DarkHelm.org/plex-playlist
Public Access
2
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Making network connectivity more resiliant and getting the secrets more secure.
Some checks failed
Tests / Build and Push CICD Image (push) Failing after 5m18s
Details
Tests / Pyright Type Check (push) Has been skipped
Details
Tests / Darglint Docstring Check (push) Has been skipped
Details
Tests / No Docstring Types Check (push) Has been skipped
Details
Tests / ESLint Check (push) Has been skipped
Details
Tests / Trailing Whitespace Check (push) Has been skipped
Details
Tests / End of File Check (push) Has been skipped
Details
Tests / Ruff Format Check (push) Has been skipped
Details
Tests / YAML Syntax Check (push) Has been skipped
Details
Tests / TOML Syntax Check (push) Has been skipped
Details
Tests / Mixed Line Ending Check (push) Has been skipped
Details
Tests / TOML Formatting Check (push) Has been skipped
Details
Tests / Ruff Linting (push) Has been skipped
Details
Tests / Prettier Format Check (push) Has been skipped
Details
Tests / TypeScript Type Check (push) Has been skipped
Details
Tests / TSDoc Lint Check (push) Has been skipped
Details
Tests / Backend Tests (push) Has been skipped
Details
Tests / Frontend Tests (push) Has been skipped
Details
Tests / Backend Doctests (push) Has been skipped
Details
Tests / Integration Tests (push) Has been skipped
Details
Tests / End-to-End Tests (push) Has been skipped
Details

Browse Source 
Signed-off-by: Cliff Hill <xlorep@darkhelm.org>
This commit is contained in:
Xlorep DarkHelm
2025-10-27 15:30:11 -04:00
parent cde41ddd38
commit 8a49a2f233
4 changed files with 237 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
Dockerfile.cicd
View File

@@ -16,11 +16,17 @@ RUN apt-get update && apt-get install -y \
apt-fast \
&& rm -rf /var/lib/apt/lists/*
# Configure apt-fast for non-interactive use
# Configure apt-fast for non-interactive use with timeouts
RUN echo 'apt-fast apt-fast/maxdownloads string 10' | debconf-set-selections && \
echo 'apt-fast apt-fast/dlflag boolean true' | debconf-set-selections && \
echo 'apt-fast apt-fast/aptmanager string apt-get' | debconf-set-selections
# Configure apt timeouts and retries
RUN echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80retries && \
echo 'Acquire::http::Timeout "60";' >> /etc/apt/apt.conf.d/80retries && \
echo 'Acquire::https::Timeout "60";' >> /etc/apt/apt.conf.d/80retries && \
echo 'Acquire::ftp::Timeout "60";' >> /etc/apt/apt.conf.d/80retries
# Install system dependencies using apt-fast
RUN apt-fast update && apt-fast install -y \
git \
@@ -32,18 +38,37 @@ RUN apt-fast update && apt-fast install -y \
tzdata \
&& rm -rf /var/lib/apt/lists/*
# Install Python 3.13
RUN add-apt-repository -y ppa:deadsnakes/ppa \
&& apt-fast update && apt-fast install -y \
python3.13 \
python3.13-venv \
python3.13-dev \
&& rm -rf /var/lib/apt/lists/*
# Install Python 3.13 with retry and fallback mechanisms
RUN for i in 1 2 3; do \
echo "Attempt $i: Adding deadsnakes PPA..." && \
add-apt-repository -y ppa:deadsnakes/ppa && \
apt-get update --timeout=60 && \
break || \
(echo "Attempt $i failed, retrying in 10s..." && sleep 10); \
done
# Install Node.js 24
RUN curl -fsSL https://deb.nodesource.com/setup_24.x | bash - \
&& apt-fast update && apt-fast install -y nodejs \
&& rm -rf /var/lib/apt/lists/*
RUN for i in 1 2 3; do \
echo "Attempt $i: Installing Python 3.13..." && \
apt-fast install -y --timeout=300 \
python3.13 \
python3.13-venv \
python3.13-dev && \
break || \
(echo "Attempt $i failed, retrying in 15s..." && sleep 15); \
done && \
rm -rf /var/lib/apt/lists/*
# Install Node.js 24 with retry mechanism
RUN for i in 1 2 3; do \
echo "Attempt $i: Installing Node.js 24..." && \
curl -fsSL --connect-timeout 30 --max-time 300 \
https://deb.nodesource.com/setup_24.x | bash - && \
apt-fast update --timeout=60 && \
apt-fast install -y --timeout=300 nodejs && \
break || \
(echo "Attempt $i failed, retrying in 15s..." && sleep 15); \
done && \
rm -rf /var/lib/apt/lists/*
# Enable corepack for yarn and set up Yarn Berry
RUN corepack enable \
@@ -53,35 +78,30 @@ RUN corepack enable \
# Install uv package manager globally
COPY --from=ghcr.io/astral-sh/uv:latest /uv /bin/uv
# Accept build arguments for Git checkout
ARG SSH_PRIVATE_KEY
# Accept build arguments for Git checkout (no secrets here!)
ARG GITHUB_SHA
# Set working directory
WORKDIR /workspace
# Set up SSH and clone repository
RUN if [ -n "$SSH_PRIVATE_KEY" ]; then \
mkdir -p ~/.ssh && \
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa && \
chmod 600 ~/.ssh/id_rsa && \
echo "Host *" > ~/.ssh/config && \
echo " StrictHostKeyChecking no" >> ~/.ssh/config && \
echo " UserKnownHostsFile /dev/null" >> ~/.ssh/config && \
chmod 600 ~/.ssh/config && \
ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null; \
fi
# Clone repository
RUN GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" \
# Set up SSH and clone repository using BuildKit secrets
RUN --mount=type=secret,id=ssh_private_key \
mkdir -p ~/.ssh && \
cp /run/secrets/ssh_private_key ~/.ssh/id_rsa && \
chmod 600 ~/.ssh/id_rsa && \
echo "Host dogar.darkhelm.org" > ~/.ssh/config && \
echo " Port 2222" >> ~/.ssh/config && \
echo " StrictHostKeyChecking no" >> ~/.ssh/config && \
echo " UserKnownHostsFile /dev/null" >> ~/.ssh/config && \
chmod 600 ~/.ssh/config && \
ssh-keyscan -p 2222 dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null && \
GIT_SSH_COMMAND="ssh -F ~/.ssh/config" \
git clone --depth 1 --branch main \
ssh://git@dogar.darkhelm.org:2222/DarkHelm.org/plex-playlist.git . && \
if [ -n "$GITHUB_SHA" ]; then \
git checkout "$GITHUB_SHA" 2>/dev/null || echo "Using main branch HEAD"; \
fi
# Clean up SSH key for security
RUN rm -rf ~/.ssh
fi && \
rm -rf ~/.ssh
# Set up Python environment for backend
WORKDIR /workspace/backend
@@ -117,13 +137,17 @@ RUN cd /workspace/frontend && \
yarn tsc --version && \
yarn vitest --version
# Create a script to set up SSH for git operations (if needed for updates)
# Create a script to set up SSH for git operations (using secrets mount)
RUN echo '#!/bin/bash' > /usr/local/bin/setup-ssh && \
echo 'mkdir -p ~/.ssh' >> /usr/local/bin/setup-ssh && \
echo 'echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa' >> /usr/local/bin/setup-ssh && \
echo 'chmod 600 ~/.ssh/id_rsa' >> /usr/local/bin/setup-ssh && \
echo 'ssh-keyscan -H github.com >> ~/.ssh/known_hosts 2>/dev/null' >> /usr/local/bin/setup-ssh && \
echo 'ssh-keyscan -H dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null' >> /usr/local/bin/setup-ssh && \
echo 'if [ -f /run/secrets/ssh_private_key ]; then' >> /usr/local/bin/setup-ssh && \
echo ' mkdir -p ~/.ssh' >> /usr/local/bin/setup-ssh && \
echo ' cp /run/secrets/ssh_private_key ~/.ssh/id_rsa' >> /usr/local/bin/setup-ssh && \
echo ' chmod 600 ~/.ssh/id_rsa' >> /usr/local/bin/setup-ssh && \
echo ' ssh-keyscan -H github.com >> ~/.ssh/known_hosts 2>/dev/null' >> /usr/local/bin/setup-ssh && \
echo ' ssh-keyscan -p 2222 -H dogar.darkhelm.org >> ~/.ssh/known_hosts 2>/dev/null' >> /usr/local/bin/setup-ssh && \
echo 'else' >> /usr/local/bin/setup-ssh && \
echo ' echo "No SSH key provided via secrets mount"' >> /usr/local/bin/setup-ssh && \
echo 'fi' >> /usr/local/bin/setup-ssh && \
chmod +x /usr/local/bin/setup-ssh
# Set Python path for backend