diff --git a/roles/web-app-chess/README.md b/roles/web-app-chess/README.md index 98e3e198..c7202c2f 100644 --- a/roles/web-app-chess/README.md +++ b/roles/web-app-chess/README.md @@ -1,4 +1,4 @@ -# web-app-chess +# Chess ## Description diff --git a/roles/web-app-chess/config/main.yml b/roles/web-app-chess/config/main.yml index 69045483..72641cdb 100644 --- a/roles/web-app-chess/config/main.yml +++ b/roles/web-app-chess/config/main.yml @@ -12,9 +12,9 @@ docker: volumes: data: "chess_data" features: - matomo: false - css: false - desktop: false + matomo: true + css: true + desktop: true central_database: true logout: false oidc: false diff --git a/roles/web-app-chess/files/docker-entrypoint.sh b/roles/web-app-chess/files/docker-entrypoint.sh index 83990ad1..10b552c2 100644 --- a/roles/web-app-chess/files/docker-entrypoint.sh +++ b/roles/web-app-chess/files/docker-entrypoint.sh @@ -7,9 +7,16 @@ APP_KEY_PUB="${APP_KEY_FILE}.pub" # 1) Generate signing key pair if missing if [[ ! -f "${APP_KEY_FILE}" || ! -f "${APP_KEY_PUB}" ]]; then echo "[chess] generating RSA signing key pair at ${APP_KEY_FILE}" - /app/tools/gen-signing-key.sh "${APP_KEY_FILE}" + key_dir="$(dirname "${APP_KEY_FILE}")" + key_base="$(basename "${APP_KEY_FILE}")" + ( cd "${key_dir}" && bash /app/tools/gen-signing-key.sh "${key_base}" ) fi + # 1.5) Ensure Yarn is ready and deps are installed (PnP, immutable) +echo "[chess] preparing yarn & installing deps (immutable)" +corepack enable || true +yarn install --immutable --inline-builds + # 2) Wait for PostgreSQL if env is provided if [[ -n "${PGHOST:-}" ]]; then echo "[chess] waiting for PostgreSQL at ${PGHOST}:${PGPORT}..." diff --git a/roles/web-app-chess/tasks/01_core.yml b/roles/web-app-chess/tasks/01_core.yml index c6ed3607..07b9d82d 100644 --- a/roles/web-app-chess/tasks/01_core.yml +++ b/roles/web-app-chess/tasks/01_core.yml @@ -6,5 +6,7 @@ copy: src: "{{ CHESS_ENTRYPOINT_FILE }}" dest: "{{ CHESS_ENTRYPOINT_ABS }}" + notify: + - docker compose build - include_tasks: utils/run_once.yml diff --git a/roles/web-app-chess/templates/Dockerfile.j2 b/roles/web-app-chess/templates/Dockerfile.j2 index 4c821243..b0c13921 100644 --- a/roles/web-app-chess/templates/Dockerfile.j2 +++ b/roles/web-app-chess/templates/Dockerfile.j2 @@ -12,34 +12,41 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ WORKDIR /src RUN git clone --depth 1 --branch "${CHESS_REPO_REF}" "${CHESS_REPO_URL}" ./ -# Yarn is preinstalled in Node images via corepack; enable it. -RUN corepack enable - -# Install deps and build TS -RUN yarn install --frozen-lockfile && yarn build +# Use Yarn 4 for the build +RUN corepack enable && corepack prepare yarn@4.9.1 --activate && yarn -v +RUN yarn install --immutable --inline-builds +RUN yarn build # Stage 2: runtime FROM node:{{ CHESS_VERSION }} WORKDIR /app -# Minimal runtime packages + dumb-init +# Minimal runtime packages + dumb-init (+ curl for healthcheck) RUN apt-get update && apt-get install -y --no-install-recommends \ - openssl dumb-init postgresql-client \ + bash openssl dumb-init postgresql-client ca-certificates curl \ && rm -rf /var/lib/apt/lists/* -# Copy built app +# Copy built app from builder COPY --from=build /src /app -# Create data dir for signing keys & cache -RUN mkdir -p {{ CHESS_APP_DATA_DIR }} && chown -R node:node /app -VOLUME ["{{ CHESS_APP_DATA_DIR }}"] - -# Entrypoint script +# Entrypoint script (root so chmod works in /usr/local/bin) COPY {{ CHESS_ENTRYPOINT_REL }} {{ CHESS_ENTRYPOINT_INT }} RUN chmod +x {{ CHESS_ENTRYPOINT_INT }} +# Create data dir for signing keys and Yarn cache; fix ownership +RUN mkdir -p {{ CHESS_APP_DATA_DIR }} /app/.yarn/cache /home/node \ + && chown -R node:node /app /home/node + +# Use project-local yarn cache (avoid /root/.yarn) +ENV YARN_ENABLE_GLOBAL_CACHE=false +ENV YARN_CACHE_FOLDER=/app/.yarn/cache + +# Switch to non-root and prep yarn 4 USER node +ENV HOME=/home/node +RUN corepack enable && corepack prepare yarn@4.9.1 --activate && yarn -v + EXPOSE {{ container_port }} ENTRYPOINT ["dumb-init", "--"] CMD ["{{ CHESS_ENTRYPOINT_INT }}"]