths (tsc-alias mangled node_modules
paths); fix MCP SDK path aliases to point to root node_modules (../node_modules)
- server/scripts/dev.mjs: delay node --watch until tsc -w signals first-pass done,
eliminating the spurious restart on every dev startup
- client/vite.config.js + vitest.config.ts: remove @trek/shared path alias (no longer
needed now that shared is a proper package)
- Consolidate package-lock.json at the workspace root; drop per-workspace lock files
* chore: fix test script to reflect root package.json
* chore: add missing lint and prettier script in root package.json
* fix(ci): build shared before tests; fix vitest MCP SDK alias paths
vitest.config.ts aliases pointed at ./node_modules/ (server-local) but
packages are hoisted to the root node_modules/ in the npm workspace —
changed to ../node_modules/.
CI jobs now install and build shared before running server/client tests
so that @trek/shared's dist/ exists when vitest resolves the package.
* fix(docker): update Dockerfile and CI for monorepo workspace structure
Dockerfile:
- Add shared-builder stage that produces @trek/shared dist before
client and server stages need it
- Each build stage carries root package.json + package-lock.json so npm
can resolve @trek/shared as a workspace dependency
- Production stage installs via workspace context (npm ci --workspace=server
--omit=dev) so node_modules/@trek/shared symlinks to shared/dist correctly
- Copy server/tsconfig.json into the image so tsconfig-paths/register can
find the MCP SDK path aliases at runtime
- CMD cds into /app/server before starting node so tsconfig-paths baseUrl
resolves and ../node_modules points to /app/node_modules
- Remove mkdir for /app/server (now a real dir); keep symlinks for uploads/data
docker.yml version-bump:
- Replace manual per-workspace cd+npm-version calls with single:
npm version --workspaces --include-workspace-root --no-git-tag-version
(mirrors the version:* scripts in root package.json)
- git add now references root package-lock.json; adds shared/package.json
.dockerignore: add shared/dist
package.json: fix version:prerelease preid (alpha → pre)
* fix(tests): use in-memory SQLite per worker in test mode
vitest pool:forks spawns parallel worker processes that all called
initDb() on the same data/travel.db, causing SQLite "database is locked"
and "duplicate column name" races.
When NODE_ENV=test each fork now gets an isolated :memory: DB so migrations
run independently with no file contention.
* chore(ci): add ACT guards to skip DockerHub steps in local act runs
act sets ACT=true automatically. Guards added:
- docker login: if: ${{ !env.ACT }}
- build outputs: type=docker (local load) when ACT, push-by-digest when CI
- digest export/upload: if: ${{ !env.ACT }}
- merge job: if: ${{ !env.ACT }}
- release-helm job (docker.yml): if: ${{ !env.ACT }}
- version-bump git push (docker.yml): wrapped in [ -z "$ACT" ] shell guard
Run locally with:
./bin/act -j build -W .github/workflows/docker.yml \
-P ubuntu-latest=catthehacker/ubuntu:act-latest
* fix(ci): move ACT guards to step level; add guards to security.yml
env context is invalid in job-level if conditions — moved all ACT
guards down to individual steps. Also guards docker login + scout
in security.yml so act can run the build-only part of that workflow.
* fix(ci): skip git fetch and tag logic in act (no remote access in local containers)
* Revert "fix(ci): skip git fetch and tag logic in act (no remote access in local containers)"
This reverts commit 67cf290cda.
* Revert "fix(ci): move ACT guards to step level; add guards to security.yml"
This reverts commit f92b95e054.
* Revert "chore(ci): add ACT guards to skip DockerHub steps in local act runs"
This reverts commit 797183de08.
* fix(docker): add musl optional deps so alpine builds find native rollup/sharp binaries
npm prunes libc-constrained optional deps to the host libc (glibc) when
generating the lockfile, leaving no musl entry for Alpine containers.
Declaring the x64/arm64 musl variants as explicit root optionalDependencies
forces them into the lockfile so npm ci on Alpine can install them.
Covers shared-builder (tsup/rollup) and client-builder (vite/rollup + sharp
icon generation) for both linux/amd64 and linux/arm64 CI targets.
* fix(docker): copy client dist into server/public so the server resolves static files correctly
The server runs from /app/server and serves static files relative to that
directory, so the client build output must land at /app/server/public, not /app/public.
220 lines
7.1 KiB
YAML
220 lines
7.1 KiB
YAML
name: Build & Push Docker Image
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths-ignore:
|
|
- 'docs/**'
|
|
- '**/*.md'
|
|
- 'wiki/**'
|
|
- '.github/workflows/**'
|
|
- '.github/ISSUE_TEMPLATE/**'
|
|
- '.github/FUNDING.yml'
|
|
- '.github/PULL_REQUEST_TEMPLATE.md'
|
|
workflow_dispatch:
|
|
inputs:
|
|
bump:
|
|
description: 'Force bump line (auto = patch/finalize as today)'
|
|
type: choice
|
|
options: [auto, patch, minor, major]
|
|
default: auto
|
|
confirm_major:
|
|
description: "Type MAJOR (all caps) to confirm a major release"
|
|
type: string
|
|
default: ''
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
concurrency:
|
|
group: stable-build
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
version-bump:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
version: ${{ steps.bump.outputs.VERSION }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
fetch-tags: true
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Determine bump type and update version
|
|
id: bump
|
|
run: |
|
|
git fetch --tags
|
|
|
|
# Derive version from git tags — no package.json dependency
|
|
STABLE_TAG=$(git tag -l 'v[0-9]*.[0-9]*.[0-9]*' | grep -v '\-pre\.' | sort -V | tail -1)
|
|
STABLE="${STABLE_TAG#v}"
|
|
STABLE="${STABLE:-0.0.0}"
|
|
|
|
PRE_TAG=$(git tag -l 'v*-pre.*' | sort -V | tail -1)
|
|
|
|
BUMP_INPUT="${{ github.event.inputs.bump || 'auto' }}"
|
|
IFS='.' read -r MAJOR MINOR PATCH <<< "$STABLE"
|
|
|
|
if [ "$BUMP_INPUT" = "major" ]; then
|
|
if [ "${{ github.event.inputs.confirm_major }}" != "MAJOR" ]; then
|
|
echo "::error::confirm_major must equal 'MAJOR' to cut a major release"
|
|
exit 1
|
|
fi
|
|
NEW_VERSION="$((MAJOR + 1)).0.0"
|
|
BUMP="major"
|
|
elif [ "$BUMP_INPUT" = "minor" ]; then
|
|
NEW_VERSION="${MAJOR}.$((MINOR + 1)).0"
|
|
BUMP="minor"
|
|
elif [ "$BUMP_INPUT" = "patch" ]; then
|
|
NEW_VERSION="${MAJOR}.${MINOR}.$((PATCH + 1))"
|
|
BUMP="patch"
|
|
else
|
|
# auto: finalize in-flight prerelease if one exists, else patch
|
|
if [ -n "$PRE_TAG" ]; then
|
|
PRE_BASE="${PRE_TAG#v}"
|
|
PRE_BASE="${PRE_BASE%-pre.*}"
|
|
PRE_MAJOR="$(echo "$PRE_BASE" | cut -d. -f1)"
|
|
# Refuse to auto-finalize a major bump — it bypasses confirm_major
|
|
if [ "$PRE_MAJOR" -gt "$MAJOR" ]; then
|
|
echo "::error::In-flight prerelease $PRE_TAG is a major bump ($STABLE → $PRE_BASE). Use bump=major with confirm_major=MAJOR to finalize."
|
|
exit 1
|
|
fi
|
|
# If prerelease base is strictly greater than stable, finalize it
|
|
HIGHEST=$(printf '%s\n' "$PRE_BASE" "$STABLE" | sort -V | tail -1)
|
|
if [ "$HIGHEST" = "$PRE_BASE" ] && [ "$PRE_BASE" != "$STABLE" ]; then
|
|
NEW_VERSION="$PRE_BASE"
|
|
BUMP="finalize"
|
|
else
|
|
PATCH=$((PATCH + 1))
|
|
NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
|
|
BUMP="patch"
|
|
fi
|
|
else
|
|
PATCH=$((PATCH + 1))
|
|
NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
|
|
BUMP="patch"
|
|
fi
|
|
fi
|
|
|
|
echo "Bump type: $BUMP"
|
|
echo "VERSION=$NEW_VERSION" >> $GITHUB_OUTPUT
|
|
echo "$STABLE → $NEW_VERSION ($BUMP)"
|
|
|
|
# Update all workspace + root package.json files and the root lockfile in one shot
|
|
npm version "$NEW_VERSION" --workspaces --include-workspace-root --no-git-tag-version
|
|
sed -i "s/^version: .*/version: $NEW_VERSION/" charts/trek/Chart.yaml
|
|
sed -i "s/^appVersion: .*/appVersion: \"$NEW_VERSION\"/" charts/trek/Chart.yaml
|
|
|
|
# Commit and tag
|
|
git config user.name "github-actions[bot]"
|
|
git config user.email "github-actions[bot]@users.noreply.github.com"
|
|
git add package.json package-lock.json server/package.json client/package.json shared/package.json charts/trek/Chart.yaml
|
|
git commit -m "chore: bump version to $NEW_VERSION [skip ci]"
|
|
git tag "v$NEW_VERSION"
|
|
git push origin main --follow-tags
|
|
|
|
build:
|
|
runs-on: ${{ matrix.runner }}
|
|
needs: version-bump
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- platform: linux/amd64
|
|
runner: ubuntu-latest
|
|
- platform: linux/arm64
|
|
runner: ubuntu-24.04-arm
|
|
steps:
|
|
- name: Prepare platform tag-safe name
|
|
run: echo "PLATFORM_PAIR=$(echo ${{ matrix.platform }} | sed 's|/|-|g')" >> $GITHUB_ENV
|
|
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
|
|
- uses: docker/setup-buildx-action@v3
|
|
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Build and push by digest
|
|
id: build
|
|
uses: docker/build-push-action@v6
|
|
with:
|
|
context: .
|
|
platforms: ${{ matrix.platform }}
|
|
outputs: type=image,name=mauriceboe/trek,push-by-digest=true,name-canonical=true,push=true
|
|
no-cache: true
|
|
build-args: |
|
|
APP_VERSION=${{ needs.version-bump.outputs.version }}
|
|
|
|
- name: Export digest
|
|
run: |
|
|
mkdir -p /tmp/digests
|
|
digest="${{ steps.build.outputs.digest }}"
|
|
touch "/tmp/digests/${digest#sha256:}"
|
|
|
|
- name: Upload digest artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: digests-${{ env.PLATFORM_PAIR }}
|
|
path: /tmp/digests/*
|
|
if-no-files-found: error
|
|
retention-days: 1
|
|
|
|
merge:
|
|
runs-on: ubuntu-latest
|
|
needs: [version-bump, build]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
|
|
- name: Download build digests
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
path: /tmp/digests
|
|
pattern: digests-*
|
|
merge-multiple: true
|
|
|
|
- uses: docker/setup-buildx-action@v3
|
|
|
|
- uses: docker/login-action@v3
|
|
with:
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
|
|
- name: Create and push multi-arch manifest
|
|
working-directory: /tmp/digests
|
|
run: |
|
|
VERSION="${{ needs.version-bump.outputs.version }}"
|
|
mapfile -t digests < <(printf 'mauriceboe/trek@sha256:%s\n' *)
|
|
MAJOR_TAG="$(echo "$VERSION" | cut -d. -f1)"
|
|
docker buildx imagetools create \
|
|
-t "mauriceboe/trek:latest" \
|
|
-t "mauriceboe/trek:$MAJOR_TAG" \
|
|
-t "mauriceboe/trek:$VERSION" \
|
|
"${digests[@]}"
|
|
|
|
- name: Inspect manifest
|
|
run: docker buildx imagetools inspect mauriceboe/trek:latest
|
|
|
|
release-helm:
|
|
runs-on: ubuntu-latest
|
|
needs: version-bump
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: main
|
|
|
|
- name: Publish Helm chart
|
|
uses: stefanprodan/helm-gh-pages@v1.7.0
|
|
with:
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
charts_dir: charts
|