Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ebe3a50389a1be5ced4b020849c281d306d2d86f
Shade/scripts/build-docker.ts

66 lines
2.0 KiB
TypeScript
Raw Normal View History

feat(container): M-Box 1-8 — stack-agnostic standalone Docker container Shade now ships as a self-contained Docker image. Deploy one container per project, any stack (Bun, Python, Go, Rust, Kotlin) can talk to it via plain HTTP. Zero coupling to consumer codebases. M-Box 1: Stale identity cleanup API - touchIdentity + purgeStaleIdentities on PrekeyStore interface - Implemented for Memory, SQLite, and Postgres backends - SQLite adds last_activity_at column with migration ALTER for existing DBs - Postgres adds the same via raw SQL with IF NOT EXISTS guards - Routes call touchIdentity on register, bundle fetch, replenish - 4 new tests for the cleanup API M-Box 2: Stale cleanup background task - StaleCleanupTask runs purge on startup + every 24h (configurable) - Reads SHADE_STALE_DAYS (default 30) and SHADE_CLEANUP_INTERVAL_HOURS - Wired into standalone.ts, stopped on graceful shutdown - 5 new tests for the task M-Box 3: Observer baked into the container - standalone.ts conditionally mounts @shade/observer at /shade-observer when SHADE_OBSERVER_TOKEN is set (and >= 16 chars) - Shared PrekeyServerEvents emitter feeds both routes and observer - @shade/observer added as optional dependency of @shade/server M-Box 4: Dockerfile with dashboard build - Multi-stage build: oven/bun:1 builder → oven/bun:1-alpine runtime - COPY packages/ wholesale so workspace lockfile resolves cleanly - RUN bun run build inside shade-dashboard → dist/ → observer/dist/ - Non-root shade user, /data volume, healthcheck, env defaults - Final image: 260 MB M-Box 5: OpenAPI spec for stack-agnostic clients - packages/shade-server/openapi.yaml documents all 9 endpoints with request/response schemas, security (Ed25519 signatures + bearer token) - createOpenApiRoutes serves /openapi.yaml and /docs (Redoc viewer) - Any language can generate a client with openapi-generator M-Box 6: Docker CI pipeline - .gitea/workflows/docker.yml builds + pushes on git tag v* - scripts/build-docker.ts for local builds, supports --push with GITEA_TOKEN - Root package.json: build:docker, publish:docker scripts M-Box 7: Deployment documentation - packages/shade-server/README rewritten: 5-line quickstart with the image - docs/DEPLOYMENT.md: full reference, env vars, backup, Dokploy, PG setup - examples/05-dokploy-deployment/docker-compose.yml updated to pull published image (gt.zyon.no/stian/shade-prekey:latest) - Root README deployment section rewritten M-Box 8: End-to-end verification - Image builds locally (bun run build:docker) - /health, /openapi.yaml, /docs, /metrics, /shade-observer all respond - 401 without observer token, 200 with - Real SDK client round-trip: Alice → container → Bob → reply → Alice - Persistence: identity + prekeys survive container restart (count 20→18 as expected from two bundle fetches) 285 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 14:29:00 +02:00
#!/usr/bin/env bun
/**
* Build the Shade Prekey Server Docker image locally.
*
* Usage:
* bun run build:docker # build as shade-prekey:dev
* bun run build:docker -- --tag X # custom tag
* bun run build:docker -- --push # build + push to Gitea registry
*
* Env:
* GITEA_TOKEN required for --push
* GITEA_USER default Stian
*/
import { $ } from 'bun';
const args = process.argv.slice(2);
const tagIdx = args.indexOf('--tag');
const tag = tagIdx >= 0 ? args[tagIdx + 1] : 'dev';
const shouldPush = args.includes('--push');
const user = process.env.GITEA_USER ?? 'Stian';
const registry = 'gt.zyon.no';
const image = `${registry.toLowerCase()}/${user.toLowerCase()}/shade-prekey`;
const fullTag = `${image}:${tag}`;
async function main() {
console.log(`Building ${fullTag}`);
await $`docker build -f packages/shade-server/Dockerfile -t ${fullTag} .`;
console.log(`✓ Built ${fullTag}`);
const { stdout: size } = await $`docker images ${fullTag} --format {{.Size}}`.quiet();
console.log(` Size: ${size.toString().trim()}`);
if (shouldPush) {
const token = process.env.GITEA_TOKEN;
if (!token) {
console.error('GITEA_TOKEN env var required for --push');
process.exit(1);
}
console.log(`Pushing ${fullTag}`);
// Login via stdin to avoid leaking token in process table
const loginProc = Bun.spawn(['docker', 'login', registry, '-u', user, '--password-stdin'], {
stdin: 'pipe',
stdout: 'inherit',
stderr: 'inherit',
});
loginProc.stdin.write(token);
await loginProc.stdin.end();
await loginProc.exited;
await $`docker push ${fullTag}`;
console.log(`✓ Pushed ${fullTag}`);
if (tag !== 'latest') {
const latestTag = `${image}:latest`;
await $`docker tag ${fullTag} ${latestTag}`;
await $`docker push ${latestTag}`;
console.log(`✓ Pushed ${latestTag}`);
}
}
}
main().catch((err) => {
console.error(err);
process.exit(1);
});
Reference in New Issue Copy Permalink