letsbe
/
MOPC-App
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix CRLF line endings in runtime/deploy scripts and enforce LF

This commit is contained in:
Matt 2026-02-14 16:35:26 +01:00
parent b5425e705e
commit 3975b5c51f
6 changed files with 351 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.gitattributes vendored Normal file
View File

@ -0,0 +1,12 @@
* text=auto
# Deployment/runtime scripts must stay LF for Linux containers/shells.
*.sh text eol=lf
Dockerfile text eol=lf
**/Dockerfile text eol=lf
# Keep YAML and env-ish config files LF across platforms.
*.yml text eol=lf
*.yaml text eol=lf
*.env text eol=lf
*.sql text eol=lf

146
docker/Dockerfile
View File

@ -1,73 +1,73 @@
# ============================================================================= # =============================================================================
# MOPC Platform - Production Dockerfile # MOPC Platform - Production Dockerfile
# ============================================================================= # =============================================================================
# Multi-stage build for optimized production image # Multi-stage build for optimized production image
FROM node:22-alpine AS base FROM node:22-alpine AS base
# Install dependencies only when needed # Install dependencies only when needed
FROM base AS deps FROM base AS deps
RUN apk add --no-cache libc6-compat RUN apk add --no-cache libc6-compat
WORKDIR /app WORKDIR /app
# Copy package files # Copy package files
COPY package.json package-lock.json* ./ COPY package.json package-lock.json* ./
RUN npm ci RUN npm ci
# Rebuild the source code only when needed # Rebuild the source code only when needed
FROM base AS builder FROM base AS builder
WORKDIR /app WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules COPY --from=deps /app/node_modules ./node_modules
COPY . . COPY . .
# Generate Prisma client # Generate Prisma client
RUN npx prisma generate RUN npx prisma generate
# Build Next.js # Build Next.js
ENV NEXT_TELEMETRY_DISABLED=1 ENV NEXT_TELEMETRY_DISABLED=1
RUN npm run build RUN npm run build
# Production image, copy all the files and run next # Production image, copy all the files and run next
FROM base AS runner FROM base AS runner
WORKDIR /app WORKDIR /app
ENV NODE_ENV=production ENV NODE_ENV=production
ENV NEXT_TELEMETRY_DISABLED=1 ENV NEXT_TELEMETRY_DISABLED=1
# Create non-root user for security # Create non-root user for security
RUN addgroup --system --gid 1001 nodejs RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs RUN adduser --system --uid 1001 nextjs
# Install runtime dependencies for migrations and seeding # Install runtime dependencies for migrations and seeding
RUN apk add --no-cache libc6-compat RUN apk add --no-cache libc6-compat
# Copy built Next.js standalone output # Copy built Next.js standalone output
COPY --from=builder /app/public ./public COPY --from=builder /app/public ./public
COPY --from=builder /app/.next/standalone ./ COPY --from=builder /app/.next/standalone ./
COPY --from=builder /app/.next/static ./.next/static COPY --from=builder /app/.next/static ./.next/static
# Copy full node_modules for prisma migrations and seeding # Copy full node_modules for prisma migrations and seeding
COPY --from=builder /app/node_modules ./node_modules COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/prisma ./prisma COPY --from=builder /app/prisma ./prisma
COPY --from=builder /app/package.json ./package.json COPY --from=builder /app/package.json ./package.json
# Copy files needed for seeding (tsx needs tsconfig for path resolution) # Copy files needed for seeding (tsx needs tsconfig for path resolution)
COPY --from=builder /app/docs/Candidatures2026.csv ./docs/Candidatures2026.csv COPY --from=builder /app/docs/Candidatures2026.csv ./docs/Candidatures2026.csv
COPY --from=builder /app/tsconfig.json ./tsconfig.json COPY --from=builder /app/tsconfig.json ./tsconfig.json
# Copy entrypoint script # Copy entrypoint script
COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh COPY docker/docker-entrypoint.sh /app/docker-entrypoint.sh
RUN chmod +x /app/docker-entrypoint.sh RUN chmod +x /app/docker-entrypoint.sh
# Set correct permissions # Set correct permissions
RUN chown -R nextjs:nodejs /app RUN chown -R nextjs:nodejs /app
USER nextjs USER nextjs
EXPOSE 7600 EXPOSE 7600
ENV PORT=7600 ENV PORT=7600
ENV HOSTNAME="0.0.0.0" ENV HOSTNAME="0.0.0.0"
# Run via entrypoint (migrate then start) # Run via entrypoint (migrate then start)
CMD ["/app/docker-entrypoint.sh"] CMD ["/app/docker-entrypoint.sh"]

168
docker/docker-compose.yml
View File

@ -1,84 +1,84 @@
# ============================================================================= # =============================================================================
# MOPC Platform - Production Docker Compose # MOPC Platform - Production Docker Compose
# ============================================================================= # =============================================================================
# This stack contains only the Next.js app and PostgreSQL. # This stack contains only the Next.js app and PostgreSQL.
# MinIO and Poste.io are external services connected via environment variables. # MinIO and Poste.io are external services connected via environment variables.
# #
# The app image is built by Gitea CI and pushed to the container registry. # The app image is built by Gitea CI and pushed to the container registry.
# `pull_policy: always` ensures `docker compose up -d` checks for newer app images. # `pull_policy: always` ensures `docker compose up -d` checks for newer app images.
# The app entrypoint runs `prisma migrate deploy` before starting Next.js. # The app entrypoint runs `prisma migrate deploy` before starting Next.js.
services: services:
app: app:
image: ${REGISTRY_URL}/mopc-app:latest image: ${REGISTRY_URL}/mopc-app:latest
pull_policy: always pull_policy: always
container_name: mopc-app container_name: mopc-app
restart: unless-stopped restart: unless-stopped
dns: dns:
- 8.8.8.8 - 8.8.8.8
- 8.8.4.4 - 8.8.4.4
ports: ports:
- "127.0.0.1:7600:7600" - "127.0.0.1:7600:7600"
env_file: env_file:
- .env - .env
environment: environment:
- NODE_ENV=production - NODE_ENV=production
- DATABASE_URL=postgresql://mopc:${DB_PASSWORD}@postgres:5432/mopc - DATABASE_URL=postgresql://mopc:${DB_PASSWORD}@postgres:5432/mopc
- NEXTAUTH_URL=${NEXTAUTH_URL} - NEXTAUTH_URL=${NEXTAUTH_URL}
- NEXTAUTH_SECRET=${NEXTAUTH_SECRET} - NEXTAUTH_SECRET=${NEXTAUTH_SECRET}
- AUTH_SECRET=${NEXTAUTH_SECRET} - AUTH_SECRET=${NEXTAUTH_SECRET}
- AUTH_TRUST_HOST=true - AUTH_TRUST_HOST=true
- MINIO_ENDPOINT=${MINIO_ENDPOINT} - MINIO_ENDPOINT=${MINIO_ENDPOINT}
- MINIO_PUBLIC_ENDPOINT=${MINIO_PUBLIC_ENDPOINT:-} - MINIO_PUBLIC_ENDPOINT=${MINIO_PUBLIC_ENDPOINT:-}
- MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY} - MINIO_ACCESS_KEY=${MINIO_ACCESS_KEY}
- MINIO_SECRET_KEY=${MINIO_SECRET_KEY} - MINIO_SECRET_KEY=${MINIO_SECRET_KEY}
- MINIO_BUCKET=${MINIO_BUCKET} - MINIO_BUCKET=${MINIO_BUCKET}
- SMTP_HOST=${SMTP_HOST} - SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT} - SMTP_PORT=${SMTP_PORT}
- SMTP_USER=${SMTP_USER} - SMTP_USER=${SMTP_USER}
- SMTP_PASS=${SMTP_PASS} - SMTP_PASS=${SMTP_PASS}
- EMAIL_FROM=${EMAIL_FROM} - EMAIL_FROM=${EMAIL_FROM}
- POSTE_API_URL=${POSTE_API_URL:-https://mail.monaco-opc.com} - POSTE_API_URL=${POSTE_API_URL:-https://mail.monaco-opc.com}
- POSTE_ADMIN_EMAIL=${POSTE_ADMIN_EMAIL} - POSTE_ADMIN_EMAIL=${POSTE_ADMIN_EMAIL}
- POSTE_ADMIN_PASSWORD=${POSTE_ADMIN_PASSWORD} - POSTE_ADMIN_PASSWORD=${POSTE_ADMIN_PASSWORD}
- POSTE_MAIL_DOMAIN=${POSTE_MAIL_DOMAIN:-monaco-opc.com} - POSTE_MAIL_DOMAIN=${POSTE_MAIL_DOMAIN:-monaco-opc.com}
- OPENAI_API_KEY=${OPENAI_API_KEY:-} - OPENAI_API_KEY=${OPENAI_API_KEY:-}
- OPENAI_MODEL=${OPENAI_MODEL:-gpt-4o} - OPENAI_MODEL=${OPENAI_MODEL:-gpt-4o}
- MAX_FILE_SIZE=${MAX_FILE_SIZE:-524288000} - MAX_FILE_SIZE=${MAX_FILE_SIZE:-524288000}
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
networks: networks:
- mopc-network - mopc-network
healthcheck: healthcheck:
test: ["CMD", "node", "-e", "fetch('http://localhost:7600/api/health').then(r=>{if(!r.ok)throw r;process.exit(0)}).catch(()=>process.exit(1))"] test: ["CMD", "node", "-e", "fetch('http://localhost:7600/api/health').then(r=>{if(!r.ok)throw r;process.exit(0)}).catch(()=>process.exit(1))"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
retries: 3 retries: 3
start_period: 60s start_period: 60s
postgres: postgres:
image: postgres:16-alpine image: postgres:16-alpine
container_name: mopc-postgres container_name: mopc-postgres
restart: unless-stopped restart: unless-stopped
environment: environment:
- POSTGRES_USER=mopc - POSTGRES_USER=mopc
- POSTGRES_PASSWORD=${DB_PASSWORD} - POSTGRES_PASSWORD=${DB_PASSWORD}
- POSTGRES_DB=mopc - POSTGRES_DB=mopc
volumes: volumes:
- postgres_data:/var/lib/postgresql/data - postgres_data:/var/lib/postgresql/data
healthcheck: healthcheck:
test: ["CMD-SHELL", "pg_isready -U mopc"] test: ["CMD-SHELL", "pg_isready -U mopc"]
interval: 10s interval: 10s
timeout: 5s timeout: 5s
retries: 5 retries: 5
networks: networks:
- mopc-network - mopc-network
volumes: volumes:
postgres_data: postgres_data:
driver: local driver: local
networks: networks:
mopc-network: mopc-network:
driver: bridge driver: bridge

74
docker/docker-entrypoint.sh
View File

@ -1,37 +1,37 @@
#!/bin/sh #!/bin/sh
set -eu set -eu
MAX_MIGRATION_RETRIES="${MIGRATION_MAX_RETRIES:-30}" MAX_MIGRATION_RETRIES="${MIGRATION_MAX_RETRIES:-30}"
MIGRATION_RETRY_DELAY_SECONDS="${MIGRATION_RETRY_DELAY_SECONDS:-2}" MIGRATION_RETRY_DELAY_SECONDS="${MIGRATION_RETRY_DELAY_SECONDS:-2}"
ATTEMPT=1 ATTEMPT=1
echo "==> Running database migrations (with retry)..." echo "==> Running database migrations (with retry)..."
until npx prisma migrate deploy; do until npx prisma migrate deploy; do
if [ "$ATTEMPT" -ge "$MAX_MIGRATION_RETRIES" ]; then if [ "$ATTEMPT" -ge "$MAX_MIGRATION_RETRIES" ]; then
echo "ERROR: Migration failed after ${MAX_MIGRATION_RETRIES} attempts." echo "ERROR: Migration failed after ${MAX_MIGRATION_RETRIES} attempts."
exit 1 exit 1
fi fi
echo "Migration attempt ${ATTEMPT} failed. Retrying in ${MIGRATION_RETRY_DELAY_SECONDS}s..." echo "Migration attempt ${ATTEMPT} failed. Retrying in ${MIGRATION_RETRY_DELAY_SECONDS}s..."
ATTEMPT=$((ATTEMPT + 1)) ATTEMPT=$((ATTEMPT + 1))
sleep "$MIGRATION_RETRY_DELAY_SECONDS" sleep "$MIGRATION_RETRY_DELAY_SECONDS"
done done
echo "==> Generating Prisma client..." echo "==> Generating Prisma client..."
npx prisma generate npx prisma generate
# Auto-seed on first startup: check if Users table is empty # Auto-seed on first startup: check if Users table is empty
USER_COUNT=$(node -e " USER_COUNT=$(node -e "
const { PrismaClient } = require('@prisma/client'); const { PrismaClient } = require('@prisma/client');
const p = new PrismaClient(); const p = new PrismaClient();
p.user.count().then(c => { console.log(c); p.\$disconnect(); }).catch(() => { console.log('0'); p.\$disconnect(); }); p.user.count().then(c => { console.log(c); p.\$disconnect(); }).catch(() => { console.log('0'); p.\$disconnect(); });
" 2>/dev/null || echo "0") " 2>/dev/null || echo "0")
if [ "$USER_COUNT" = "0" ]; then if [ "$USER_COUNT" = "0" ]; then
echo "==> Empty database detected — running seed..." echo "==> Empty database detected — running seed..."
npx prisma db seed || echo "WARNING: Seed script failed." npx prisma db seed || echo "WARNING: Seed script failed."
else else
echo "==> Database already seeded ($USER_COUNT users found), skipping seed." echo "==> Database already seeded ($USER_COUNT users found), skipping seed."
fi fi
echo "==> Starting application..." echo "==> Starting application..."
exec node server.js exec node server.js

200
scripts/deploy.sh
View File

@ -1,100 +1,100 @@
#!/bin/bash #!/bin/bash
# ============================================================================= # =============================================================================
# MOPC Platform - First-Time Deployment Script # MOPC Platform - First-Time Deployment Script
# ============================================================================= # =============================================================================
# Usage: ./scripts/deploy.sh # Usage: ./scripts/deploy.sh
# Run this once on the Linux VPS to set up the platform. # Run this once on the Linux VPS to set up the platform.
# The Docker image is built by Gitea CI and pulled from the registry. # The Docker image is built by Gitea CI and pulled from the registry.
set -e set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")" PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
DOCKER_DIR="$PROJECT_DIR/docker" DOCKER_DIR="$PROJECT_DIR/docker"
echo "============================================" echo "============================================"
echo " MOPC Platform - Deployment" echo " MOPC Platform - Deployment"
echo "============================================" echo "============================================"
echo "" echo ""
# 1. Check Docker is available # 1. Check Docker is available
if ! command -v docker &> /dev/null; then if ! command -v docker &> /dev/null; then
echo "ERROR: Docker is not installed." echo "ERROR: Docker is not installed."
exit 1 exit 1
fi fi
if ! docker compose version &> /dev/null; then if ! docker compose version &> /dev/null; then
echo "ERROR: Docker Compose v2 is not available." echo "ERROR: Docker Compose v2 is not available."
exit 1 exit 1
fi fi
# 2. Check environment file # 2. Check environment file
if [ ! -f "$DOCKER_DIR/.env" ]; then if [ ! -f "$DOCKER_DIR/.env" ]; then
echo "No .env file found in docker/." echo "No .env file found in docker/."
echo "Copying template..." echo "Copying template..."
cp "$DOCKER_DIR/.env.production" "$DOCKER_DIR/.env" cp "$DOCKER_DIR/.env.production" "$DOCKER_DIR/.env"
echo "" echo ""
echo "IMPORTANT: Edit docker/.env with your production values before continuing." echo "IMPORTANT: Edit docker/.env with your production values before continuing."
echo " nano $DOCKER_DIR/.env" echo " nano $DOCKER_DIR/.env"
echo "" echo ""
exit 1 exit 1
fi fi
# 3. Load registry URL from env # 3. Load registry URL from env
source "$DOCKER_DIR/.env" source "$DOCKER_DIR/.env"
if [ -z "$REGISTRY_URL" ] || [ "$REGISTRY_URL" = "CHANGE_ME" ]; then if [ -z "$REGISTRY_URL" ] || [ "$REGISTRY_URL" = "CHANGE_ME" ]; then
echo "ERROR: REGISTRY_URL is not set in docker/.env" echo "ERROR: REGISTRY_URL is not set in docker/.env"
echo "Set it to your Gitea registry URL (e.g. gitea.example.com/your-org)" echo "Set it to your Gitea registry URL (e.g. gitea.example.com/your-org)"
exit 1 exit 1
fi fi
# 4. Log in to container registry # 4. Log in to container registry
echo "==> Logging in to container registry ($REGISTRY_URL)..." echo "==> Logging in to container registry ($REGISTRY_URL)..."
docker login "$REGISTRY_URL" docker login "$REGISTRY_URL"
# 5. Create data directories # 5. Create data directories
echo "==> Creating data directories..." echo "==> Creating data directories..."
sudo mkdir -p /data/mopc/postgres sudo mkdir -p /data/mopc/postgres
sudo chown -R 1000:1000 /data/mopc sudo chown -R 1000:1000 /data/mopc
# 6. Pull and start # 6. Pull and start
echo "==> Pulling latest images and starting services..." echo "==> Pulling latest images and starting services..."
cd "$DOCKER_DIR" cd "$DOCKER_DIR"
docker compose up -d --pull always docker compose up -d --pull always
# 7. Wait for health check # 7. Wait for health check
echo "==> Waiting for application to start..." echo "==> Waiting for application to start..."
MAX_WAIT=120 MAX_WAIT=120
WAITED=0 WAITED=0
while [ $WAITED -lt $MAX_WAIT ]; do while [ $WAITED -lt $MAX_WAIT ]; do
if curl -sf http://localhost:7600/api/health > /dev/null 2>&1; then if curl -sf http://localhost:7600/api/health > /dev/null 2>&1; then
echo "" echo ""
echo "============================================" echo "============================================"
echo " Application is running!" echo " Application is running!"
echo "============================================" echo "============================================"
echo "" echo ""
echo " URL: http://localhost:7600" echo " URL: http://localhost:7600"
echo " Health: http://localhost:7600/api/health" echo " Health: http://localhost:7600/api/health"
echo "" echo ""
echo " NEXT STEPS:" echo " NEXT STEPS:"
echo " 1. Run the one-time database seed:" echo " 1. Run the one-time database seed:"
echo " ./scripts/seed.sh" echo " ./scripts/seed.sh"
echo "" echo ""
echo " 2. Set up Nginx reverse proxy:" echo " 2. Set up Nginx reverse proxy:"
echo " sudo ln -s $DOCKER_DIR/nginx/mopc-platform.conf /etc/nginx/sites-enabled/" echo " sudo ln -s $DOCKER_DIR/nginx/mopc-platform.conf /etc/nginx/sites-enabled/"
echo " sudo nginx -t && sudo systemctl reload nginx" echo " sudo nginx -t && sudo systemctl reload nginx"
echo "" echo ""
echo " 3. Set up SSL:" echo " 3. Set up SSL:"
echo " sudo certbot --nginx -d portal.monaco-opc.com" echo " sudo certbot --nginx -d portal.monaco-opc.com"
echo "" echo ""
exit 0 exit 0
fi fi
sleep 2 sleep 2
WAITED=$((WAITED + 2)) WAITED=$((WAITED + 2))
printf "." printf "."
done done
echo "" echo ""
echo "WARNING: Application did not become healthy within ${MAX_WAIT}s." echo "WARNING: Application did not become healthy within ${MAX_WAIT}s."
echo "Check logs: cd $DOCKER_DIR && docker compose logs -f app" echo "Check logs: cd $DOCKER_DIR && docker compose logs -f app"
exit 1 exit 1

90
scripts/update.sh
View File

@ -1,45 +1,45 @@
#!/bin/bash #!/bin/bash
# ============================================================================= # =============================================================================
# MOPC Platform - Update / Redeploy Script # MOPC Platform - Update / Redeploy Script
# ============================================================================= # =============================================================================
# Usage: ./scripts/update.sh # Usage: ./scripts/update.sh
# Pulls the latest image from the registry and restarts the app. # Pulls the latest image from the registry and restarts the app.
# PostgreSQL is NOT restarted. # PostgreSQL is NOT restarted.
set -e set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_DIR="$(dirname "$SCRIPT_DIR")" PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
DOCKER_DIR="$PROJECT_DIR/docker" DOCKER_DIR="$PROJECT_DIR/docker"
echo "============================================" echo "============================================"
echo " MOPC Platform - Update" echo " MOPC Platform - Update"
echo "============================================" echo "============================================"
echo "" echo ""
# 1. Pull and recreate app only (postgres stays running) # 1. Pull and recreate app only (postgres stays running)
echo "==> Pulling latest image and recreating app..." echo "==> Pulling latest image and recreating app..."
cd "$DOCKER_DIR" cd "$DOCKER_DIR"
docker compose up -d --pull always --force-recreate app docker compose up -d --pull always --force-recreate app
# 2. Wait for health check # 2. Wait for health check
echo "==> Waiting for application to start..." echo "==> Waiting for application to start..."
MAX_WAIT=120 MAX_WAIT=120
WAITED=0 WAITED=0
while [ $WAITED -lt $MAX_WAIT ]; do while [ $WAITED -lt $MAX_WAIT ]; do
if curl -sf http://localhost:7600/api/health > /dev/null 2>&1; then if curl -sf http://localhost:7600/api/health > /dev/null 2>&1; then
echo "" echo ""
echo "============================================" echo "============================================"
echo " Update complete! App is healthy." echo " Update complete! App is healthy."
echo "============================================" echo "============================================"
exit 0 exit 0
fi fi
sleep 2 sleep 2
WAITED=$((WAITED + 2)) WAITED=$((WAITED + 2))
printf "." printf "."
done done
echo "" echo ""
echo "WARNING: Application did not become healthy within ${MAX_WAIT}s." echo "WARNING: Application did not become healthy within ${MAX_WAIT}s."
echo "Check logs: cd $DOCKER_DIR && docker compose logs -f app" echo "Check logs: cd $DOCKER_DIR && docker compose logs -f app"
exit 1 exit 1