Add README-dockerhub.md - the hand-maintained Docker Hub repo description
CI / full-gate (push) Successful in 2m29s
CI / full-gate (push) Successful in 2m29s
This commit is contained in:
@@ -0,0 +1,85 @@
|
||||
# Plainpages
|
||||
|
||||
A self-hostable foundation for server-rendered web apps — public or gated pages from a
|
||||
zero-JS design system, with a config-driven menu and auth/permissions (Ory) baked in.
|
||||
Every domain feature is a drop-in plugin folder; the app is stateless, no build step.
|
||||
|
||||
**Source, docs & issues: <https://gitea.larvit.se/larvit/plainpages>**
|
||||
([GitHub mirror](https://github.com/larvit/plainpages))
|
||||
|
||||
## Tags
|
||||
|
||||
`X.Y.Z` · `X.Y` · `X` · `latest` — each is a release promoted from a CI-gated build.
|
||||
Pin the exact `X.Y.Z` you deploy.
|
||||
|
||||
## Quick start
|
||||
|
||||
This image is the Plainpages web app plus its one-shot bootstrap seeder. It runs
|
||||
alongside Ory Kratos, Keto, Hydra and Postgres, all wired by the repo's compose files:
|
||||
|
||||
```bash
|
||||
git clone https://gitea.larvit.se/larvit/plainpages.git
|
||||
cd plainpages
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
Open <http://localhost:3000> and sign in as `admin@plainpages.local` / `admin`.
|
||||
(The dev stack builds the image locally and live-reloads.)
|
||||
|
||||
To deploy this published image instead of building, add an override and run the
|
||||
production stack:
|
||||
|
||||
```yaml
|
||||
# compose.image.yml
|
||||
services:
|
||||
bootstrap:
|
||||
image: larvit/plainpages:0.0.2
|
||||
pull_policy: missing
|
||||
web:
|
||||
image: larvit/plainpages:0.0.2
|
||||
pull_policy: missing
|
||||
```
|
||||
|
||||
```bash
|
||||
CSRF_SECRET=<long random> docker compose -f compose.yml -f compose.image.yml up -d
|
||||
```
|
||||
|
||||
Production expects https and real secrets (`CSRF_SECRET`, `POSTGRES_USER`/`PASSWORD`,
|
||||
a fresh JWT signing key) — see the repo README → Production & deployment.
|
||||
|
||||
## Configuration
|
||||
|
||||
Every behaviour is an explicit env toggle read at boot — no `NODE_ENV`. The common ones:
|
||||
|
||||
| Var | Default | What |
|
||||
| --- | --- | --- |
|
||||
| `ADMIN_EMAIL` / `ADMIN_PASSWORD` | `admin@plainpages.local` / `admin` | the seeded first admin (bootstrap service) |
|
||||
| `APP_URL` | unset | canonical public URL; off-host visitors are redirected to it |
|
||||
| `CACHE_TEMPLATES` | `false` | cache compiled templates (`true` in prod) |
|
||||
| `CSRF_SECRET` | dev throwaway | signs the CSRF token — set a real one in prod |
|
||||
| `KRATOS_*` / `KETO_*` / `HYDRA_*` URLs | compose defaults | the Ory sidecar endpoints |
|
||||
| `LOG_FORMAT` / `LOG_LEVEL` | `text` / `info` | `json` for structured prod logs |
|
||||
| `OTLP_ENDPOINT` | unset | export logs + traces to an OpenTelemetry Collector |
|
||||
| `REQUIRE_SECURE_SECRETS` | `false` | `true` ⇒ refuse to boot on a missing/throwaway `CSRF_SECRET` |
|
||||
| `SECURE_COOKIES` | `false` | mark cookies `Secure` (`true` behind https) |
|
||||
|
||||
Full list (JWT/JWKS, timeouts, instant revoke): repo README → Configuration.
|
||||
|
||||
## Your first plugin
|
||||
|
||||
Everything domain-specific is a plugin folder. Create `plugins/hello/plugin.ts`:
|
||||
|
||||
```ts
|
||||
import { definePlugin } from "#plugin-api";
|
||||
|
||||
export default definePlugin({
|
||||
apiVersion: "1.0.0",
|
||||
nav: [{ href: "/hello", id: "hello", label: "Hello", public: true }],
|
||||
routes: [
|
||||
{ method: "GET", path: "/", public: true, handler: () => ({ html: "<h1>Hello</h1>" }) },
|
||||
],
|
||||
});
|
||||
```
|
||||
|
||||
Restart (`docker compose restart web`) and visit <http://localhost:3000/hello>. Views,
|
||||
forms, permissions, and the runnable reference plugin: repo README → Building plugins.
|
||||
@@ -1224,7 +1224,10 @@ repository on Docker Hub, generate a read/write access token **scoped to that re
|
||||
account-wide PAT can push to every repo under the account), and store the account name as
|
||||
the Actions **variable** `DOCKERHUB_USER` and the token as the Actions **secret**
|
||||
`DOCKERHUB_TOKEN`. Until they exist, a release run fails at the Docker Hub step — after the
|
||||
Gitea re-tag has succeeded — so set them, then re-run the workflow.
|
||||
Gitea re-tag has succeeded — so set them, then re-run the workflow. The Docker Hub
|
||||
repository **description** is maintained by hand: its source is
|
||||
[`README-dockerhub.md`](README-dockerhub.md) — paste it into the repository overview on
|
||||
Docker Hub when it changes.
|
||||
|
||||
**GitHub mirror** — [github.com/larvit/plainpages](https://github.com/larvit/plainpages) is a
|
||||
read-only mirror; after every merge, `mirror.yml` force-pushes `main` and all tags there,
|
||||
@@ -1460,6 +1463,7 @@ e2e-tests/ Playwright E2E: visual.spec (design system, Ory-free) + aut
|
||||
ci.sh The full CI gate: typecheck → unit tests → every E2E suite, each on a fresh, always-torn-down stack (`bash ci.sh`)
|
||||
.gitea/workflows/ Gitea Actions: ci.yml — the full gate (ci.sh) on every branch push except main;
|
||||
mirror.yml — force-sync main + tags to the GitHub mirror; see CI/CD
|
||||
README-dockerhub.md The Docker Hub repository description (docker.io/larvit/plainpages) — pasted into the Docker Hub overview by hand when it changes; see CI/CD
|
||||
```
|
||||
|
||||
## Extending the core
|
||||
|
||||
@@ -9,7 +9,8 @@
|
||||
- [x] CI/CD - Build docker images as part of the requirements to be able to merge to main. Push them with the git commit hash as docker tag. Push to container registry at Gitea. (`ci.yml` builds + pushes `gitea.larvit.se/larvit/plainpages:<commit hash>` after a green gate — with ff-only merges that is the main commit's image; auth via the `DOCKER_REGISTRY_USER` variable + `DOCKER_REGISTRY_TOKEN` secret, retention via an org cleanup rule; documented in README → CI/CD.)
|
||||
- [x] CI/CD - Re-tag docker images from git hash to semver when a semver git tag is pushed. (`release.yml` on a `vX.Y.Z` tag pulls the commit-hash image and re-tags it `X.Y.Z`/`X.Y`/`X`/`latest`, failing loud if the gated image is missing; tag pushes also trigger the GitHub mirror; documented in README → CI/CD.)
|
||||
- [x] CI/CD - Sync docker images to docker hub after each re-tag to git tags. (`release.yml` pushes the same `X.Y.Z`/`X.Y`/`X`/`latest` tags to `docker.io/larvit/plainpages` after the Gitea re-tag — releases only, no hash tags; auth via the `DOCKERHUB_USER` variable + `DOCKERHUB_TOKEN` secret; documented in README → CI/CD.)
|
||||
- [ ] CI/CD - Setup renovate bot.
|
||||
- [x] Write a short text on how to use this docker image to publish on docker hub and save it to README-dockerhub.md (tagline, tags, compose quick start + published-image override, env table, first plugin; pasted into the Docker Hub overview by hand — noted in README → CI/CD.)
|
||||
- [ ] CI/CD - Setup renovate bot. Check how other repos on this Gitea is setup you can get access to, there should be a number of renovate bot activated ones.
|
||||
- [ ] Add an e2e test for the admin plugin's OAuth2-clients (Hydra) screen. The full-flow e2e suite runs without Hydra (compose.full.yml), so /admin/clients register/detail/delete is only unit-covered (src/http/app.test.ts); wire Hydra into an e2e stack and drive the screen in the browser.
|
||||
- [ ] Build and publish docker image as CI/CD.
|
||||
- [ ] Add i18n support.
|
||||
|
||||
Reference in New Issue
Block a user