ci: Add hosting support files

d34dman · d34dman · commit 9e359e9d2efa · 2026-03-13T00:09:04.000+01:00
diff --git a/.github/workflows/docker-publish-api-docs.yml b/.github/workflows/docker-publish-api-docs.yml
@@ -0,0 +1,71 @@
+name: Docker Build and Publish — API Docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "apps/api-docs/**"
+      - "libs/flowdrop/api/**"
+      - ".github/workflows/docker-publish-api-docs.yml"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: flowdrop-io/flowdrop-api-docs
+
+jobs:
+  build-and-push:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=sha-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        # Build context is repo root — Dockerfile copies libs/flowdrop/api/ at build time
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: apps/api-docs/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  trigger-deploy:
+    name: Trigger GitLab deployment
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    if: success() && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Trigger GitLab pipeline
+        run: |
+          curl --fail -X POST \
+            "https://source.factorial.io/api/v4/projects/1074/trigger/pipeline" \
+            -F "token=${{ secrets.GITLAB_TRIGGER_TOKEN }}" \
+            -F "ref=main"
diff --git a/.github/workflows/docker-publish-docs.yml b/.github/workflows/docker-publish-docs.yml
@@ -0,0 +1,68 @@
+name: Docker Build and Publish — Docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "apps/docs/**"
+      - ".github/workflows/docker-publish-docs.yml"
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: flowdrop-io/flowdrop-docs
+
+jobs:
+  build-and-push:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract image metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=sha,prefix=sha-
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: apps/docs
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  trigger-deploy:
+    name: Trigger GitLab deployment
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    if: success() && github.ref == 'refs/heads/main'
+
+    steps:
+      - name: Trigger GitLab pipeline
+        run: |
+          curl --fail -X POST \
+            "https://source.factorial.io/api/v4/projects/1074/trigger/pipeline" \
+            -F "token=${{ secrets.GITLAB_TRIGGER_TOKEN }}" \
+            -F "ref=main"
diff --git a/apps/api-docs/Dockerfile b/apps/api-docs/Dockerfile
@@ -0,0 +1,46 @@
+# ============================================================
+# FlowDrop API Docs — Docker Build
+# ============================================================
+# Redocly-generated static site served by nginx.
+#
+# Build context: repo root (requires libs/flowdrop/api/)
+#
+# Usage (from repo root):
+#   docker build -f apps/api-docs/Dockerfile -t flowdrop-api-docs .
+#   docker run -p 80:80 flowdrop-api-docs
+
+# --- Stage 1: Build ---
+FROM node:22-alpine AS builder
+
+# Enable pnpm via corepack
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+WORKDIR /app
+
+# Install dependencies (apps/api-docs only has devDependencies — no lockfile workspace magic)
+COPY apps/api-docs/package.json apps/api-docs/pnpm-lock.yaml ./apps/api-docs/
+RUN cd apps/api-docs && pnpm install --frozen-lockfile
+
+# Copy source files needed by the build script
+COPY apps/api-docs/scripts ./apps/api-docs/scripts
+COPY libs/flowdrop/api ./libs/flowdrop/api
+
+ENV NODE_ENV=production
+RUN cd apps/api-docs && pnpm run build
+
+
+# --- Stage 2: Serve ---
+FROM nginx:alpine AS server
+
+# Copy built static files
+COPY --from=builder /app/apps/api-docs/dist /usr/share/nginx/html
+
+# Copy nginx config
+COPY apps/api-docs/nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget -qO- http://localhost/ || exit 1
+
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/apps/api-docs/nginx.conf b/apps/api-docs/nginx.conf
@@ -0,0 +1,39 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Enable gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_min_length 256;
+    gzip_types
+        application/javascript
+        application/x-javascript
+        application/json
+        application/xml
+        font/eot
+        font/otf
+        font/ttf
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    # Try exact file, then directory index, then 404
+    location / {
+        add_header Cache-Control "public, max-age=3600";
+        try_files $uri $uri/ /404.html;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+}
diff --git a/apps/docs/Dockerfile b/apps/docs/Dockerfile
@@ -0,0 +1,47 @@
+# ============================================================
+# FlowDrop Docs — Docker Build
+# ============================================================
+# Astro/Starlight static site served by nginx.
+#
+# Build context: apps/docs/ (standalone app, no workspace deps)
+#
+# Usage:
+#   docker build -t flowdrop-docs .
+#   docker run -p 80:80 flowdrop-docs
+
+# --- Stage 1: Build ---
+FROM node:22-alpine AS builder
+
+# Enable pnpm via corepack
+RUN corepack enable && corepack prepare pnpm@latest --activate
+
+WORKDIR /app
+
+# Install dependencies first (cached layer)
+COPY package.json pnpm-lock.yaml ./
+RUN pnpm install --frozen-lockfile
+
+# Copy source and build
+COPY astro.config.mjs svelte.config.js tsconfig.json ./
+COPY src ./src
+COPY public ./public
+
+ENV NODE_ENV=production
+RUN pnpm run build
+
+
+# --- Stage 2: Serve ---
+FROM nginx:alpine AS server
+
+# Copy built static files
+COPY --from=builder /app/dist /usr/share/nginx/html
+
+# Copy nginx config
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+
+EXPOSE 80
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD wget -qO- http://localhost/ || exit 1
+
+CMD ["nginx", "-g", "daemon off;"]
diff --git a/apps/docs/nginx.conf b/apps/docs/nginx.conf
@@ -0,0 +1,48 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name _;
+
+    root /usr/share/nginx/html;
+    index index.html;
+
+    # Enable gzip compression
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_min_length 256;
+    gzip_types
+        application/atom+xml
+        application/javascript
+        application/x-javascript
+        application/json
+        application/manifest+json
+        application/xhtml+xml
+        application/xml
+        font/eot
+        font/otf
+        font/ttf
+        image/svg+xml
+        text/css
+        text/javascript
+        text/plain
+        text/xml;
+
+    # Long-term cache for hashed assets (Astro _astro/ directory)
+    location /_astro/ {
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        try_files $uri =404;
+    }
+
+    # Try exact file, then .html extension, then directory index, then 404
+    location / {
+        add_header Cache-Control "public, max-age=3600";
+        try_files $uri $uri.html $uri/ /404.html;
+    }
+
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+}
