From f98441ad7ee9f831d158d751b6147cafe91aebb4 Mon Sep 17 00:00:00 2001 From: sakullla Date: Thu, 26 Feb 2026 15:40:42 +0800 Subject: [PATCH 1/2] quote-bot --- .github/workflows/docker-publish.yml | 58 ++++++++++++++++++++++++++++ Dockerfile | 20 +++++++--- 2 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/docker-publish.yml diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..95fcaed9 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,58 @@ +name: Docker Publish + +on: + push: + branches: [master, main] + tags: ['v*'] + pull_request: + branches: [master, main] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha,prefix=,suffix=,format=short + + - name: Build and push Docker image + id: build-and-push + uses: docker/build-push-action@v6 + with: + context: . + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max + platforms: linux/amd64,linux/arm64 diff --git a/Dockerfile b/Dockerfile index e68f0877..37683762 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,32 @@ -FROM node:22-bookworm +FROM node:22-bookworm-slim WORKDIR /app -# Install dependencies for native modules -RUN apt-get update && apt-get install -y \ +# Install dependencies for native modules and prebuilt-tdlib +RUN apt-get update && apt-get install -y --no-install-recommends \ build-essential \ libvips-dev \ python3 \ + ca-certificates \ + curl \ && rm -rf /var/lib/apt/lists/* # Copy package files COPY package*.json ./ -# Install dependencies +# Install dependencies (prebuilt-tdlib will download TDLib binary automatically) RUN npm install --omit=dev -# Copy source +# Verify TDLib binary is present +RUN ls -la node_modules/prebuilt-tdlib/ + +# Copy source code COPY . . +# Create non-root user for security +RUN groupadd -r quotly && useradd -r -g quotly quotly \ + && chown -R quotly:quotly /app +USER quotly + # Default command (overridden in docker-compose) CMD ["node", "updates-collector.js"] From 377601fde9606bf17ae4acc2a6770b713644ad9b Mon Sep 17 00:00:00 2001 From: sakullla Date: Thu, 26 Feb 2026 15:43:10 +0800 Subject: [PATCH 2/2] quote-bot --- .github/workflows/docker-publish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 95fcaed9..f8dff9e9 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -40,6 +40,7 @@ jobs: with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | + type=raw,value=latest,enable={{is_default_branch}} type=ref,event=branch type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}}