Files
TX/docker-compose.yml
T
Riyadh 608e15cf91 Task #589: Live build stamp + server start time in System Updates panel
Problem: After `git pull && docker compose up -d --build api` on the
Mac, the admin → System Updates panel kept showing the same version
(0.1.0-dev) and the same build (20260517.8a5bd5db) because both come
from version.json, a hand-edited file that nothing rewrites on every
build. No visible signal that a new image was actually running.

Two independent signals were added — neither needs editing version.json
by hand:

1) Auto-stamp version.json at Docker build time
   - docker/api-server.Dockerfile: new ARGs GIT_SHA and BUILD_DATE.
     A `node -e` step rewrites version.json's `build` field to
     `${YYYYMMDDTHHmm}.${sha}` (e.g. 20260518T1042.71da8e01). When
     the args are missing/"unknown", version.json is left untouched
     so plain `docker build` and Replit `pnpm dev` still work.
   - docker-compose.yml: api.build.args wires through GIT_SHA and
     BUILD_DATE with `${GIT_SHA:-unknown}` fallbacks.
   - scripts/redeploy.sh: exports GIT_SHA (git rev-parse --short HEAD)
     and BUILD_DATE (date -u +%Y-%m-%dT%H:%M:%SZ) before `docker
     compose build`, so the helper script just works.

2) startedAt timestamp from the API
   - artifacts/api-server/src/routes/system.ts: SERVER_STARTED_AT
     captured at module load (frozen for the process lifetime) and
     added to every branch of GET /system/version (not-configured,
     error, invalid-version, up-to-date, update-available, catch).
   - lib/api-spec/openapi.yaml: added `startedAt: date-time` to
     SystemVersionResponse (required). Regenerated api-client-react
     and api-zod via `pnpm --filter @workspace/api-spec run codegen`.

3) Admin UI surfacing both signals
   - artifacts/tx-os/src/pages/admin.tsx: new formatBuildStamp parses
     `YYYYMMDD[THHmm].sha` and renders a localized date next to the
     raw token. A new "Server started" line below the build number
     formats the boot timestamp via the existing formatChecked helper.
   - artifacts/tx-os/src/locales/{en,ar}.json: added
     admin.systemUpdates.serverStartedAt ("Server started" /
     "بدأ تشغيل الخادم").

4) Docs
   - replit.md: documented how to verify a real redeploy via the
     System Updates panel and the manual one-liner for `docker
     compose build` without the helper script.

Verified: codegen succeeds, API workflow restarted clean, Vite served
fine. Pre-existing typecheck errors in push.ts and font-settings are
unrelated and untouched.

Mac next steps:
  cd ~/Downloads/TX && git pull && ./scripts/redeploy.sh
Then open admin → System Updates: build line should show a new
`YYYYMMDDTHHmm.sha` stamp and "Server started" should reflect the
new boot time.
2026-05-18 10:39:17 +00:00

166 lines
6.2 KiB
YAML

name: tx-os
services:
postgres:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_USER: ${POSTGRES_USER:-tx}
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-tx_dev_password}
POSTGRES_DB: ${POSTGRES_DB:-tx}
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-tx} -d ${POSTGRES_DB:-tx}"]
interval: 5s
timeout: 5s
retries: 20
migrate:
build:
context: .
dockerfile: docker/api-server.Dockerfile
image: tx-os/api-server:latest
depends_on:
postgres:
condition: service_healthy
environment:
NODE_ENV: production
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
# Seed passwords are now optional. When unset, the seed script
# creates roles/permissions only and leaves admin creation to
# the first-run Setup Wizard (/api/setup/complete).
SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD:-}
SEED_USER_PASSWORD: ${SEED_USER_PASSWORD:-}
SEED_DEMO_MEETINGS: ${SEED_DEMO_MEETINGS:-false}
PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:${APP_PORT:-3000}}
user: root
entrypoint: ["/usr/bin/tini", "--"]
command: ["/bin/bash", "/usr/local/bin/migrate.sh"]
restart: "no"
api:
build:
context: .
dockerfile: docker/api-server.Dockerfile
# Stamped into version.json inside the image so the admin
# "System Updates" panel can show *which* code is running.
# `scripts/redeploy.sh` exports both before calling `build`.
# If you call `docker compose build` by hand, pass them too:
# GIT_SHA=$(git rev-parse --short HEAD) \
# BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
# docker compose up -d --build api
args:
GIT_SHA: ${GIT_SHA:-unknown}
BUILD_DATE: ${BUILD_DATE:-unknown}
image: tx-os/api-server:latest
restart: unless-stopped
depends_on:
postgres:
condition: service_healthy
migrate:
condition: service_completed_successfully
environment:
NODE_ENV: production
PORT: 8080
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
SESSION_SECRET: ${SESSION_SECRET:?SESSION_SECRET is required — copy .env.docker.example to .env and edit it}
LOCAL_STORAGE_SIGNING_SECRET: ${LOCAL_STORAGE_SIGNING_SECRET:-${SESSION_SECRET}}
LOCAL_STORAGE_ROOT: /app/storage
STORAGE_DRIVER: ${STORAGE_DRIVER:-local}
PRIVATE_OBJECT_DIR: ${PRIVATE_OBJECT_DIR:-/app/storage/private}
PUBLIC_OBJECT_SEARCH_PATHS: ${PUBLIC_OBJECT_SEARCH_PATHS:-/app/storage/public}
DEFAULT_OBJECT_STORAGE_BUCKET_ID: ${DEFAULT_OBJECT_STORAGE_BUCKET_ID:-tx-local}
ALLOWED_ORIGINS: ${ALLOWED_ORIGINS:-http://localhost:${APP_PORT:-3000}}
PUBLIC_BASE_URL: ${PUBLIC_BASE_URL:-http://localhost:${APP_PORT:-3000}}
TRUST_PROXY_HTTPS: ${TRUST_PROXY_HTTPS:-false}
LOG_LEVEL: ${LOG_LEVEL:-info}
HTTPS_MODE: ${HTTPS_MODE:-local}
LOCAL_DOMAIN: ${LOCAL_DOMAIN:-}
LOCAL_IP: ${LOCAL_IP:-}
SMTP_HOST: ${SMTP_HOST:-}
SMTP_PORT: ${SMTP_PORT:-}
SMTP_USER: ${SMTP_USER:-}
SMTP_PASS: ${SMTP_PASS:-}
SMTP_FROM: ${SMTP_FROM:-}
SMTP_SECURE: ${SMTP_SECURE:-}
VAPID_PUBLIC_KEY: ${VAPID_PUBLIC_KEY:-}
VAPID_PRIVATE_KEY: ${VAPID_PRIVATE_KEY:-}
VAPID_SUBJECT: ${VAPID_SUBJECT:-}
volumes:
- app_storage:/app/storage
web:
build:
context: .
dockerfile: docker/tx-os.Dockerfile
image: tx-os/web:latest
restart: unless-stopped
depends_on:
- api
# No host port binding — Caddy is the single public edge.
expose:
- "80"
caddy:
image: caddy:2.8-alpine
restart: unless-stopped
depends_on:
- api
- web
environment:
LOCAL_DOMAIN: ${LOCAL_DOMAIN:-tx.local}
LOCAL_IP: ${LOCAL_IP:-127.0.0.1}
HTTPS_MODE: ${HTTPS_MODE:-local}
PUBLIC_DOMAIN: ${PUBLIC_DOMAIN:-}
ACME_EMAIL: ${ACME_EMAIL:-}
# Pick the Caddyfile at boot:
# * HTTPS_MODE=auto → Caddyfile.auto (Let's Encrypt for PUBLIC_DOMAIN)
# * HTTPS_MODE=skip → Caddyfile.skip (plain HTTP, dev only)
# * /certs missing → Caddyfile.skip (graceful fall-back)
# * otherwise → Caddyfile (BYO cert under /certs)
entrypoint:
- /bin/sh
- -c
- |
if [ "$${HTTPS_MODE}" = "auto" ]; then
if [ -z "$${PUBLIC_DOMAIN}" ]; then
echo "HTTPS_MODE=auto requires PUBLIC_DOMAIN to be set (e.g. tx.example.com)" >&2
exit 1
fi
if [ -n "$${ACME_EMAIL}" ]; then
export ACME_EMAIL_DIRECTIVE="email $${ACME_EMAIL}"
else
export ACME_EMAIL_DIRECTIVE=""
fi
exec caddy run --config /etc/caddy/Caddyfile.auto --adapter caddyfile
elif [ "$${HTTPS_MODE}" = "skip" ] || [ ! -f /certs/local-cert.pem ] || [ ! -f /certs/local-key.pem ]; then
exec caddy run --config /etc/caddy/Caddyfile.skip --adapter caddyfile
else
exec caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
fi
ports:
# HTTP edge: defaults to APP_PORT so the legacy http://localhost:${APP_PORT}
# URL keeps working without modifying start.sh.
- "${HTTP_PORT:-${APP_PORT:-3000}}:80"
# HTTPS edge: HTTPS_PORT is the operator-facing variable used by
# both .env.example (default 443, for local-setup.sh users) and
# .env.docker.example (default 8443, for start.sh users on hosts
# without privileged-port access). When HTTPS_MODE=skip the
# entrypoint loads Caddyfile.skip which doesn't listen on :443,
# so a high default keeps the bind harmless either way.
- "${HTTPS_PORT:-443}:443"
volumes:
- ./docker/Caddyfile:/etc/caddy/Caddyfile:ro
- ./docker/Caddyfile.skip:/etc/caddy/Caddyfile.skip:ro
- ./docker/Caddyfile.auto:/etc/caddy/Caddyfile.auto:ro
- ./certs:/certs:ro
- caddy_data:/data
- caddy_config:/config
volumes:
postgres_data:
app_storage:
caddy_data:
caddy_config: