feat: allow deploying to hetzner

.dockerignore

@@ -29,5 +29,9 @@
 **/values.dev.yaml
 **/build
 **/dist
+**/.github
+**/.turbo
+**/.infra
+
 LICENSE
 README.md

.env.docker-compose.dev

@@ -1,18 +1,24 @@
 # garage admin token for init script
 GARAGE_ADMIN_TOKEN=dev_admin_token
 
-ASSETS_BUCKET_NAME=assets.v7.pubpub.org
-ASSETS_UPLOAD_KEY=pubpubuser
-ASSETS_UPLOAD_SECRET_KEY=pubpubpass
-# set to same as above for s3fs/caddy to work
-AWS_ACCESS_KEY_ID=pubpubuser
-AWS_SECRET_ACCESS_KEY=pubpubpass
-
-ASSETS_REGION=garage
+S3_BUCKET_NAME=assets.pubstar.org
+S3_ACCESS_KEY=pubstaruser
+S3_SECRET_KEY=pubstarpass
+S3_REGION=us-east-1
 # internal endpoint used by backend services running in Docker
-ASSETS_STORAGE_ENDPOINT=http://garage:3900
+S3_ENDPOINT=http://minio:9000
 # public endpoint used for signed URLs accessible from browsers
-ASSETS_PUBLIC_ENDPOINT=http://localhost:3900
+S3_PUBLIC_ENDPOINT=http://localhost:9000
+
+MINIO_ROOT_USER=pubstar-admin
+MINIO_ROOT_PASSWORD=pubstar-admin
+
+S3_BACKUP_BUCKET=backups.pubstar.org
+S3_BACKUP_ACCESS_KEY=pubstarbackupuser
+S3_BACKUP_SECRET_KEY=pubstarbackuppass
+S3_BACKUP_REGION=us-east-1
+S3_BACKUP_ENDPOINT=http://minio:9000
+S3_BACKUP_KEY_PREFIX=pg-backups
 
 POSTGRES_PORT=54322
 POSTGRES_USER=postgres
@@ -36,14 +42,17 @@ DATABASE_URL=postgresql://postgres:postgres@db:5432/postgres
 
 
 JWT_SECRET=xxx
-MAILGUN_SMTP_PASSWORD=xxx
+SMTP_PASSWORD=xxx
+SMTP_USERNAME=omitted
+SMTP_HOST=inbucket
+SMTP_PORT=2500
+SMTP_FROM=dev@pubstar.org
+SMTP_FROM_NAME=Pubstar Team
 GCLOUD_KEY_FILE=xxx
 
-MAILGUN_SMTP_HOST=inbucket
-MAILGUN_SMTP_PORT=2500
 # this needs to be localhost:54324 instead of inbucket:9000 bc we are almost always running the integration tests from outside the docker network
 INBUCKET_URL=http://localhost:54324
-MAILGUN_SMTP_USERNAME=omitted
 OTEL_SERVICE_NAME=core.core
-PUBPUB_URL=http://localhost:3000
+PUBSTAR_HOSTNAME=http://localhost:3000
+PUBSTAR_URL=http://localhost:3000
 API_KEY=xxx

.env.example

@@ -0,0 +1,55 @@
+# Base environment configuration
+# Copy this to .env and customize as needed
+# Values here are defaults that work across development, testing, and self-hosting
+
+# Database configuration
+POSTGRES_USER=postgres
+POSTGRES_PASSWORD=postgres
+POSTGRES_DB=postgres
+POSTGRES_PORT=54322
+
+# Cache configuration
+VALKEY_HOST=localhost
+VALKEY_PORT=6379
+
+# Minio configuration
+MINIO_ROOT_USER=pubstar-admin
+MINIO_ROOT_PASSWORD=pubstar-admin
+S3_BUCKET_NAME=assets.pubpub.local
+S3_ACCESS_KEY=pubpubuser
+S3_SECRET_KEY=pubpubpass
+S3_REGION=us-east-1
+# storage endpoint used for signed uploads and server-side s3 calls
+S3_ENDPOINT=http://localhost:9000
+# optional public endpoint used for generated asset urls
+# if hostname matches S3_BUCKET_NAME, urls are generated as:
+#   https://assets.pubstar.org/<key>
+# otherwise they are generated as:
+#   <endpoint>/<bucket>/<key>
+# S3_PUBLIC_ENDPOINT=https://assets.pubstar.org
+
+# private backup storage config
+S3_BACKUP_BUCKET=backups.pubstar.local
+S3_BACKUP_ACCESS_KEY=pubstarbackupuser
+S3_BACKUP_SECRET_KEY=pubstarbackuppass
+S3_BACKUP_REGION=us-east-1
+S3_BACKUP_ENDPOINT=http://localhost:9000
+S3_BACKUP_KEY_PREFIX=pg-backups
+
+# Email configuration
+SMTP_HOST=localhost
+SMTP_PORT=54325
+SMTP_USERNAME=xxx
+SMTP_PASSWORD=xxx
+
+# Application configuration
+API_KEY=super_secret_key
+PUBSTAR_URL=http://localhost:3000
+
+# Other configuration
+OTEL_SERVICE_NAME=pubstar-v7-dev
+HONEYCOMB_API_KEY=xxx
+
+# Volume types (can be overridden per environment)
+DB_VOLUME_TYPE=postgres_data
+MINIO_VOLUME_TYPE=minio_data 

.github/workflows/build-docs.yml

@@ -15,14 +15,14 @@ jobs:
               with:
                   # necessary in order to show latest updates in docs
                   fetch-depth: 0
-              uses: actions/checkout@v4
+              uses: actions/checkout@v6
 
             - name: Install Node.js
-              uses: actions/setup-node@v4
+              uses: actions/setup-node@v6
               with:
                   node-version: 22.13.1
 
-            - uses: pnpm/action-setup@v4
+            - uses: pnpm/action-setup@v5
               name: Install pnpm
               with:
                   run_install: false
@@ -34,15 +34,15 @@ jobs:
                   echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
 
             - name: Setup pnpm cache
-              uses: actions/cache@v4
+              uses: actions/cache@v5
               with:
                   path: ${{ steps.get-store-path.outputs.STORE_PATH }}
                   key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
                   restore-keys: |
                       ${{ runner.os }}-pnpm-store-
 
             # - name: Cache turbo
-            #   uses: actions/cache@v4
+            #   uses: actions/cache@v5
             #   with:
             #       path: .turbo
             #       key: ${{ runner.os }}-turbo-${{ github.sha }}

.github/workflows/ci.yml

@@ -1,77 +1,77 @@
-name: "CI"
+name: 'CI'
 on:
-    workflow_call:
-        inputs:
-            image-tag-override: # example: latest, 7037e37a18a379d583164441baff9e594cc479f8
-                type: string # use this to force a container version.
-    workflow_dispatch:
+  workflow_call:
+    inputs:
+      image-tag-override: # example: latest, 7037e37a18a379d583164441baff9e594cc479f8
+        type: string # use this to force a container version.
+  workflow_dispatch:
 
 env:
-    CI: true
-    AWS_REGION: us-east-1
+  CI: true
+  AWS_REGION: us-east-1
 
-    ECR_REPOSITORY_PREFIX: pubpub-v7
-    CONTAINER_NAME: core
+  ECR_REPOSITORY_PREFIX: pubstar-v7
+  CONTAINER_NAME: core
 
 jobs:
-    ci:
-        timeout-minutes: 15
-        runs-on: ubuntu-latest
-        strategy:
-            matrix:
-                task:
-                    - lint:ci
-                    - type-check
-                    - test-run
-        env:
-            COMPOSE_FILE: docker-compose.test.yml
-            ENV_FILE: .env.docker-compose.dev
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
+  ci:
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        task:
+          - lint:ci
+          - type-check
+          - test-run
+    env:
+      COMPOSE_FILE: docker-compose.test.yml
+      ENV_FILE: .env.docker-compose.dev
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
 
-            - name: Install Node.js
-              uses: actions/setup-node@v4
-              with:
-                  node-version: 22.13.1
+      - name: Install Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: 22.13.1
 
-            - uses: pnpm/action-setup@v4
-              name: Install pnpm
-              with:
-                  run_install: false
+      - uses: pnpm/action-setup@v5
+        name: Install pnpm
+        with:
+          run_install: false
 
-            - name: Get pnpm store directory
-              id: get-store-path
-              shell: bash
-              run: |
-                  echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
+      - name: Get pnpm store directory
+        id: get-store-path
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
 
-            - name: Setup pnpm cache
-              uses: actions/cache@v4
-              with:
-                  path: ${{ steps.get-store-path.outputs.STORE_PATH }}
-                  key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-                  restore-keys: |
-                      ${{ runner.os }}-pnpm-store-
+      - name: Setup pnpm cache
+        uses: actions/cache@v5
+        with:
+          path: ${{ steps.get-store-path.outputs.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
 
-            # to cache p:build, format, lint, type-check and test-run
-            - name: Setup turbo cache
-              uses: actions/cache@v4
-              with:
-                  path: .turbo
-                  key: ${{ runner.os }}-turbo-${{ github.sha }}
-                  restore-keys: |
-                      ${{ runner.os }}-turbo-
+      # to cache p:build, format, lint, type-check and test-run
+      - name: Setup turbo cache
+        uses: actions/cache@v5
+        with:
+          path: .turbo
+          key: ${{ runner.os }}-turbo-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-turbo-
 
-            - name: Install dependencies
-              run: pnpm install --frozen-lockfile --prefer-offline
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile --prefer-offline
 
-            - name: p:build
-              run: pnpm p:build
+      - name: p:build
+        run: pnpm p:build
 
-            - name: Setup test dependencies
-              if: matrix.task == 'test-run'
-              run: pnpm test:setup
+      - name: Setup test dependencies
+        if: matrix.task == 'test-run'
+        run: pnpm test:setup
 
-            - name: Run task
-              run: NODE_ENV=test pnpm ${{ matrix.task }}
+      - name: Run task
+        run: NODE_ENV=test pnpm ${{ matrix.task }}