Add build and deploy workflow

.gitea/workflows/deploy.yaml

@@ -0,0 +1,46 @@
+name: Build and Deploy
+
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+
+jobs:
+  build-deploy:
+    runs-on: ubuntu-latest
+    container:
+      image: docker:latest
+      volumes:
+        - /opt/rate-my-shots:/deploy
+    steps:
+      - name: Install dependencies
+        run: apk add --no-cache git nodejs
+
+      - uses: actions/checkout@v4
+
+      - name: Copy source to deploy directory
+        run: |
+          rm -rf /deploy/build
+          cp -r . /deploy/build
+
+      - name: Create .env file
+        working-directory: /deploy/build
+        run: |
+          cat > .env << 'EOF'
+          HOST_PORT=${{ vars.HOST_PORT }}
+          IMMICH_URL=${{ vars.IMMICH_URL }}
+          IMMICH_ALBUM_ID=${{ vars.IMMICH_ALBUM_ID }}
+          IMMICH_API_KEY=${{ secrets.IMMICH_API_KEY }}
+          ADMIN_PASSWORD_HASH=${{ secrets.ADMIN_PASSWORD_HASH }}
+          DATABASE_PATH=/app/data/rate-my-shots.db
+          DATA_DIR=/opt/rate-my-shots/data
+          EOF
+
+      - name: Build and deploy
+        working-directory: /deploy/build
+        run: |
+          docker compose build
+          docker compose up -d
+
+      - name: Cleanup
+        run: rm -rf /deploy/build

Dockerfile

@@ -1,15 +1,16 @@
 FROM oven/bun:1-alpine AS deps
 WORKDIR /app
-RUN apk add --no-cache python3 make g++
+RUN apk add --no-cache python3 make g++ nodejs npm
 COPY package.json bun.lock ./
 RUN bun install --frozen-lockfile
+RUN npm rebuild better-sqlite3
 
 FROM oven/bun:1-alpine AS builder
 WORKDIR /app
-RUN apk add --no-cache python3 make g++
+RUN apk add --no-cache nodejs npm
 COPY --from=deps /app/node_modules ./node_modules
 COPY . .
-RUN bun run build
+RUN DATABASE_PATH=/tmp/build.db npm run build
 
 FROM oven/bun:1-alpine AS runner
 WORKDIR /app

docker-compose.yml

@@ -1,9 +1,11 @@
+name: rate-my-shots
+
 services:
   app:
     build: .
     ports:
       - "${HOST_PORT:-3000}:3000"
     volumes:
-      - ./data:/app/data
+      - "${DATA_DIR:-./data}:/app/data"
     env_file: .env
     restart: unless-stopped

src/lib/admin-auth.ts

@@ -6,8 +6,10 @@ import { isValidSession } from "./session";
 export const ADMIN_COOKIE = "rms-admin";
 
 const SCRYPT_KEY_LEN = 64;
+const isBuild = process.env.NEXT_PHASE === "phase-production-build";
 
 const [SALT_HEX, HASH_HEX] = (() => {
+  if (isBuild) return ["", ""];
   const parts = ADMIN_PASSWORD_HASH.split(":");
   if (parts.length !== 2 || !parts[0] || !parts[1]) {
     throw new Error(
@@ -20,7 +22,7 @@ const [SALT_HEX, HASH_HEX] = (() => {
 const SALT = Buffer.from(SALT_HEX, "hex");
 const EXPECTED_HASH = Buffer.from(HASH_HEX, "hex");
 
-if (EXPECTED_HASH.length !== SCRYPT_KEY_LEN) {
+if (!isBuild && EXPECTED_HASH.length !== SCRYPT_KEY_LEN) {
   throw new Error(
     `ADMIN_PASSWORD_HASH: hash must be ${SCRYPT_KEY_LEN} bytes (${SCRYPT_KEY_LEN * 2} hex chars).`,
   );

src/lib/env.ts

@@ -1,6 +1,9 @@
+const isBuild = process.env.NEXT_PHASE === "phase-production-build";
+
 function required(name: string): string {
   const value = process.env[name];
   if (!value) {
+    if (isBuild) return "";
     throw new Error(`Missing required env var: ${name}`);
   }
   return value;