brendan/nanodrop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: align deploy workflow with inventory canonical

Browse Source 
Brings nanodrop into parity with ~/inventory/.github/workflows/deploy.yml,
the cross-project canonical:

- Rename .github/workflows/deploy-homelab.yml -> deploy.yml
- Update workflow name to "Deploy to birb co. production"
- Add validate-secrets gate (SSH_PRIVATE_KEY, JWT_SECRET) using
  ${VAR:?msg} no-op expansion (does not echo secret values)
- Switch deploy heredoc from << 'EOF' (quoted) to << EOF (unquoted)
  to match canonical; functional no-op since the body contains no
  bash $VAR refs, only GitHub Actions ${{ ... }} interpolations
- Single-quote the right-hand side of interpolated export values to
  prevent shell-metacharacter re-interpretation server-side
- Reorder exports: secret first, then hardcoded literals, then vars
- Rename docker-compose.yml -> compose.yaml (pure rename) and update
  the workflow's compose invocations to reference compose.yaml
- Update one README example to match the new compose filename

The env-var block remains nanodrop-specific (JWT_SECRET +
TRUST_PROXY/COOKIE_SECURE literals + PORT/BASE_URL/MAX_FILE_SIZE);
that delta is allowed by the bug spec.

No app-code changes. Build and tests green.

Manual deploy verification (push to main / "Run workflow" -> hit the
deployed instance, log in, upload a test file, confirm share link)
is the user's job post-merge.
This commit is contained in:
Brendan Chen
2026-05-10 03:51:40 -07:00
parent aed9931e14
commit 512300f475
3 changed files with 18 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
compose.yaml Normal file
View File

@@ -0,0 +1,32 @@
x-env: &env
PORT: "${PORT:-3000}"
HOST: "${HOST:-0.0.0.0}"
JWT_SECRET: "${JWT_SECRET}"
DB_PATH: "${DB_PATH:-./data/nanodrop.db}"
UPLOAD_DIR: "${UPLOAD_DIR:-./data/uploads}"
LOG_FILE: "${LOG_FILE:-./data/nanodrop.log}"
MAX_FILE_SIZE: "${MAX_FILE_SIZE:-104857600}"
BASE_URL: "${BASE_URL:-http://localhost:3000}"
COOKIE_SECURE: "${COOKIE_SECURE:-false}"
TRUST_PROXY: "${TRUST_PROXY:-false}"
services:
nanodrop:
build: .
ports:
- "127.0.0.1:${PORT:-3000}:${PORT:-3000}"
environment: { <<: *env }
volumes:
- nanodrop-data:/app/data
restart: unless-stopped
register-user:
build: .
profiles: [tools]
entrypoint: ["node", "--import", "tsx", "src/cli/register-user.ts"]
environment: { <<: *env }
volumes:
- nanodrop-data:/app/data
volumes:
nanodrop-data: