mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity

Merge branch 'develop' into work/m7.1-security
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed
Details
ci/woodpecker/push/woodpecker Pipeline failed
Details

Browse Source
This commit is contained in:
jason.woltje
2026-02-04 01:57:27 +00:00
parent 004f7828fb de9ab5d96d
commit 449ef39d96
4 changed files with 57 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
.woodpecker.yml
View File

@@ -12,7 +12,7 @@ variables:
# Kaniko base command setup # Kaniko base command setup
- &kaniko_setup | - &kaniko_setup |
mkdir -p /kaniko/.docker mkdir -p /kaniko/.docker
echo "{\"auths\":{\"reg.mosaicstack.dev\":{\"username\":\"$HARBOR_USER\",\"password\":\"$HARBOR_PASS\"}}}" > /kaniko/.docker/config.json echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$GITEA_USER\",\"password\":\"$GITEA_TOKEN\"}}}" > /kaniko/.docker/config.json
steps: steps:
install: install:
@@ -86,7 +86,7 @@ steps:
# ====================== # ======================
# Docker Build & Push (main/develop only) # Docker Build & Push (main/develop only)
# ====================== # ======================
# Requires secrets: harbor_username, harbor_password # Requires secrets: gitea_username, gitea_token
# #
# Tagging Strategy: # Tagging Strategy:
# - Always: commit SHA (e.g., 658ec077) # - Always: commit SHA (e.g., 658ec077)
@@ -98,24 +98,24 @@ steps:
docker-build-api: docker-build-api:
image: gcr.io/kaniko-project/executor:debug image: gcr.io/kaniko-project/executor:debug
environment: environment:
HARBOR_USER: GITEA_USER:
from_secret: harbor_username from_secret: gitea_username
HARBOR_PASS: GITEA_TOKEN:
from_secret: harbor_password from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG} CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA} CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands: commands:
- *kaniko_setup - *kaniko_setup
- | - |
DESTINATIONS="--destination reg.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8}" DESTINATIONS="--destination git.mosaicstack.dev/mosaic/api:${CI_COMMIT_SHA:0:8}"
if [ "$CI_COMMIT_BRANCH" = "main" ]; then if [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/api:latest" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/api:latest"
elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/api:dev" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/api:dev"
fi fi
if [ -n "$CI_COMMIT_TAG" ]; then if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/api:$CI_COMMIT_TAG" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/api:$CI_COMMIT_TAG"
fi fi
/kaniko/executor --context . --dockerfile apps/api/Dockerfile $DESTINATIONS /kaniko/executor --context . --dockerfile apps/api/Dockerfile $DESTINATIONS
when: when:
@@ -128,24 +128,24 @@ steps:
docker-build-web: docker-build-web:
image: gcr.io/kaniko-project/executor:debug image: gcr.io/kaniko-project/executor:debug
environment: environment:
HARBOR_USER: GITEA_USER:
from_secret: harbor_username from_secret: gitea_username
HARBOR_PASS: GITEA_TOKEN:
from_secret: harbor_password from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG} CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA} CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands: commands:
- *kaniko_setup - *kaniko_setup
- | - |
DESTINATIONS="--destination reg.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8}" DESTINATIONS="--destination git.mosaicstack.dev/mosaic/web:${CI_COMMIT_SHA:0:8}"
if [ "$CI_COMMIT_BRANCH" = "main" ]; then if [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/web:latest" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/web:latest"
elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/web:dev" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/web:dev"
fi fi
if [ -n "$CI_COMMIT_TAG" ]; then if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/web:$CI_COMMIT_TAG" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/web:$CI_COMMIT_TAG"
fi fi
/kaniko/executor --context . --dockerfile apps/web/Dockerfile --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS /kaniko/executor --context . --dockerfile apps/web/Dockerfile --build-arg NEXT_PUBLIC_API_URL=https://api.mosaicstack.dev $DESTINATIONS
when: when:
@@ -158,24 +158,24 @@ steps:
docker-build-postgres: docker-build-postgres:
image: gcr.io/kaniko-project/executor:debug image: gcr.io/kaniko-project/executor:debug
environment: environment:
HARBOR_USER: GITEA_USER:
from_secret: harbor_username from_secret: gitea_username
HARBOR_PASS: GITEA_TOKEN:
from_secret: harbor_password from_secret: gitea_token
CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH} CI_COMMIT_BRANCH: ${CI_COMMIT_BRANCH}
CI_COMMIT_TAG: ${CI_COMMIT_TAG} CI_COMMIT_TAG: ${CI_COMMIT_TAG}
CI_COMMIT_SHA: ${CI_COMMIT_SHA} CI_COMMIT_SHA: ${CI_COMMIT_SHA}
commands: commands:
- *kaniko_setup - *kaniko_setup
- | - |
DESTINATIONS="--destination reg.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8}" DESTINATIONS="--destination git.mosaicstack.dev/mosaic/postgres:${CI_COMMIT_SHA:0:8}"
if [ "$CI_COMMIT_BRANCH" = "main" ]; then if [ "$CI_COMMIT_BRANCH" = "main" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/postgres:latest" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/postgres:latest"
elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then elif [ "$CI_COMMIT_BRANCH" = "develop" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/postgres:dev" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/postgres:dev"
fi fi
if [ -n "$CI_COMMIT_TAG" ]; then if [ -n "$CI_COMMIT_TAG" ]; then
DESTINATIONS="$DESTINATIONS --destination reg.mosaicstack.dev/mosaic/postgres:$CI_COMMIT_TAG" DESTINATIONS="$DESTINATIONS --destination git.mosaicstack.dev/mosaic/postgres:$CI_COMMIT_TAG"
fi fi
/kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile $DESTINATIONS /kaniko/executor --context docker/postgres --dockerfile docker/postgres/Dockerfile $DESTINATIONS
when: when:

10
docker-compose.prod.yml
View File

@@ -1,7 +1,7 @@
# Production Docker Compose - Uses pre-built images from Harbor # Production Docker Compose - Uses pre-built images from Gitea Packages
# #
# Prerequisites: # Prerequisites:
# - Images built and pushed to reg.diversecanvas.com/mosaic/* # - Images built and pushed to git.mosaicstack.dev/mosaic/*
# - .env file configured with production values # - .env file configured with production values
# #
# Usage: # Usage:
@@ -16,7 +16,7 @@ services:
# PostgreSQL Database # PostgreSQL Database
# ====================== # ======================
postgres: postgres:
image: reg.diversecanvas.com/mosaic/postgres:latest image: git.mosaicstack.dev/mosaic/postgres:latest
container_name: mosaic-postgres container_name: mosaic-postgres
restart: unless-stopped restart: unless-stopped
environment: environment:
@@ -70,7 +70,7 @@ services:
# Mosaic API # Mosaic API
# ====================== # ======================
api: api:
image: reg.diversecanvas.com/mosaic/api:latest image: git.mosaicstack.dev/mosaic/api:latest
container_name: mosaic-api container_name: mosaic-api
restart: unless-stopped restart: unless-stopped
environment: environment:
@@ -121,7 +121,7 @@ services:
# Mosaic Web # Mosaic Web
# ====================== # ======================
web: web:
image: reg.diversecanvas.com/mosaic/web:latest image: git.mosaicstack.dev/mosaic/web:latest
container_name: mosaic-web container_name: mosaic-web
restart: unless-stopped restart: unless-stopped
environment: environment:

5
package.json
View File

@@ -53,5 +53,10 @@
}, },
"dependencies": { "dependencies": {
"@opentelemetry/resources": "^1.30.1" "@opentelemetry/resources": "^1.30.1"
},
"pnpm": {
"overrides": {
"@isaacs/brace-expansion": ">=5.0.1"
}
} }
} }

28
pnpm-lock.yaml generated
View File

@@ -4,6 +4,9 @@ settings:
autoInstallPeers: true autoInstallPeers: true
excludeLinksFromLockfile: false excludeLinksFromLockfile: false
overrides:
'@isaacs/brace-expansion': '>=5.0.1'
importers: importers:
.: .:
@@ -1424,8 +1427,8 @@ packages:
resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==}
engines: {node: 20 || >=22} engines: {node: 20 || >=22}
'@isaacs/brace-expansion@5.0.0': '@isaacs/brace-expansion@5.0.1':
resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} resolution: {integrity: sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==}
engines: {node: 20 || >=22} engines: {node: 20 || >=22}
'@isaacs/cliui@8.0.2': '@isaacs/cliui@8.0.2':
@@ -6985,7 +6988,7 @@ snapshots:
chalk: 5.6.2 chalk: 5.6.2
commander: 12.1.0 commander: 12.1.0
dotenv: 17.2.3 dotenv: 17.2.3
drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)) drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))
open: 10.2.0 open: 10.2.0
pg: 8.17.2 pg: 8.17.2
prettier: 3.8.1 prettier: 3.8.1
@@ -7616,7 +7619,7 @@ snapshots:
'@isaacs/balanced-match@4.0.1': {} '@isaacs/balanced-match@4.0.1': {}
'@isaacs/brace-expansion@5.0.0': '@isaacs/brace-expansion@5.0.1':
dependencies: dependencies:
'@isaacs/balanced-match': 4.0.1 '@isaacs/balanced-match': 4.0.1
@@ -9888,7 +9891,7 @@ snapshots:
optionalDependencies: optionalDependencies:
'@prisma/client': 5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)) '@prisma/client': 5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))
better-sqlite3: 12.6.2 better-sqlite3: 12.6.2
drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)) drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))
next: 16.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4) next: 16.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
pg: 8.17.2 pg: 8.17.2
prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3) prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3)
@@ -9913,7 +9916,7 @@ snapshots:
optionalDependencies: optionalDependencies:
'@prisma/client': 6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3) '@prisma/client': 6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3)
better-sqlite3: 12.6.2 better-sqlite3: 12.6.2
drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)) drizzle-orm: 0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))
next: 16.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4) next: 16.1.6(@babel/core@7.28.6)(@opentelemetry/api@1.9.0)(react-dom@19.2.4(react@19.2.4))(react@19.2.4)
pg: 8.17.2 pg: 8.17.2
prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3) prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3)
@@ -10661,6 +10664,16 @@ snapshots:
dotenv@17.2.3: {} dotenv@17.2.3: {}
drizzle-orm@0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)):
optionalDependencies:
'@opentelemetry/api': 1.9.0
'@prisma/client': 5.22.0(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))
'@types/pg': 8.16.0
better-sqlite3: 12.6.2
kysely: 0.28.10
pg: 8.17.2
prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3)
drizzle-orm@0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)): drizzle-orm@0.41.0(@opentelemetry/api@1.9.0)(@prisma/client@6.19.2(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3))(typescript@5.9.3))(@types/pg@8.16.0)(better-sqlite3@12.6.2)(kysely@0.28.10)(pg@8.17.2)(prisma@6.19.2(magicast@0.3.5)(typescript@5.9.3)):
optionalDependencies: optionalDependencies:
'@opentelemetry/api': 1.9.0 '@opentelemetry/api': 1.9.0
@@ -10670,6 +10683,7 @@ snapshots:
kysely: 0.28.10 kysely: 0.28.10
pg: 8.17.2 pg: 8.17.2
prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3) prisma: 6.19.2(magicast@0.3.5)(typescript@5.9.3)
optional: true
dunder-proto@1.0.1: dunder-proto@1.0.1:
dependencies: dependencies:
@@ -11686,7 +11700,7 @@ snapshots:
minimatch@10.1.1: minimatch@10.1.1:
dependencies: dependencies:
'@isaacs/brace-expansion': 5.0.0 '@isaacs/brace-expansion': 5.0.1
minimatch@3.1.2: minimatch@3.1.2:
dependencies: dependencies: