will/rxminder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Complete NodeJS-native setup

Browse Source 
- Migrated from Python pre-commit to NodeJS-native solution
- Reorganized documentation structure
- Set up Husky + lint-staged for efficient pre-commit hooks
- Fixed Dockerfile healthcheck issue
- Added comprehensive documentation index
This commit is contained in:
William Valentin
2025-09-06 01:42:48 -07:00
commit e48adbcb00
159 changed files with 24405 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

236
.gitea/README.md Normal file
View File

@@ -0,0 +1,236 @@
# Gitea Actions Configuration for RxMinder
## Environment Variables
### Required Secrets (Configure in Gitea Repository Settings)
```
GITEA_TOKEN # Gitea access token for registry access
VITE_COUCHDB_PASSWORD # CouchDB password (sensitive)
DEPLOYMENT_WEBHOOK_URL # Optional: webhook for deployment notifications
```
### Repository Variables (Configure in Gitea Repository Settings)
```
VITE_COUCHDB_URL # Default: http://localhost:5984
VITE_COUCHDB_USER # Default: admin
APP_BASE_URL # Default: http://localhost:8080
VITE_GOOGLE_CLIENT_ID # Optional: Google OAuth client ID
VITE_GITHUB_CLIENT_ID # Optional: GitHub OAuth client ID
GITEA_REGISTRY # Container registry URL (e.g., gitea.yourdomain.com)
GITEA_REPOSITORY # Repository name (e.g., username/rxminder)
```
### Environment Variables (.env file)
The scripts will automatically load configuration from your `.env` file. Copy `.env.example` to `.env` and customize:
```bash
# Copy example and customize
cp .env.example .env
# Key variables for container registry:
CONTAINER_REGISTRY=gitea.yourdomain.com
CONTAINER_REPOSITORY=username/rxminder
GITEA_REGISTRY=gitea.yourdomain.com # Alternative to CONTAINER_REGISTRY
GITEA_REPOSITORY=username/rxminder # Alternative to CONTAINER_REPOSITORY
```
## Gitea Actions Features
### Workflows
- **Build & Test**: Multi-platform Docker builds with buildx
- **Security Scanning**: Trivy vulnerability scanning
- **Deployment**: Automated deployment to production
- **Cleanup**: Registry and image cleanup
### Multi-Platform Support
- linux/amd64 (Intel/AMD)
- linux/arm64 (ARM64/Apple Silicon)
### Caching Strategy
- Registry-based caching for faster builds
- Layer caching between builds
- Dependency caching for Node.js/Bun
## Setup Instructions
### 1. Gitea Server Requirements
```bash
# Minimum Gitea version
Gitea >= 1.20.0 with Actions enabled
# Required Gitea features
- Gitea Actions enabled
- Container Registry enabled
- Runners configured
```
### 2. Configure Gitea Runner
```yaml
# .gitea/runners/config.yml (on runner machine)
name: 'rxminder-runner'
labels:
- 'ubuntu-latest'
- 'self-hosted'
capabilities:
- docker
- buildx
```
### 3. Repository Configuration
```bash
# 1. Go to Repository Settings → Actions → Secrets
# Add required secrets and variables
# 2. Go to Repository Settings → Packages
# Enable container registry
# 3. Configure runner labels in workflow files if needed
```
### 4. Local Testing
```bash
# Test Gitea Actions locally with act
# Install: https://github.com/nektos/act
# Test the workflow
act -P ubuntu-latest=catthehacker/ubuntu:act-latest
# Test specific job
act -P ubuntu-latest=catthehacker/ubuntu:act-latest -j build
```
## Deployment Targets
### Docker Compose (Default)
```bash
# Deploys using docker-compose.yml
# Suitable for single-server deployments
./scripts/gitea-deploy.sh production
```
### Kubernetes
```bash
# Deploys to Kubernetes cluster
# Requires kubectl configured
./scripts/gitea-deploy.sh kubernetes
```
### Staging Environment
```bash
# Deploys to staging with different configs
./scripts/gitea-deploy.sh staging
```
## Monitoring & Notifications
### Health Checks
- Frontend: `http://localhost:8080/health`
- CouchDB: `http://localhost:5984/_up`
### Deployment Notifications
Configure `DEPLOYMENT_WEBHOOK_URL` to receive notifications:
```json
{
"text": "✅ RxMinder deployed to production",
"environment": "production",
"image": "gitea.example.com/user/rxminder:abc123"
}
```
## Troubleshooting
### Common Issues
1. **Build Fails - Buildx Not Available**
```bash
# Ensure Docker Buildx is installed on runner
docker buildx version
```
2. **Registry Push Fails**
```bash
# Check GITEA_TOKEN has package write permissions
# Verify registry URL is correct
```
3. **Deployment Fails**
```bash
# Check environment variables are set
# Verify server has Docker/Kubernetes access
```
### Debug Commands
```bash
# Check workflow logs in Gitea UI
# Repository → Actions → [Workflow Run]
# Test deployment script locally
./scripts/gitea-deploy.sh production --debug
# Check service status
docker-compose -f docker/docker-compose.yaml ps
docker-compose -f docker/docker-compose.yaml logs
```
## Security Considerations
### Image Scanning
- Trivy vulnerability scanning in CI
- Base image security updates
- Dependency audit checks
### Secrets Management
- Use Gitea secrets for sensitive data
- Rotate access tokens regularly
- Limit token permissions
### Registry Security
- Private registry recommended
- Image signing (optional)
- Regular image cleanup
## Performance Optimization
### Build Optimization
- Multi-stage Dockerfile
- Layer caching
- Minimal base images
### Deployment Optimization
- Health checks
- Rolling updates
- Resource limits
## Migration from GitHub Actions
If migrating from GitHub Actions:
1. **Copy workflow structure** (already compatible)
2. **Update variable references**: `github.` → `gitea.`
3. **Configure secrets** in Gitea repository settings
4. **Test locally** with act before pushing
5. **Update registry URLs** if different

45
.gitea/docker-compose.ci.yml Normal file
View File

@@ -0,0 +1,45 @@
# Gitea Actions CI/CD Docker Compose Override
# This file provides CI-specific configurations for Gitea Actions
version: '3.8'
services:
# Frontend service with CI optimizations
frontend:
build:
context: .
target: builder
cache_from:
- ${REGISTRY:-gitea.example.com}/${IMAGE_NAME:-rxminder}:buildcache
args:
# Use build args from CI environment
- VITE_COUCHDB_URL=${VITE_COUCHDB_URL:-http://couchdb:5984}
- VITE_COUCHDB_USER=${VITE_COUCHDB_USER:-admin}
- VITE_COUCHDB_PASSWORD=${VITE_COUCHDB_PASSWORD:-change-this-secure-password}
- APP_BASE_URL=${APP_BASE_URL:-http://localhost:8080}
- VITE_GOOGLE_CLIENT_ID=${VITE_GOOGLE_CLIENT_ID:-}
- VITE_GITHUB_CLIENT_ID=${VITE_GITHUB_CLIENT_ID:-}
- NODE_ENV=production
environment:
- CI=true
labels:
- 'gitea.ci=true'
- 'gitea.project=rxminder'
# Test database for CI
couchdb-test:
image: couchdb:3.3.2
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=test-secure-password
ports:
- '5985:5984'
volumes:
- couchdb_test_data:/opt/couchdb/data
labels:
- 'gitea.ci=true'
- 'gitea.service=test-database'
volumes:
couchdb_test_data:
driver: local

156
.gitea/gitea-bake.hcl Normal file
View File

@@ -0,0 +1,156 @@
# Gitea-specific Docker Bake file for advanced multi-platform builds
# Usage: docker buildx bake -f gitea-bake.hcl
variable "GITEA_REGISTRY" {
default = notequal("", GITEA_REGISTRY) ? GITEA_REGISTRY : "ghcr.io"
}
variable "GITEA_REPOSITORY" {
default = notequal("", GITEA_REPOSITORY) ? GITEA_REPOSITORY : "user/rxminder"
}
variable "TAG" {
default = "latest"
}
variable "GITEA_SHA" {
default = "dev"
}
variable "VITE_COUCHDB_URL" {
default = "http://localhost:5984"
}
variable "VITE_COUCHDB_USER" {
default = "admin"
}
variable "VITE_COUCHDB_PASSWORD" {
default = "change-this-secure-password"
}
variable "APP_BASE_URL" {
default = "http://localhost:8080"
}
variable "VITE_GOOGLE_CLIENT_ID" {
default = ""
}
variable "VITE_GITHUB_CLIENT_ID" {
default = ""
}
group "default" {
targets = ["app"]
}
group "ci" {
targets = ["app-ci"]
}
target "app" {
dockerfile = "Dockerfile"
context = "."
platforms = [
"linux/amd64",
"linux/arm64"
]
tags = [
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:${TAG}",
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:latest"
]
args = {
VITE_COUCHDB_URL = "${VITE_COUCHDB_URL}"
VITE_COUCHDB_USER = "${VITE_COUCHDB_USER}"
VITE_COUCHDB_PASSWORD = "${VITE_COUCHDB_PASSWORD}"
APP_BASE_URL = "${APP_BASE_URL}"
VITE_GOOGLE_CLIENT_ID = "${VITE_GOOGLE_CLIENT_ID}"
VITE_GITHUB_CLIENT_ID = "${VITE_GITHUB_CLIENT_ID}"
NODE_ENV = "production"
}
# Gitea registry caching
cache-from = [
"type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"
]
cache-to = [
"type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache,mode=max"
]
}
# CI-specific target with commit SHA tagging
target "app-ci" {
inherits = ["app"]
tags = [
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:${GITEA_SHA}",
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:latest"
]
# Enhanced CI-specific features
attest = [
"type=provenance,mode=max",
"type=sbom"
]
# CI registry push
output = ["type=registry"]
}
# Development target for local builds
target "dev" {
inherits = ["app"]
platforms = ["linux/amd64"]
tags = ["rxminder:dev"]
# Local caching only
cache-from = ["type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"]
cache-to = ["type=registry,ref=${GITEA_REGISTRY}/${GITEA_REPOSITORY}:buildcache"]
# Load locally instead of push
output = ["type=docker"]
}
# Production target with full attestations
target "prod" {
inherits = ["app-ci"]
# Production-specific tags
tags = [
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:prod-${TAG}",
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:production"
]
# Full security attestations for production
attest = [
"type=provenance,mode=max",
"type=sbom"
]
}
# Staging target
target "staging" {
inherits = ["app"]
platforms = ["linux/amd64"] # Single platform for staging
tags = [
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:staging-${TAG}",
"${GITEA_REGISTRY}/${GITEA_REPOSITORY}:staging"
]
# Staging-specific build args
args = {
VITE_COUCHDB_URL = "${VITE_COUCHDB_URL}"
VITE_COUCHDB_USER = "${VITE_COUCHDB_USER}"
VITE_COUCHDB_PASSWORD = "${VITE_COUCHDB_PASSWORD}"
APP_BASE_URL = "http://staging.localhost:8080"
VITE_GOOGLE_CLIENT_ID = "${VITE_GOOGLE_CLIENT_ID}"
VITE_GITHUB_CLIENT_ID = "${VITE_GITHUB_CLIENT_ID}"
NODE_ENV = "staging"
}
output = ["type=registry"]
}

178
.gitea/workflows/ci-cd.yml Normal file
View File

@@ -0,0 +1,178 @@
name: Build and Deploy
on:
push:
branches: [main, develop]
pull_request:
branches: [main]
env:
# Use environment variables for registry configuration
REGISTRY: ${{ vars.GITEA_REGISTRY || secrets.GITEA_REGISTRY || 'ghcr.io' }}
IMAGE_NAME: ${{ gitea.repository }}
jobs:
build:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Container Registry
if: gitea.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ gitea.actor }}
password: ${{ secrets.GITEA_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./docker
platforms: linux/amd64,linux/arm64
push: ${{ gitea.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
VITE_COUCHDB_URL=${{ vars.VITE_COUCHDB_URL || 'http://localhost:5984' }}
VITE_COUCHDB_USER=${{ vars.VITE_COUCHDB_USER || 'admin' }}
VITE_COUCHDB_PASSWORD=${{ secrets.VITE_COUCHDB_PASSWORD || 'change-this-secure-password' }}
APP_BASE_URL=${{ vars.APP_BASE_URL || 'http://localhost:8080' }}
VITE_GOOGLE_CLIENT_ID=${{ vars.VITE_GOOGLE_CLIENT_ID || '' }}
VITE_GITHUB_CLIENT_ID=${{ vars.VITE_GITHUB_CLIENT_ID || '' }}
NODE_ENV=production
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache,mode=max
- name: Build with Bake (Alternative)
if: false # Set to true to use bake instead
uses: docker/bake-action@v4
with:
workdir: ./docker
files: docker-bake.hcl
targets: prod
push: ${{ gitea.event_name != 'pull_request' }}
test:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Bun
uses: oven-sh/setup-bun@v1
with:
bun-version: latest
- name: Install dependencies
run: bun install --frozen-lockfile
- name: Run linting
run: bun run lint
- name: Run type checking
run: bun run type-check
- name: Run tests
run: bun run test
- name: Run integration tests
run: bun run test:integration
security:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
if: gitea.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Run security audit
run: |
# Install and run security audit tools
npm audit --audit-level moderate || true
- name: Scan Docker image for vulnerabilities
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ gitea.sha }}'
format: 'table'
exit-code: '0'
deploy:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
needs: [build, test]
if: gitea.ref == 'refs/heads/main' && gitea.event_name == 'push'
environment: production
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Deploy to production
run: |
echo "Deploying to production server..."
# Example deployment script
# You would typically SSH to your server and update the containers
# Install kubectl if deploying to Kubernetes
# curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
# chmod +x kubectl && sudo mv kubectl /usr/local/bin/
# Or deploy via docker-compose
# ssh user@server "cd /app && docker-compose pull && docker-compose up -d"
echo "Deployment placeholder - configure your deployment method"
- name: Notify deployment status
if: always()
run: |
if [ "${{ job.status }}" == "success" ]; then
echo "✅ Deployment successful"
# Send success notification (webhook, email, etc.)
else
echo "❌ Deployment failed"
# Send failure notification
fi
cleanup:
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
needs: [build, test, deploy]
if: always() && gitea.ref == 'refs/heads/main'
steps:
- name: Cleanup old images
run: |
echo "Cleaning up old container images..."
# Add cleanup logic for old images in registry
# This helps manage storage costs
echo "Cleanup placeholder - implement registry cleanup"