nanodrop

brendan/nanodrop

Fork 0

Commit Graph

Author	SHA1	Message	Date
Brendan Chen	95201eb406	chore: drop pre-emptive 'compose down' so failed builds don't take prod offline Matches the cross-project pattern already applied to authd PR #12, buchinese PR #8, inventory PR #19, and movement PR #16. The pre-emptive `docker compose down` destroyed the running container BEFORE `docker compose up -d --build` had a chance to verify the new image builds — a single npm ci lockfile mismatch (buchinese PR #6, 2026-05-10) was enough to put prod to HTTP 502 for the entire human-intervention turnaround. `docker compose up -d --build` builds first; only on successful build does compose recreate the container. On build failure compose exits non-zero with the previous container still serving traffic. `--remove-orphans` is a drop-in cleanup for renamed/removed services. No test added (no CI-yaml tests exist in this project; matches 4 precedent PRs). Refactor pass expected to be a noop.	2026-05-11 00:47:25 -07:00
Brendan Chen	512300f475	chore: align deploy workflow with inventory canonical Brings nanodrop into parity with ~/inventory/.github/workflows/deploy.yml, the cross-project canonical: - Rename .github/workflows/deploy-homelab.yml -> deploy.yml - Update workflow name to "Deploy to birb co. production" - Add validate-secrets gate (SSH_PRIVATE_KEY, JWT_SECRET) using ${VAR:?msg} no-op expansion (does not echo secret values) - Switch deploy heredoc from << 'EOF' (quoted) to << EOF (unquoted) to match canonical; functional no-op since the body contains no bash $VAR refs, only GitHub Actions ${{ ... }} interpolations - Single-quote the right-hand side of interpolated export values to prevent shell-metacharacter re-interpretation server-side - Reorder exports: secret first, then hardcoded literals, then vars - Rename docker-compose.yml -> compose.yaml (pure rename) and update the workflow's compose invocations to reference compose.yaml - Update one README example to match the new compose filename The env-var block remains nanodrop-specific (JWT_SECRET + TRUST_PROXY/COOKIE_SECURE literals + PORT/BASE_URL/MAX_FILE_SIZE); that delta is allowed by the bug spec. No app-code changes. Build and tests green. Manual deploy verification (push to main / "Run workflow" -> hit the deployed instance, log in, upload a test file, confirm share link) is the user's job post-merge.	2026-05-10 03:51:40 -07:00

Author

SHA1

Message

Date

Brendan Chen

95201eb406

chore: drop pre-emptive 'compose down' so failed builds don't take prod offline

Matches the cross-project pattern already applied to authd PR #12, buchinese
PR #8, inventory PR #19, and movement PR #16. The pre-emptive `docker compose
down` destroyed the running container BEFORE `docker compose up -d --build`
had a chance to verify the new image builds — a single npm ci lockfile
mismatch (buchinese PR #6, 2026-05-10) was enough to put prod to HTTP 502 for
the entire human-intervention turnaround. `docker compose up -d --build`
builds first; only on successful build does compose recreate the container.
On build failure compose exits non-zero with the previous container still
serving traffic. `--remove-orphans` is a drop-in cleanup for renamed/removed
services.

No test added (no CI-yaml tests exist in this project; matches 4 precedent
PRs). Refactor pass expected to be a noop.

2026-05-11 00:47:25 -07:00

Brendan Chen

512300f475

chore: align deploy workflow with inventory canonical

Brings nanodrop into parity with ~/inventory/.github/workflows/deploy.yml,
the cross-project canonical:

- Rename .github/workflows/deploy-homelab.yml -> deploy.yml
- Update workflow name to "Deploy to birb co. production"
- Add validate-secrets gate (SSH_PRIVATE_KEY, JWT_SECRET) using
  ${VAR:?msg} no-op expansion (does not echo secret values)
- Switch deploy heredoc from << 'EOF' (quoted) to << EOF (unquoted)
  to match canonical; functional no-op since the body contains no
  bash $VAR refs, only GitHub Actions ${{ ... }} interpolations
- Single-quote the right-hand side of interpolated export values to
  prevent shell-metacharacter re-interpretation server-side
- Reorder exports: secret first, then hardcoded literals, then vars
- Rename docker-compose.yml -> compose.yaml (pure rename) and update
  the workflow's compose invocations to reference compose.yaml
- Update one README example to match the new compose filename

The env-var block remains nanodrop-specific (JWT_SECRET +
TRUST_PROXY/COOKIE_SECURE literals + PORT/BASE_URL/MAX_FILE_SIZE);
that delta is allowed by the bug spec.

No app-code changes. Build and tests green.

Manual deploy verification (push to main / "Run workflow" -> hit the
deployed instance, log in, upload a test file, confirm share link)
is the user's job post-merge.

2026-05-10 03:51:40 -07:00

2 Commits