ModernLeft/athena-archive-ci-image
3
0
Fork 0
Code Issues 5 Pull requests 1 Releases Packages 1 Activity Actions
No description
32 commits 3 branches 0 tags 5.1 MiB
  • Dockerfile 78.6%
  • Makefile 21.4%
Find a file
Exact
Nathan Price 788e28d956
All checks were successful
Build & Push CI Image / build-and-push-image (push) Successful in 2m7s
Details
volume cache stores
2026-06-12 18:10:51 -04:00
.forgejo chore: move renovate config 2026-05-22 17:24:24 -04:00
.editorconfig bump 2026-05-16 00:52:25 -04:00
.gitignore chore: scaffold CI image with exiftool, poppler-utils, ffmpeg 2026-05-02 00:45:34 -04:00
Dockerfile volume cache stores 2026-06-12 18:10:51 -04:00
Makefile bump 2026-06-12 17:32:43 -04:00
package.json update frontend packages 2026-06-11 18:51:10 -04:00
pnpm-lock.yaml update frontend packages 2026-06-11 18:51:10 -04:00
pnpm-workspace.yaml update frontend packages 2026-06-11 18:51:10 -04:00
README.md build: remove a11y test rig (playwright deps, chromium) 2026-05-22 13:24:31 -04:00

README.md

athena-archive-ci-image

CI runner image used by both athena-archive (Next.js FE) and athena-archive-api (FastAPI BE). Extends node:24-bookworm-slim with the system packages each test suite needs (exiftool, poppler-utils, ffmpeg) plus uv + Python 3.14 for the BE and pnpm 10.x for the FE.

The FE's pnpm store is pre-populated at image build time so CI runs skip the network round-trip for every package — see Pre-baked pnpm store.

Image

code.modernleft.org/modernleft/athena-archive-ci:sha-<short-sha>

Downstream workflows pin a specific SHA tag for reproducibility (managed by Renovate). :latest is also published but not recommended for pinning.

The image rebuilds automatically on:

  • Push to main touching Dockerfile, .forgejo/workflows/build.yml, package.json, or pnpm-lock.yaml.
  • Weekly schedule (Mon 06:00 UTC) for security patches.
  • Manual workflow_dispatch.

Use in a workflow

jobs:
    test:
        runs-on: docker
        container:
            image: code.modernleft.org/modernleft/athena-archive-ci:sha-<short-sha>
        steps:
            - uses: actions/checkout@v6
            # ...

Pre-baked pnpm store

package.json and pnpm-lock.yaml are vendored from athena-archive and pnpm fetch runs at image build time, populating /home/athena/.local/share/pnpm/store/v10. CI runs (also as athena) find the store on disk and complete pnpm install --frozen-lockfile --offline in ~2 seconds.

When athena-archive's lockfile drifts ahead of the next image rebuild, pnpm install --frozen-lockfile self-heals — it fetches what's missing and ignores what's no longer referenced. Renovate keeps the two lockfiles in sync via the shared local>ModernLeft/renovate preset, and a fresh image rebuild closes the gap.

Build locally

make build      # docker build -t athena-archive-ci:local .
make run        # docker run --rm -it athena-archive-ci:local

Required secret

The build workflow needs one repo-level secret:

Secret Purpose
REGISTRY_TOKEN Forgejo application token with package:write scope, owned by gravityfargo