diff --git a/Dockerfile b/Dockerfile index ab8bb81..fd24900 100644 --- a/Dockerfile +++ b/Dockerfile @@ -71,8 +71,8 @@ ENV GIT_DOMAIN=localhost:6543 ENV PORT=6543 # Health check -HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ - CMD node -e "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})" +HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \ + CMD node -e "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)}).on('error', () => {process.exit(1)})" # Start the application CMD ["node", "build"] diff --git a/docker-compose.yml b/docker-compose.yml index 640d168..c945e8d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,24 +1,29 @@ services: gitrepublic: - build: - context: . - dockerfile: Dockerfile + # For using a pre-built image (e.g., from local build or registry): + image: ${DOCKER_IMAGE:-silberengel/gitrepublic-web:latest} + # For building from source, comment out image above and uncomment build below: + # build: + # context: . + # dockerfile: Dockerfile container_name: gitrepublic-web - # For localhost: expose port directly + # Publish port to host (required when reverse proxy is on host, not in Docker) + # Apache on host machine proxies to 127.0.0.1:6543, so we need ports: not expose: ports: - "${PORT:-6543}:6543" - # For production behind reverse proxy: comment out ports above and use expose instead + # Alternative: If reverse proxy is in Docker (same network), use expose instead: # expose: - # - "6543" # Internal only, accessed via reverse proxy + # - "6543" # Internal only, accessed via reverse proxy container environment: - NODE_ENV=production - GIT_REPO_ROOT=/repos - - GIT_DOMAIN=${GIT_DOMAIN:-localhost:6543} # Set to your domain for production - - NOSTR_RELAYS=${NOSTR_RELAYS:-wss://relay.damus.io,wss://nostr.wine,wss://nos.lol} + - GIT_DOMAIN=${GIT_DOMAIN:-gitrepublic.imwald.eu} # Set to your domain for production (without https://) + - NOSTR_RELAYS=${NOSTR_RELAYS:-wss://theforest.nostr1.com} - NOSTRGIT_SECRET_KEY=${NOSTRGIT_SECRET_KEY:-} - PORT=6543 volumes: # Persist git repositories + # Note: Ensure ./repos directory exists on the remote machine, or Docker will create it - ./repos:/repos # Optional: persist audit logs # - ./logs:/app/logs @@ -26,17 +31,22 @@ services: # - ./config:/app/config:ro restart: unless-stopped healthcheck: - test: ["CMD", "node", "-e", "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"] + test: ["CMD", "node", "-e", "require('http').get('http://localhost:6543', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)}).on('error', () => {process.exit(1)})"] interval: 30s - timeout: 3s + timeout: 5s retries: 3 start_period: 10s # Resource limits (adjust as needed) - deploy: - resources: - limits: - cpus: '2' - memory: 2G - reservations: - cpus: '1' - memory: 1G + # Note: deploy section is for Docker Swarm only + # For local development with docker-compose v1, use: + # mem_limit: 2g + # cpus: '2' + # For docker-compose v2 or Docker Swarm, uncomment below: + # deploy: + # resources: + # limits: + # cpus: '2' + # memory: 2G + # reservations: + # cpus: '1' + # memory: 1G diff --git a/docs/PUBLISH.md b/docs/PUBLISH.md index f260765..249d0cd 100644 --- a/docs/PUBLISH.md +++ b/docs/PUBLISH.md @@ -6,11 +6,51 @@ - Visit https://www.npmjs.com/signup - Or run: `npm adduser` -2. **Login to npm**: +2. **Enable Two-Factor Authentication (2FA) or Create Access Token**: + + npm requires either TOTP/SMS 2FA or a granular access token to publish packages. Biometric authentication (fingerprint) alone is not sufficient for CLI publishing. + + **Option A: Enable TOTP/SMS 2FA** (Recommended for regular use): + - Go to https://www.npmjs.com/settings/[your-username]/security + - Look for "Two-factor authentication" section + - If you only see biometric options, you may need to: + 1. Check if there's an "Advanced" or "More options" link + 2. Look for "Authenticator app" or "SMS" options + 3. Some accounts may need to disable biometric first to see other options + - **If using TOTP app** (recommended): + - You'll see a QR code on your computer screen + - Scan it with your phone's authenticator app (Google Authenticator, Authy, 1Password, etc.) + - The app will generate 6-digit codes that you'll use when logging in + - **If using SMS**: + - Enter your phone number + - You'll receive codes via text message + - Follow the setup instructions to complete the setup + + **Option B: Create Granular Access Token** (Alternative if 2FA setup is difficult): + - Go to https://www.npmjs.com/settings/[your-username]/tokens + - Click "Generate New Token" + - Choose "Granular Access Token" + - Set permissions: Select "Publish" for the package(s) you want to publish + - Enable "Bypass 2FA" option (this is required for publishing) + - Copy the token (you'll only see it once!) + - Use it for authentication: + ```bash + npm config set //registry.npmjs.org/:_authToken YOUR_TOKEN_HERE + ``` + - Or set it as an environment variable: + ```bash + export NPM_TOKEN=YOUR_TOKEN_HERE + ``` + +3. **Login to npm from your computer** (if using Option A): ```bash + npm logout # Log out first if already logged in npm login ``` - Enter your username, password, and email. + - Enter your username, password, and email + - If 2FA is enabled, you'll be prompted for the authentication code + - **Get the code from your phone's authenticator app** (if using TOTP) or check your SMS (if using SMS) + - Enter the 6-digit code when prompted 3. **Check if package name is available**: ```bash @@ -105,6 +145,45 @@ npm install -g gitrepublic-cli ## Troubleshooting +### "Access token expired or revoked" +- Your npm login session has expired +- Solution: Run `npm login` again to authenticate +- Verify you're logged in: `npm whoami` + +### "403 Forbidden - Two-factor authentication or granular access token with bypass 2fa enabled is required" +- npm requires 2FA (TOTP/SMS) or a granular access token to publish packages +- Biometric authentication (fingerprint) alone is not sufficient for CLI publishing +- **Solution Option 1: Enable TOTP/SMS 2FA** + 1. Visit: https://www.npmjs.com/settings/[your-username]/security + 2. Look for "Two-factor authentication" section + 3. If you only see biometric options: + - Check for "Advanced" or "More options" links + - Look for "Authenticator app" or "SMS" options + - You may need to disable biometric first to see other options + 4. Enable TOTP app (recommended) or SMS + 5. Follow setup instructions + 6. After enabling, log out and log back in: `npm logout` then `npm login` +- **Solution Option 2: Use Granular Access Token** (if 2FA setup is difficult) + 1. Visit: https://www.npmjs.com/settings/[your-username]/tokens + 2. Click "Generate New Token" → "Granular Access Token" + 3. Set permissions: Select "Publish" for your package(s) + 4. **Important**: Enable "Bypass 2FA" option + 5. Copy the token (save it securely - you'll only see it once!) + 6. Use it for authentication: + ```bash + npm config set //registry.npmjs.org/:_authToken YOUR_TOKEN_HERE + ``` + 7. Or set as environment variable: + ```bash + export NPM_TOKEN=YOUR_TOKEN_HERE + ``` + 8. Now you can publish: `npm publish` + +### "404 Not Found - PUT https://registry.npmjs.org/gitrepublic-cli" +- This is normal for a first publish (package doesn't exist yet) +- Make sure you're logged in: `npm login` +- Check if package name is available: `npm view gitrepublic-cli` (should return 404) + ### "Package name already exists" - The name `gitrepublic-cli` is taken - Options: @@ -121,3 +200,7 @@ npm install -g gitrepublic-cli - Can contain hyphens and underscores - Cannot start with dot or underscore - Max 214 characters + +### npm warnings about package.json +- If you see warnings about `bin` script names being "cleaned", this is usually fine - npm normalizes them +- If you see warnings about `repositories` field, remove it and use only the `repository` field (single object, not array) diff --git a/nostr/commit-signatures.jsonl b/nostr/commit-signatures.jsonl index 9fb2c9b..4e14f00 100644 --- a/nostr/commit-signatures.jsonl +++ b/nostr/commit-signatures.jsonl @@ -13,3 +13,4 @@ {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771531630,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","bug-fixes"]],"content":"Signed commit: bug-fixes","id":"a219cd3c4055c7e77a20f464b2192dfc236059eb6b0f4717c8e9cb26b80a959f","sig":"fb9eef37d37242483dde59b9d3d96fc2a3ff9f9fb1893000327d45e3a1c73bd028b358bfbb43df19633661cc9b9c6798a76a3fc9323d2f89a3dea50fdd035f16"} {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771532033,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","fixing themes"]],"content":"Signed commit: fixing themes","id":"b415f46b54a30f022ece43f9acc4e13ffddaa56abfd6febe447a852c54ace23c","sig":"acec0d1ea91d8c77b7ac98f0837eae225eca1272d7f871c3c5ccefc744706cb933d2f20732d9a1e42dee4f978c2ca7d17d0bc4033088a8db0a39e66cf982cb62"} {"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771532649,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","adjust responsiveness"]],"content":"Signed commit: adjust responsiveness","id":"b585b4ee5862b2593c0e469974f94b16a1a60e9f57df988cf9ed157acba1c921","sig":"7daeaea11600c77d015448d293f8d7c7500c65d87cd4b496c13ba0fa9922fe5330353a3082eb4f5b540208630e668f163981cdb5e35f027191fb6abd6d0d380f"} +{"kind":1640,"pubkey":"573634b648634cbad10f2451776089ea21090d9407f715e83c577b4611ae6edc","created_at":1771533104,"tags":[["author","Silberengel","silberengel7@protonmail.com"],["message","add more api help"]],"content":"Signed commit: add more api help","id":"165d9bb66132123e1ac956f442e13f2ffb784e204ecdd1d3643152a5274cdd5a","sig":"deb8866643413806ec43e30faa8a47a78f0ede64616d6304e3b0a87ee3e267122e2308ed67131b73290a3ec10124c19198b05d2b5f142a3ff3e44858d1dff4fe"}