nsecbunkerd

aiolabs/nsecbunkerd

Fork 0

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Padreug	662dd21a60	fix(nix): include prisma CLI + scripts/, wrapper invokes start.js Some checks failed Docker image / build-and-push-image (push) Has been cancelled Details Three correctness fixes to the nix derivation that mirror the Dockerfile correctness fixes: 1. Drop `pnpm prune --prod --ignore-scripts` from the build phase. The prune step removed the prisma CLI (devDependency) from the output, so the runtime invocation of `prisma migrate deploy` had nothing to exec. Same trap the upstream Dockerfile fell into via `--prod` install. 2. Copy `scripts/` into `$out/share/nsecbunkerd/` alongside dist, node_modules, prisma, templates. Without it the launcher script (which contains the migration step) wasn't present. 3. The makeWrapper target switches from `dist/index.js` to `scripts/start.js`. Same change the Dockerfile ENTRYPOINT got in the previous commit. Also adds nodejs_20 to PATH so `npm` is resolvable from inside start.js, and drops `--chdir` so the caller (systemd, docker compose) controls cwd — start.js now resolves sibling paths from `__dirname`, independently committed. The `patchNdk` substitution narrows from the old `workspace:*` form (no longer in the package.json after fork commit `06272c8`) to the current `"2.8.1"` → `"^2.8.1"` rewrite needed to align package.json with the lockfile under --frozen-lockfile. Remaining known gap: nixpkgs ships prisma-engines 7.7.0 while the JS prisma CLI in node_modules is 5.4.1, an RPC vocabulary mismatch that breaks the migrate step at runtime (`Method not found: listMigrationDirectories`). Either bump prisma JS to ^7.x or overlay prisma-engines to 5.4.1. Out of scope for this commit; docker build unaffected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 17:08:42 +02:00
Padreug	711a017e8c	add nix flake with devShell and native package build Some checks failed Docker image / build-and-push-image (push) Has been cancelled Details devShell: nodejs_20, pnpm_8, prisma + prisma-engines, sqlite, openssl, plus the env wiring so prisma uses nix-provided engines instead of fetching from binaries.prisma.sh. packages.default: full native build via pnpm_8.fetchDeps + configHook. Patches the workspace:* ndk spec to the lockfile-resolved ^2.8.1 so --frozen-lockfile accepts it, then re-runs install with scripts to trigger bcrypt's node-pre-gyp fallback-to-build (uses python311 since node-gyp 9.4.1 bundled with pnpm 8 still imports distutils). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-25 23:59:31 +02:00

Padreug

662dd21a60

fix(nix): include prisma CLI + scripts/, wrapper invokes start.js

Docker image / build-and-push-image (push) Has been cancelled

Details

Three correctness fixes to the nix derivation that mirror the Dockerfile
correctness fixes:

1. Drop `pnpm prune --prod --ignore-scripts` from the build phase. The
   prune step removed the prisma CLI (devDependency) from the output,
   so the runtime invocation of `prisma migrate deploy` had nothing to
   exec. Same trap the upstream Dockerfile fell into via `--prod` install.

2. Copy `scripts/` into `$out/share/nsecbunkerd/` alongside dist,
   node_modules, prisma, templates. Without it the launcher script
   (which contains the migration step) wasn't present.

3. The makeWrapper target switches from `dist/index.js` to
   `scripts/start.js`. Same change the Dockerfile ENTRYPOINT got in
   the previous commit. Also adds nodejs_20 to PATH so `npm` is
   resolvable from inside start.js, and drops `--chdir` so the caller
   (systemd, docker compose) controls cwd — start.js now resolves
   sibling paths from `__dirname`, independently committed.

The `patchNdk` substitution narrows from the old `workspace:*` form
(no longer in the package.json after fork commit 06272c8) to the
current `"2.8.1"` → `"^2.8.1"` rewrite needed to align package.json
with the lockfile under --frozen-lockfile.

Remaining known gap: nixpkgs ships prisma-engines 7.7.0 while the
JS prisma CLI in node_modules is 5.4.1, an RPC vocabulary mismatch
that breaks the migrate step at runtime (`Method not found:
listMigrationDirectories`). Either bump prisma JS to ^7.x or overlay
prisma-engines to 5.4.1. Out of scope for this commit; docker build
unaffected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-27 17:08:42 +02:00

Padreug

711a017e8c

add nix flake with devShell and native package build

Docker image / build-and-push-image (push) Has been cancelled

Details

devShell: nodejs_20, pnpm_8, prisma + prisma-engines, sqlite, openssl,
plus the env wiring so prisma uses nix-provided engines instead of
fetching from binaries.prisma.sh.

packages.default: full native build via pnpm_8.fetchDeps + configHook.
Patches the workspace:* ndk spec to the lockfile-resolved ^2.8.1 so
--frozen-lockfile accepts it, then re-runs install with scripts to
trigger bcrypt's node-pre-gyp fallback-to-build (uses python311 since
node-gyp 9.4.1 bundled with pnpm 8 still imports distutils).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-25 23:59:31 +02:00

2 commits