feat: easy to self host (#96)

* fix: dragonfly

* feat: shell script

* fix: review feedback

* fix: further refinements

* fix: deploy prompts

* fix: migrations

* feat: node 24 bookworm-slim

* chore: just single db superuser

* fix: ci check

* fix: workflow

* fix: build

* fix: localhost

* feat: finalize deploy script

* fix: pr reviews

* fix: address pr review

* fix: healthcheck

Author: waltergalvao

.github/workflows/docker-publish.yml

@@ -1,4 +1,4 @@
-name: Build and Publish Docker Image
+name: Build and Publish Docker Images
 
 on:
   workflow_dispatch:
@@ -9,10 +9,11 @@ on:
         type: string
 
 env:
-  IMAGE: sweetr/sweetr
+  API_IMAGE: sweetr/api
+  WEB_IMAGE: sweetr/web
 
 jobs:
-  validate:
+  validate-api:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -33,6 +34,10 @@ jobs:
           --health-retries 5
       dragonfly:
         image: docker.dragonflydb.io/dragonflydb/dragonfly
+        env:
+          DFLY_cluster_mode: emulated
+          DFLY_lock_on_hashtags: "true"
+
         ports:
           - 6379:6379
         options: >-
@@ -48,18 +53,18 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Build image
+      - name: Build API image
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./apps/api/Dockerfile
           push: false
           load: true
-          tags: ${{ env.IMAGE }}:test
+          tags: ${{ env.API_IMAGE }}:test
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-      - name: Start container
+      - name: Start API container
         run: |
           docker run -d --name sweetr-api --network host \
             -e PORT=8000 \
@@ -74,7 +79,7 @@ jobs:
             -e GITHUB_APP_ID=test \
             -e GITHUB_APP_PRIVATE_KEY=test \
             -e GITHUB_WEBHOOK_SECRET=test \
-            ${{ env.IMAGE }}:test
+            ${{ env.API_IMAGE }}:test
 
       - name: Wait for API to be ready
         run: |
@@ -90,8 +95,53 @@ jobs:
           docker logs sweetr-api
           exit 1
 
+  validate-web:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Web image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./apps/web/Dockerfile
+          push: false
+          load: true
+          tags: ${{ env.WEB_IMAGE }}:test
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Start Web container
+        run: |
+          docker run -d --name sweetr-web -p 8080:80 \
+            -e API_ENDPOINT=http://localhost:8000 \
+            -e AUTH_COOKIE_DOMAIN=localhost \
+            -e GITHUB_APP=test \
+            ${{ env.WEB_IMAGE }}:test
+
+      - name: Wait for Web to be ready
+        run: |
+          for i in $(seq 1 15); do
+            if curl -sf http://localhost:8080/env-config.js > /dev/null 2>&1; then
+              echo "Web is healthy"
+              exit 0
+            fi
+            echo "Waiting for Web... (attempt $i/15)"
+            sleep 2
+          done
+          echo "Web failed to start. Container logs:"
+          docker logs sweetr-web
+          exit 1
+
   publish:
-    needs: validate
+    needs: [validate-api, validate-web]
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -109,14 +159,26 @@ jobs:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Build and push
+      - name: Build and push API image
         uses: docker/build-push-action@v6
         with:
           context: .
           file: ./apps/api/Dockerfile
           push: true
           tags: |
-            ${{ env.IMAGE }}:${{ inputs.version }}
-            ${{ env.IMAGE }}:latest
+            ${{ env.API_IMAGE }}:${{ inputs.version }}
+            ${{ env.API_IMAGE }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push Web image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./apps/web/Dockerfile
+          push: true
+          tags: |
+            ${{ env.WEB_IMAGE }}:${{ inputs.version }}
+            ${{ env.WEB_IMAGE }}:latest
           cache-from: type=gha
           cache-to: type=gha,mode=max

apps/api/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:20-bullseye AS base
+FROM node:24-bookworm-slim AS base
 
 FROM base AS builder
 WORKDIR /app
@@ -8,19 +8,23 @@ RUN npx turbo prune api --docker
 
 FROM base AS installer
 WORKDIR /app
+RUN apt-get update && apt-get install -y build-essential python3 --no-install-recommends && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /app/out/json/ .
 RUN npm install
 COPY --from=builder /app/out/full/ .
 RUN npm run build
 
-FROM base AS runner
+FROM node:24-bookworm-slim AS runner
 WORKDIR /app
 
+RUN apt-get update && apt-get install -y openssl curl --no-install-recommends && rm -rf /var/lib/apt/lists/*
+
 RUN addgroup --system --gid 1001 apiuser
 RUN adduser --system --uid 1001 apiuser
-USER apiuser
 
-COPY --from=installer /app .
+COPY --from=installer --chown=apiuser:apiuser /app .
+
+USER apiuser
 
 CMD npm run prisma:migrate:production --workspace api && npm run start