handbook: GitHub workflow and ABCD

.env.example

@@ -1,38 +1,38 @@
-SITE_URL=http://www.datum.net
-PORT=4321
-
-# Github App configuration
-GITHUB_PROJECT_URL='http://github.com/datum-cloud/datum.net'
-
-# Astro environment variables
-ASTRO_TELEMETRY_DISABLED=1
-
-LUMA_API_KEY=
-
-# Authentication (Zitadel OIDC)
-AUTH_OIDC_ISSUER=https://your-zitadel-instance.com
-AUTH_OIDC_CLIENT_ID=your-client-id
-AUTH_OIDC_CLIENT_SECRET=
-AUTH_OIDC_REDIRECT_URI=http://localhost:4321/auth/callback
-
-# Backend API
-API_URL=http://localhost:8080
-
-# STRAPI_URL=
-# STRAPI_TOKEN=
-# STRAPI_CACHE_ENABLED=1
-# STRAPI_CACHE_TTL=300 // 5 minutes
-# STRAPI_WEBHOOK_SECRET= // webhook cache invalidation
-
-# Strapi CMS
-STRAPI_URL=https://your-project.strapiapp.com
-STRAPI_TOKEN=your-api-token
-STRAPI_CACHE_ENABLED=false
-STRAPI_CACHE_TTL=3000
-
-# Webhook: shared secret for cache invalidation from Strapi
-# Generate: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
-STRAPI_WEBHOOK_SECRET=your-shared-secret
-
-# Request timeout in seconds before falling back to the persistent stale cache (default: 3)
-STRAPI_TIMEOUT=3
+SITE_URL=http://www.datum.net
+PORT=4321
+
+# Github App configuration
+GITHUB_PROJECT_URL='http://github.com/datum-cloud/datum.net'
+
+# Astro environment variables
+ASTRO_TELEMETRY_DISABLED=1
+
+LUMA_API_KEY=
+
+# Authentication (Zitadel OIDC)
+AUTH_OIDC_ISSUER=https://your-zitadel-instance.com
+AUTH_OIDC_CLIENT_ID=your-client-id
+AUTH_OIDC_CLIENT_SECRET=
+AUTH_OIDC_REDIRECT_URI=http://localhost:4321/auth/callback
+
+# Backend API
+API_URL=http://localhost:8080
+
+# STRAPI_URL=
+# STRAPI_TOKEN=
+# STRAPI_CACHE_ENABLED=1
+# STRAPI_CACHE_TTL=300 // 5 minutes
+# STRAPI_WEBHOOK_SECRET= // webhook cache invalidation
+
+# Strapi CMS
+STRAPI_URL=https://your-project.strapiapp.com
+STRAPI_TOKEN=your-api-token
+STRAPI_CACHE_ENABLED=false
+STRAPI_CACHE_TTL=3000
+
+# Webhook: shared secret for cache invalidation from Strapi
+# Generate: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+STRAPI_WEBHOOK_SECRET=your-shared-secret
+
+# Request timeout in seconds before falling back to the persistent stale cache (default: 3)
+STRAPI_TIMEOUT=3

.github/workflows/publish.yml

@@ -1,48 +1,48 @@
-name: Publish Website
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - 'README.md'
-      - 'env.example'
-      - '.vscode/**'
-
-  release:
-    types: ['published']
-
-jobs:
-  check-files:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-  build-and-push:
-    permissions:
-      contents: read
-      packages: write
-      id-token: write
-    needs: check-files
-    uses: datum-cloud/actions/.github/workflows/publish-docker.yaml@v1.14.0
-    with:
-      image-name: datum-net
-      target: production
-      extra-build-args: |
-        ASTRO_TELEMETRY_DISABLED=1
-    secrets: inherit
-
-  publish-kustomize-bundles:
-    permissions:
-      id-token: write
-      contents: read
-      packages: write
-    needs: build-and-push
-    uses: datum-cloud/actions/.github/workflows/publish-kustomize-bundle.yaml@v1.14.0
-    with:
-      bundle-name: ghcr.io/datum-cloud/datum-net-kustomize
-      bundle-path: config/base
-      image-overlays: config/base
-      image-name: ghcr.io/datum-cloud/datum-net
-    secrets: inherit
+name: Publish Website
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - 'README.md'
+      - 'env.example'
+      - '.vscode/**'
+
+  release:
+    types: ['published']
+
+jobs:
+  check-files:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+  build-and-push:
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    needs: check-files
+    uses: datum-cloud/actions/.github/workflows/publish-docker.yaml@v1.14.0
+    with:
+      image-name: datum-net
+      target: production
+      extra-build-args: |
+        ASTRO_TELEMETRY_DISABLED=1
+    secrets: inherit
+
+  publish-kustomize-bundles:
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+    needs: build-and-push
+    uses: datum-cloud/actions/.github/workflows/publish-kustomize-bundle.yaml@v1.14.0
+    with:
+      bundle-name: ghcr.io/datum-cloud/datum-net-kustomize
+      bundle-path: config/base
+      image-overlays: config/base
+      image-name: ghcr.io/datum-cloud/datum-net
+    secrets: inherit

.gitignore

@@ -1,55 +1,52 @@
-# build output
-dist/
-
-# Bun
-bun.lockb
-.bun/
-
-# generated types
-.astro/
-
-# dependencies
-node_modules/
-
-# logs
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-pnpm-debug.log*
-
-# environment variables
-.env
-.env.local
-.env.production
-.env.development
-
-# macOS-specific files
-.DS_Store
-
-# jetbrains setting folder
-.idea/
-
-# Playwright
-playwright-report/
-test-results/
-playwright/.cache/
-tech-spec.md
-result.txt
-build-log.txt
-Dockerfile.bak
-
-# local storage
-.persistent/*
-
-# Cache files
-.cache/
-
-# others
-bunfig.toml
-
-# API documentation generation artifacts
-.tmp/
-
-# ignore local claude settings
-.claude/settings.local.json
-docs/PROJECT_RECOMMENDATIONS.md
+# build output
+dist/
+
+# Bun
+bun.lockb
+.bun/
+
+# generated types
+.astro/
+
+# dependencies
+node_modules/
+
+# logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# environment variables
+
+# macOS-specific files
+.DS_Store
+
+# jetbrains setting folder
+.idea/
+
+# Playwright
+playwright-report/
+test-results/
+playwright/.cache/
+tech-spec.md
+result.txt
+build-log.txt
+Dockerfile.bak
+
+# local storage
+.persistent/*
+
+# Cache files
+.cache/
+
+# others
+bunfig.toml
+
+# API documentation generation artifacts
+.tmp/
+
+# ignore local claude settings
+.claude/settings.local.json
+docs/PROJECT_RECOMMENDATIONS.md
+config.bat

Dockerfile

@@ -1,42 +1,42 @@
-FROM node:24.15.0-alpine3.22 AS base
-WORKDIR /app
-ENV ASTRO_TELEMETRY_DISABLED=true
-RUN apk update && \
-    apk add --no-cache git
-COPY package*.json ./
-
-FROM base AS build
-ENV NODE_ENV=production
-ENV STRAPI_CACHE_ENABLED=true
-COPY ./.kube/config.yaml ./.kube/config.yaml
-RUN --mount=type=cache,target=/root/.npm npm install --ignore-scripts
-COPY . .
-RUN chmod -R 755 src/pages
-# Warmup: .cache in layer, so production gets it at runtime
-RUN npm run build:cache
-# Build: cache mount speeds up rebuilds; .cache from layer above persists after unmount
-RUN --mount=type=cache,target=/app/.cache npm run build
-
-FROM base AS development
-ENV NODE_ENV=development
-COPY ./.kube/config.yaml ./.kube/config.yaml
-RUN --mount=type=cache,target=/root/.npm npm install
-COPY . .
-RUN chmod -R 755 src/pages
-CMD ["npm", "run", "dev", "--", "--host", "--allowed-hosts=website.staging.env.datum.net"]
-
-FROM node:24.15.0-alpine3.22 AS production
-WORKDIR /app
-ENV NODE_ENV=production
-COPY --from=build /app/dist ./dist
-COPY --from=build /app/server.mjs ./server.mjs
-COPY --from=build /app/package*.json ./
-RUN --mount=type=cache,target=/root/.npm npm install --omit=dev --ignore-scripts
-COPY --from=build /app/src/pages ./src/pages
-COPY --from=build /app/.cache ./.cache
-RUN chmod -R 755 src/pages
-
-ENV HOST=0.0.0.0
-ENV PORT=4321
-EXPOSE 4321
-CMD ["node", "./server.mjs"]
+FROM node:24.15.0-alpine3.22 AS base
+WORKDIR /app
+ENV ASTRO_TELEMETRY_DISABLED=true
+RUN apk update && \
+    apk add --no-cache git
+COPY package*.json ./
+
+FROM base AS build
+ENV NODE_ENV=production
+ENV STRAPI_CACHE_ENABLED=true
+COPY ./.kube/config.yaml ./.kube/config.yaml
+RUN --mount=type=cache,target=/root/.npm npm install --ignore-scripts
+COPY . .
+RUN chmod -R 755 src/pages
+# Warmup: .cache in layer, so production gets it at runtime
+RUN npm run build:cache
+# Build: cache mount speeds up rebuilds; .cache from layer above persists after unmount
+RUN --mount=type=cache,target=/app/.cache npm run build
+
+FROM base AS development
+ENV NODE_ENV=development
+COPY ./.kube/config.yaml ./.kube/config.yaml
+RUN --mount=type=cache,target=/root/.npm npm install
+COPY . .
+RUN chmod -R 755 src/pages
+CMD ["npm", "run", "dev", "--", "--host", "--allowed-hosts=website.staging.env.datum.net"]
+
+FROM node:24.15.0-alpine3.22 AS production
+WORKDIR /app
+ENV NODE_ENV=production
+COPY --from=build /app/dist ./dist
+COPY --from=build /app/server.mjs ./server.mjs
+COPY --from=build /app/package*.json ./
+RUN --mount=type=cache,target=/root/.npm npm install --omit=dev --ignore-scripts
+COPY --from=build /app/src/pages ./src/pages
+COPY --from=build /app/.cache ./.cache
+RUN chmod -R 755 src/pages
+
+ENV HOST=0.0.0.0
+ENV PORT=4321
+EXPOSE 4321
+CMD ["node", "./server.mjs"]