till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-28 03:57:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docs(mac-mini): document Verdaccio npm-auth via BuildKit secret for web builds
Some checks failed
CD Mac Mini / Detect Changes (push) Waiting to run
Details
CD Mac Mini / Deploy (push) Blocked by required conditions
Details
CI / Detect Changes (push) Waiting to run
Details
CI / Validate (push) Waiting to run
Details
CI / Build mana-search (push) Blocked by required conditions
Details
CI / Build mana-sync (push) Blocked by required conditions
Details
CI / Build mana-api-gateway (push) Blocked by required conditions
Details
CI / Build mana-crawler (push) Blocked by required conditions
Details
Mirror to Forgejo / Push to Forgejo (push) Waiting to run
Details
Docker Validate / Validate Dockerfiles (push) Has been cancelled
Details
Docker Validate / Build calendar-web (push) Has been cancelled
Details
Docker Validate / Build quotes-web (push) Has been cancelled
Details
Docker Validate / Build todo-backend (push) Has been cancelled
Details
Docker Validate / Build todo-web (push) Has been cancelled
Details
Docker Validate / Build mana-auth (push) Has been cancelled
Details
Docker Validate / Build mana-sync (push) Has been cancelled
Details
Docker Validate / Build mana-media (push) Has been cancelled
Details

Browse source 
Covers the secret-mount mechanism added so sveltekit-base + web-app builds
authenticate to npm.mana.how for private @mana/* packages. Makes the
docker-compose.macmini.yml comment reference accurate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-05-26 16:18:01 +02:00
parent 5f5287d0e9
commit 113e88e353
1 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
docs/MAC_MINI_SERVER.md
View file

@ -589,6 +589,31 @@ Das Base Image enthaelt alle Shared Packages (`packages/`) vorinstalliert und vo
./scripts/mac-mini/build-app.sh --base
```
#### Verdaccio-Auth beim Build (`@mana/*`-Pakete)
Der Base-Build (und die darauf aufbauenden Web-App-Builds) macht
`pnpm install` und braucht dafür Zugriff auf die privaten `@mana/*`-Pakete
in der Verdaccio-Registry (`npm.mana.how`). Ohne Auth fällt pnpm auf
`registry.npmjs.org` zurück und 404t (z. B. an `@mana/shared-icons`).
Die Auth kommt über einen **BuildKit-Secret-Mount**, nicht über eine in
den Build-Context kopierte `.npmrc` — so landet der Token nie in einer
Image-Layer:
- **Quelle:** das `~/.npmrc` des Build-Hosts (Registry-Mapping +
aufgelöster `_authToken`). Auf dem Mac Mini: `/Users/mana/.npmrc`.
- **Base-Build:** `build-app.sh` setzt `DOCKER_BUILDKIT=1` und übergibt
`--secret id=npmrc,src=$NPMRC_SECRET` (Default `~/.npmrc`, per
`NPMRC_SECRET` überschreibbar).
- **App-Builds:** `docker compose build` liest den Secret aus dem
Top-Level-`secrets:`-Block der `docker-compose.macmini.yml`
(`npmrc.file: ${HOME}/.npmrc`); die SvelteKit-Dockerfiles mounten ihn
via `--mount=type=secret,id=npmrc,target=/root/.npmrc`.
Fehlt `~/.npmrc`, warnt `build-app.sh` vor dem Build. Token-Recovery:
siehe Memory `secret_npm_auth_token_macmini.md` bzw. `npm login` gegen
`https://npm.mana.how/`.
### Build-Script (`build-app.sh`)
Das Script prüft vor dem Build den verfügbaren RAM und stoppt Monitoring-Container **nur wenn nötig** (< 3 GB frei). Alle Container haben explizite `mem_limit` Obergrenzen in der `docker-compose.macmini.yml`, sodass der tatsächliche Verbrauch typischerweise 50-70% der Limits beträgt und genug Headroom für Builds bleibt.