TehRiehlDeal/movieloop-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a0d76bc95855d9e541ea3a81e56908cef9bca4cc
movieloop-frontend/Dockerfile
T
TehRiehlDeal a0d76bc958
frontend-ci / lint (push) Successful in 15s
Details
frontend-ci / typecheck (push) Successful in 14s
Details
frontend-ci / secrets-scan (push) Failing after 4s
Details
frontend-ci / sast (push) Successful in 7s
Details
frontend-ci / fs-scan (push) Failing after 1m27s
Details
frontend-ci / image-scan (push) Has been cancelled
Details
frontend-ci / push (push) Has been cancelled
Details
frontend-ci / build (push) Has been cancelled
Details
feat: runtime config, Gitea Actions pipeline, and Harbor push 
Runtime config (src/lib/config.ts, src/api/client.ts, src/lib/ws.ts,
index.html, Dockerfile, nginx.conf, docker/):
- New typed getConfig() helper reads window.__APP_CONFIG__ at runtime
  with import.meta.env.VITE_API_URL as a dev-only fallback.
- index.html loads <script src="/config.js"> synchronously before the
  bundle. /config.js is rendered at container start via envsubst on
  docker/config.js.template, populated from the API_URL env var
  (docker/40-render-config.sh runs as part of the official nginx:alpine
  /docker-entrypoint.d sequence).
- Dockerfile drops the VITE_API_URL build arg — one image works across
  all environments now.
- nginx.conf adds Cache-Control: no-store on /config.js so browsers and
  CDNs don't pin stale config.

Pipeline (.gitea/workflows/ci.yml):
- lint, typecheck, gitleaks, semgrep, Trivy fs+image scans, buildx
  build with gha cache, Harbor push gated on `main` or v* tags
- Image tags via metadata-action: :latest (main only), :sha-<full>,
  semver-derived :1.2.3 / :1.2 / :1 from v* tags
- Secrets: HARBOR_HOST, MOVIELOOP_USERNAME, MOVIELOOP_PASSWORD

Versioning (package.json, .versionrc.json):
- Bumped to 1.0.0 baseline
- Added commit-and-tag-version devDep + release scripts. Conventional
  Commits drive bumps; CHANGELOG hides chore/ci/etc.

Scan configs:
- .gitleaks.toml allows .env.example
- .semgrepignore excludes node_modules/, dist/, coverage/, public/
- .trivyignore placeholder with format docs

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 17:44:33 -07:00

30 lines
914 B
Docker
Raw Blame History

# --- Dev stage ---
FROM node:22-alpine AS dev
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
EXPOSE 5173
CMD ["npm", "run", "dev", "--", "--host"]
# --- Build stage ---
# No VITE_API_URL build arg: the production image uses runtime config (/config.js)
# rendered at container startup. See docker/40-render-config.sh.
FROM node:22-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# --- Production stage ---
FROM nginx:alpine AS production
RUN apk add --no-cache gettext
COPY --from=build /app/dist /usr/share/nginx/html
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY docker/config.js.template /etc/nginx/templates/config.js.template
COPY docker/40-render-config.sh /docker-entrypoint.d/40-render-config.sh
RUN chmod +x /docker-entrypoint.d/40-render-config.sh
EXPOSE 80
# nginx:alpine's upstream entrypoint runs /docker-entrypoint.d/*.sh then launches nginx.
Reference in New Issue View Git Blame Copy Permalink