0e97206907
* ci: optimize build time for Docker and CI workflows - Dockerfile: slim production-stage to copy only runtime artifacts (.next, public, node_modules, package.json, next.config.mjs), dropping src/, src-tauri/, patches/, packages source, etc. - Dockerfile: add sharing=locked to pnpm store cache mount to prevent concurrent-build cache corruption - docker-image.yml: pin actions/checkout to SHA (consistent with other workflows) - docker-image.yml: switch Buildx cache from type=gha (10 GB shared limit, poor for multi-arch) to type=registry on GHCR (no size cap, already authenticated, correct per-platform caching) - pull-request.yml: use pnpm install --frozen-lockfile --prefer-offline - release.yml: use pnpm install --frozen-lockfile --prefer-offline - next.config.mjs: skip redundant eslint pass during next build (lint already runs as a dedicated CI step) * fix(docker): eliminate QEMU emulation, fix pnpm version mismatch, patch artifact write CVE (#4) * fix(docker): eliminate QEMU arm64 emulation and fix pnpm version mismatch - Fix pnpm version in Dockerfile: 10.29.3 → 11.1.1 (matches package.json) Prevents corepack from re-downloading pnpm 11 on every build - Replace single QEMU job with matrix build (ubuntu-latest for amd64, ubuntu-24.04-arm for arm64) — eliminates ~21 min QEMU emulation overhead - Use per-platform build cache tags (buildcache-linux-amd64 / buildcache-linux-arm64) to avoid cache thrashing between architectures - Add merge job that assembles multi-arch manifest from platform digests Agent-Logs-Url: https://github.com/pourmand1376/readest/sessions/89c298b4-8a58-4517-ac7f-2f26c86bbcd6 Co-authored-by: pourmand1376 <32064808+pourmand1376@users.noreply.github.com> * fix(ci): upgrade artifact actions to v7 to patch arbitrary file write vulnerability actions/download-artifact >= 4.0.0 < 4.1.3 allows arbitrary file write via artifact extraction. Pin both upload-artifact and download-artifact to v7 (SHA-pinned), consistent with the rest of the repo's workflows. Agent-Logs-Url: https://github.com/pourmand1376/readest/sessions/89c298b4-8a58-4517-ac7f-2f26c86bbcd6 Co-authored-by: pourmand1376 <32064808+pourmand1376@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: pourmand1376 <32064808+pourmand1376@users.noreply.github.com> * chore(docker): tighten build context Exclude local env, build output, credential, and tooling state files from Docker build context to reduce registry cache exposure. --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: Huang Xin <chrox.huang@gmail.com>
150 lines
4.4 KiB
JavaScript
150 lines
4.4 KiB
JavaScript
import withSerwistInit from '@serwist/next';
|
|
import withBundleAnalyzer from '@next/bundle-analyzer';
|
|
import path from 'node:path';
|
|
import { fileURLToPath } from 'node:url';
|
|
|
|
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
|
|
|
const isDev = process.env['NODE_ENV'] === 'development';
|
|
const appPlatform = process.env['NEXT_PUBLIC_APP_PLATFORM'];
|
|
|
|
if (isDev) {
|
|
const { initOpenNextCloudflareForDev } = await import('@opennextjs/cloudflare');
|
|
initOpenNextCloudflareForDev();
|
|
}
|
|
|
|
const exportOutput = appPlatform !== 'web' && !isDev;
|
|
|
|
/** @type {import('next').NextConfig} */
|
|
const nextConfig = {
|
|
// Ensure Next.js uses SSG instead of SSR
|
|
// https://nextjs.org/docs/pages/building-your-application/deploying/static-exports
|
|
output: exportOutput ? 'export' : undefined,
|
|
// Linting runs as a dedicated CI step (`pnpm lint`), so skipping it during
|
|
// `next build` avoids duplicate work and shortens build time.
|
|
eslint: {
|
|
ignoreDuringBuilds: true,
|
|
},
|
|
pageExtensions: exportOutput ? ['jsx', 'tsx'] : ['js', 'jsx', 'ts', 'tsx'],
|
|
// Note: This feature is required to use the Next.js Image component in SSG mode.
|
|
// See https://nextjs.org/docs/messages/export-image-api for different workarounds.
|
|
images: {
|
|
unoptimized: true,
|
|
},
|
|
devIndicators: false,
|
|
experimental: {
|
|
// Persist Turbopack's compilation cache to `.next/` so CI can restore it
|
|
// between runs. Dev caching is on by default since Next 16.1; build
|
|
// caching is opt-in (beta).
|
|
turbopackFileSystemCacheForDev: true,
|
|
turbopackFileSystemCacheForBuild: true,
|
|
},
|
|
// Configure assetPrefix or else the server won't properly resolve your assets.
|
|
assetPrefix: '',
|
|
reactStrictMode: true,
|
|
serverExternalPackages: ['isows'],
|
|
allowedDevOrigins: ['192.168.2.120'],
|
|
webpack: (config) => {
|
|
config.resolve.alias = {
|
|
...config.resolve.alias,
|
|
nunjucks: 'nunjucks/browser/nunjucks.js',
|
|
// `js-mdict` is consumed as TS source via tsconfig paths from
|
|
// `packages/js-mdict/src/`; its sources `import 'fflate'` directly.
|
|
// Without an alias, webpack walks up from that source location and
|
|
// can't find fflate (only installed in this app's node_modules).
|
|
fflate: path.resolve(__dirname, 'node_modules/fflate'),
|
|
...(appPlatform !== 'web' ? { '@tursodatabase/database-wasm': false } : {}),
|
|
};
|
|
return config;
|
|
},
|
|
turbopack: {
|
|
resolveAlias: {
|
|
nunjucks: 'nunjucks/browser/nunjucks.js',
|
|
// Turbopack rejects absolute paths in resolveAlias ("server relative
|
|
// imports not implemented") — use a project-relative path.
|
|
fflate: './node_modules/fflate',
|
|
...(appPlatform !== 'web' ? { '@tursodatabase/database-wasm': './src/utils/stub.ts' } : {}),
|
|
},
|
|
},
|
|
transpilePackages: [
|
|
'ai',
|
|
'ai-sdk-ollama',
|
|
'@ai-sdk/react',
|
|
'@assistant-ui/react',
|
|
'@assistant-ui/react-ai-sdk',
|
|
'@assistant-ui/react-markdown',
|
|
'streamdown',
|
|
...(isDev
|
|
? []
|
|
: [
|
|
'i18next-browser-languagedetector',
|
|
'react-i18next',
|
|
'i18next',
|
|
'@tauri-apps',
|
|
'highlight.js',
|
|
'foliate-js',
|
|
'marked',
|
|
]),
|
|
],
|
|
async rewrites() {
|
|
return [
|
|
{
|
|
source: '/reader/:ids',
|
|
destination: '/reader?ids=:ids',
|
|
},
|
|
{
|
|
source: '/o/book/:hash/annotation/:id',
|
|
destination: '/o?book=:hash¬e=:id',
|
|
},
|
|
{
|
|
source: '/s/:token',
|
|
destination: '/s?token=:token',
|
|
},
|
|
];
|
|
},
|
|
async headers() {
|
|
return [
|
|
{
|
|
source: '/.well-known/apple-app-site-association',
|
|
headers: [
|
|
{
|
|
key: 'Content-Type',
|
|
value: 'application/json',
|
|
},
|
|
],
|
|
},
|
|
{
|
|
source: '/_next/static/:path*',
|
|
headers: [
|
|
{
|
|
key: 'Cache-Control',
|
|
value: isDev
|
|
? 'public, max-age=0, must-revalidate'
|
|
: 'public, max-age=31536000, immutable',
|
|
},
|
|
],
|
|
},
|
|
];
|
|
},
|
|
};
|
|
|
|
const pwaDisabled = isDev || appPlatform !== 'web';
|
|
|
|
const withPWA = pwaDisabled
|
|
? (config) => config
|
|
: withSerwistInit({
|
|
swSrc: 'src/sw.ts',
|
|
swDest: 'public/sw.js',
|
|
cacheOnNavigation: true,
|
|
reloadOnOnline: true,
|
|
disable: false,
|
|
register: true,
|
|
scope: '/',
|
|
});
|
|
|
|
const withAnalyzer = withBundleAnalyzer({
|
|
enabled: process.env.ANALYZE === 'true',
|
|
});
|
|
|
|
export default withPWA(withAnalyzer(nextConfig));
|