84e41857c3
* fix: bundle banner into admin-ui image and serve at origin root The loader at apps/banner/src/loader.ts derives the bundle URL from its own origin, not its directory, so ``consent-loader.js`` and ``consent-bundle.js`` must live at the web root rather than under a sub-path. The upstream admin-ui image never bundled the banner at all, forcing deployment overlays to paper over the gap — and those overlays misplaced the files under ``/banner/``. Fold the banner build into ``apps/admin-ui/Dockerfile`` as an extra stage, move its output to ``public/`` so Vite emits it at the image root, and add CORS + caching rules for the two scripts in ``nginx.conf`` ahead of the SPA fallback. Switch the root ``docker-compose.yml`` build context to the repo root (with the dockerignore trimmed accordingly) so one image now covers admin + CDN. Also drop the published sourcemap for ``consent-bundle.js`` — the bundle is minified and cross-origin, shipping a map to anyone inspecting a customer page isn't something we want. * feat: add docker-compose.prod.yml for single-host deployment Add a production-targeted compose file alongside the existing dev one. Operators running ConsentOS on a single host (the OSS quick-start path) now have a canonical compose to point ``-f`` at, instead of hand-rolling overlays in their deployment repo. Differences from ``docker-compose.yml`` (dev) — see the file header for the full list, but the load-bearing ones are: * A one-shot ``consentos-bootstrap`` init container owns alembic migrations and the initial-admin provisioning. Every long-running service that touches the database waits for it via ``service_completed_successfully``. * Postgres credentials and Redis password come from the ``.env`` file rather than being hardcoded; the dev compose keeps the ``consentos:consentos`` defaults so ``make up`` still just works. * All host-bound ports are scoped to ``127.0.0.1`` so a reverse proxy on the host (Caddy in the reference deployment) can terminate TLS in front of them. * The scanner gets a scoped ``environment:`` block instead of ``env_file: .env``. Sharing the env file caused vars like ``PORT`` to leak into ``ScannerSettings`` and rebind the service off its default ``8001``, which silently broke ``SCANNER_SERVICE_URL`` for the worker. * ``shm_size: 1gb`` on the scanner — Playwright/Chromium crashes under the default 64 MB ``/dev/shm`` on heavy pages. * ``consentos-admin`` builds with the repo root as the context so the upstream ``apps/admin-ui/Dockerfile`` (added in the previous commit) can pull ``apps/banner/`` in alongside ``apps/admin-ui/`` and bundle ``consent-loader.js`` / ``consent-bundle.js`` at the nginx root. * Per-service ``mem_limit`` and dependency-aware healthchecks so ``docker compose up -d`` gives a consistent, observable start.
38 lines
1.0 KiB
JavaScript
38 lines
1.0 KiB
JavaScript
import typescript from '@rollup/plugin-typescript';
|
|
import terser from '@rollup/plugin-terser';
|
|
|
|
export default [
|
|
// consent-loader.js — lightweight synchronous bootstrap (~2KB gzipped)
|
|
{
|
|
input: 'src/loader.ts',
|
|
output: {
|
|
file: 'dist/consent-loader.js',
|
|
format: 'iife',
|
|
name: 'CmpLoader',
|
|
sourcemap: false,
|
|
},
|
|
plugins: [
|
|
typescript({ tsconfig: './tsconfig.json', declaration: false }),
|
|
terser(),
|
|
],
|
|
},
|
|
// consent-bundle.js — full banner + consent engine
|
|
{
|
|
input: 'src/banner.ts',
|
|
output: {
|
|
file: 'dist/consent-bundle.js',
|
|
format: 'iife',
|
|
name: 'CmpBanner',
|
|
// No sourcemap in the published bundle. The file is minified
|
|
// and served cross-origin from customer sites; shipping the
|
|
// map would publish our source tree to anyone inspecting the
|
|
// page. Build locally if you need to debug.
|
|
sourcemap: false,
|
|
},
|
|
plugins: [
|
|
typescript({ tsconfig: './tsconfig.json', declaration: false }),
|
|
terser(),
|
|
],
|
|
},
|
|
];
|