TehRiehlDeal
8c10124272
CI / test (push) Successful in 25s
CI / lint (push) Successful in 28s
CI / secrets-scan (push) Successful in 5s
CI / vuln-scan (push) Successful in 12s
CI / sast (push) Successful in 10s
CI / build-images (push) Failing after 51s
CI / image-scan (push) Has been skipped
CI / push (push) Has been skipped
Wires up the CD half of the pipeline. New jobs build multi-stage Docker images for the frontend and backend, run a Trivy image scan that fails on HIGH/CRITICAL findings, and push to harbor.tehriehldeal.com on main only. Each push tags <version> (from package.json), <sha>, and latest; a pre-push existence check refuses to overwrite a version tag that already points at a different digest, forcing a real bump. The Vite frontend now reads runtime config from window.__RUNTIME_CONFIG__, populated by /config.js which nginx renders from container env vars at startup via envsubst. A getConfig() helper falls back to import.meta.env for `pnpm dev` and Vitest, so existing test scaffolding keeps working. PWA workbox excludes /config.js from precache and serves it NetworkOnly to keep stale config from surviving a container restart. Bumps frontend 0.0.0→0.1.0 and backend 0.0.1→0.1.0 (production deployment is a meaningful new capability for both packages). Also fixes four pre-existing tsc -b errors that the new vite build step in the frontend Dockerfile would otherwise hit: global.fetch → globalThis.fetch in three test files, null-guard in Activity.tsx account filter, type cast on Recharts Pie onClick in Dashboard.tsx, typed callback signature on the auth.test.ts onAuthStateChange mock. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
82 lines
2.4 KiB
TypeScript
82 lines
2.4 KiB
TypeScript
import path from 'path';
|
|
import { defineConfig } from 'vite';
|
|
import react from '@vitejs/plugin-react';
|
|
import tailwindcss from '@tailwindcss/vite';
|
|
import { VitePWA } from 'vite-plugin-pwa';
|
|
|
|
// https://vite.dev/config/
|
|
export default defineConfig({
|
|
plugins: [
|
|
react(),
|
|
tailwindcss(),
|
|
VitePWA({
|
|
registerType: 'autoUpdate',
|
|
includeAssets: ['favicon.svg', 'apple-touch-icon.png'],
|
|
manifest: {
|
|
name: 'TehRiehlBudget',
|
|
short_name: 'Budget',
|
|
description: 'Personal finance tracker — accounts, transactions, and AI-powered insights',
|
|
theme_color: '#059669',
|
|
background_color: '#ffffff',
|
|
display: 'standalone',
|
|
start_url: '/',
|
|
scope: '/',
|
|
icons: [
|
|
{
|
|
src: 'favicon.svg',
|
|
sizes: 'any',
|
|
type: 'image/svg+xml',
|
|
purpose: 'any',
|
|
},
|
|
{
|
|
src: 'icon-192.png',
|
|
sizes: '192x192',
|
|
type: 'image/png',
|
|
purpose: 'any maskable',
|
|
},
|
|
{
|
|
src: 'icon-512.png',
|
|
sizes: '512x512',
|
|
type: 'image/png',
|
|
purpose: 'any maskable',
|
|
},
|
|
],
|
|
},
|
|
workbox: {
|
|
// /config.js is rendered at container start from runtime env vars; it
|
|
// must never be precached or cached at runtime, otherwise a stale build
|
|
// can keep serving an old config after a restart.
|
|
globIgnores: ['**/config.js', '**/config.template.js'],
|
|
// Avoid caching API responses or runtime config — always go to network
|
|
navigateFallbackDenylist: [/^\/api\//, /^\/config\.js$/],
|
|
runtimeCaching: [
|
|
{
|
|
urlPattern: ({ url }) => url.pathname.startsWith('/api/'),
|
|
handler: 'NetworkOnly',
|
|
},
|
|
{
|
|
urlPattern: ({ url }) => url.pathname === '/config.js',
|
|
handler: 'NetworkOnly',
|
|
},
|
|
{
|
|
urlPattern: ({ request }) => request.destination === 'image',
|
|
handler: 'CacheFirst',
|
|
options: {
|
|
cacheName: 'images',
|
|
expiration: { maxEntries: 50, maxAgeSeconds: 60 * 60 * 24 * 30 },
|
|
},
|
|
},
|
|
],
|
|
},
|
|
devOptions: {
|
|
enabled: false,
|
|
},
|
|
}),
|
|
],
|
|
resolve: {
|
|
alias: {
|
|
'@': path.resolve(__dirname, './src'),
|
|
},
|
|
},
|
|
});
|