Sterister
7e0f7320a9
Some checks failed
Test / test (push) Has been cancelled
Shade now ships as a self-contained Docker image. Deploy one container per project, any stack (Bun, Python, Go, Rust, Kotlin) can talk to it via plain HTTP. Zero coupling to consumer codebases. M-Box 1: Stale identity cleanup API - touchIdentity + purgeStaleIdentities on PrekeyStore interface - Implemented for Memory, SQLite, and Postgres backends - SQLite adds last_activity_at column with migration ALTER for existing DBs - Postgres adds the same via raw SQL with IF NOT EXISTS guards - Routes call touchIdentity on register, bundle fetch, replenish - 4 new tests for the cleanup API M-Box 2: Stale cleanup background task - StaleCleanupTask runs purge on startup + every 24h (configurable) - Reads SHADE_STALE_DAYS (default 30) and SHADE_CLEANUP_INTERVAL_HOURS - Wired into standalone.ts, stopped on graceful shutdown - 5 new tests for the task M-Box 3: Observer baked into the container - standalone.ts conditionally mounts @shade/observer at /shade-observer when SHADE_OBSERVER_TOKEN is set (and >= 16 chars) - Shared PrekeyServerEvents emitter feeds both routes and observer - @shade/observer added as optional dependency of @shade/server M-Box 4: Dockerfile with dashboard build - Multi-stage build: oven/bun:1 builder → oven/bun:1-alpine runtime - COPY packages/ wholesale so workspace lockfile resolves cleanly - RUN bun run build inside shade-dashboard → dist/ → observer/dist/ - Non-root shade user, /data volume, healthcheck, env defaults - Final image: 260 MB M-Box 5: OpenAPI spec for stack-agnostic clients - packages/shade-server/openapi.yaml documents all 9 endpoints with request/response schemas, security (Ed25519 signatures + bearer token) - createOpenApiRoutes serves /openapi.yaml and /docs (Redoc viewer) - Any language can generate a client with openapi-generator M-Box 6: Docker CI pipeline - .gitea/workflows/docker.yml builds + pushes on git tag v* - scripts/build-docker.ts for local builds, supports --push with GITEA_TOKEN - Root package.json: build:docker, publish:docker scripts M-Box 7: Deployment documentation - packages/shade-server/README rewritten: 5-line quickstart with the image - docs/DEPLOYMENT.md: full reference, env vars, backup, Dokploy, PG setup - examples/05-dokploy-deployment/docker-compose.yml updated to pull published image (gt.zyon.no/stian/shade-prekey:latest) - Root README deployment section rewritten M-Box 8: End-to-end verification - Image builds locally (bun run build:docker) - /health, /openapi.yaml, /docs, /metrics, /shade-observer all respond - 401 without observer token, 200 with - Real SDK client round-trip: Alice → container → Bob → reply → Alice - Persistence: identity + prekeys survive container restart (count 20→18 as expected from two bundle fetches) 285 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
66 lines
2.0 KiB
TypeScript
66 lines
2.0 KiB
TypeScript
#!/usr/bin/env bun
|
|
/**
|
|
* Build the Shade Prekey Server Docker image locally.
|
|
*
|
|
* Usage:
|
|
* bun run build:docker # build as shade-prekey:dev
|
|
* bun run build:docker -- --tag X # custom tag
|
|
* bun run build:docker -- --push # build + push to Gitea registry
|
|
*
|
|
* Env:
|
|
* GITEA_TOKEN — required for --push
|
|
* GITEA_USER — default Stian
|
|
*/
|
|
import { $ } from 'bun';
|
|
|
|
const args = process.argv.slice(2);
|
|
const tagIdx = args.indexOf('--tag');
|
|
const tag = tagIdx >= 0 ? args[tagIdx + 1] : 'dev';
|
|
const shouldPush = args.includes('--push');
|
|
const user = process.env.GITEA_USER ?? 'Stian';
|
|
const registry = 'gt.zyon.no';
|
|
const image = `${registry.toLowerCase()}/${user.toLowerCase()}/shade-prekey`;
|
|
const fullTag = `${image}:${tag}`;
|
|
|
|
async function main() {
|
|
console.log(`Building ${fullTag}…`);
|
|
await $`docker build -f packages/shade-server/Dockerfile -t ${fullTag} .`;
|
|
|
|
console.log(`✓ Built ${fullTag}`);
|
|
const { stdout: size } = await $`docker images ${fullTag} --format {{.Size}}`.quiet();
|
|
console.log(` Size: ${size.toString().trim()}`);
|
|
|
|
if (shouldPush) {
|
|
const token = process.env.GITEA_TOKEN;
|
|
if (!token) {
|
|
console.error('GITEA_TOKEN env var required for --push');
|
|
process.exit(1);
|
|
}
|
|
console.log(`Pushing ${fullTag}…`);
|
|
// Login via stdin to avoid leaking token in process table
|
|
const loginProc = Bun.spawn(['docker', 'login', registry, '-u', user, '--password-stdin'], {
|
|
stdin: 'pipe',
|
|
stdout: 'inherit',
|
|
stderr: 'inherit',
|
|
});
|
|
loginProc.stdin.write(token);
|
|
await loginProc.stdin.end();
|
|
await loginProc.exited;
|
|
|
|
await $`docker push ${fullTag}`;
|
|
console.log(`✓ Pushed ${fullTag}`);
|
|
|
|
if (tag !== 'latest') {
|
|
const latestTag = `${image}:latest`;
|
|
await $`docker tag ${fullTag} ${latestTag}`;
|
|
await $`docker push ${latestTag}`;
|
|
console.log(`✓ Pushed ${latestTag}`);
|
|
}
|
|
}
|
|
}
|
|
|
|
main().catch((err) => {
|
|
console.error(err);
|
|
process.exit(1);
|
|
});
|