The seed/migrate/reset Jobs all invoke `pnpm` at runtime via the
`pnpm --filter @groombook/db ...` CMD. In the current image, `/usr/local/bin/pnpm`
is a symlink to corepack's pnpm.js shim, which delegates to corepack and
re-validates the package against https://registry.npmjs.org on first use.
The UAT pod network is air-gapped, so corepack fails with:
Error: getaddrinfo EAI_AGAIN registry.npmjs.org
This causes every seed Job to fail, leaving the Better Auth credential
hashes frozen at their last successful seed run — even when the SealedSecret
`seed-uat-passwords` is rotated.
Replace `corepack install -g pnpm@9.15.4` with `npm install -g pnpm@9.15.4`
in the base and runner stages. `npm install -g` writes the real pnpm binary
to /usr/local/bin/pnpm, bypassing the corepack shim entirely. The seed,
migrate, and reset stages inherit from builder (which inherits from base)
so they all get the real pnpm without needing their own install line.
The reset stage had a redundant corepack install that can be removed.
GRO-1983, supersedes GRO-1909 (incomplete — corepack shim still tried to
download pnpm at runtime).
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Use `corepack install -g` instead of `corepack prepare --activate` to write
pnpm to a stable global path (/usr/local/bin/pnpm) rather than relying on
corepack shims that re-validate against npmjs.org at runtime.
Set COREPACK_ENABLE_DOWNLOAD_PROMPT=0 and COREPACK_ENABLE_STRICT=0 to suppress
the interactive download prompt and strict version checks that also trigger
network access.
Remove the dead `RUN mkdir -p /home/node/.cache/node/corepack` line from the
builder stage (vestigial cache-location configuration).
Fixes: GRO-1916 (prod migrate-schema EAI_AGAIN on registry.npmjs.org)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Reverts the Dockerfile to the root src/ build. PR #47 switched to apps/api/
but the pnpm workspace config and lockfile don't include apps/*, causing
Docker build failures (CI runs #968, #970).
The actual admin 500 root cause needs further investigation — it's in the
code/schema changes, not the Dockerfile build path.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The Dockerfile build change (pnpm build → pnpm --filter @groombook/api)
was made against dev HEAD, but the root src/ directory was never fully
audited for parity with apps/api/src/. Admin routes returning 500 for
authenticated users post-OIDC login is consistent with the image
running code with incomplete middleware chain or mismatched schema
types when the root build path was used.
Revert to the apps/api/ build path which is known to work correctly.
UAT is running images from dev branch commit 9462915 which includes
this change alongside schema cleanup commits.
Root cause: Dockerfile was changed to build from root src/ instead of
apps/api/src/ without confirming the two source trees are functionally
identical. The proper fix path (schema audit + reconciliation) is
tracked in GRO-1536.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
The seed/migrate/reset Dockerfile targets specified `pnpm db:migrate`
etc., but those scripts are defined in packages/db/package.json, not
at the workspace root. pnpm workspace filtering is required to route
the command to the correct package.
- migrate: pnpm --filter @groombook/db migrate
- seed: pnpm --filter @groombook/db seed
- reset: pnpm --filter @groombook/db reset
Co-Authored-By: Paperclip <noreply@paperclip.ing>
pnpm --filter @groombook/api doesn't match the workspace root package
because pnpm-workspace.yaml only includes packages/*. The root
package.json already has a build script that compiles src/ → dist/,
which is what the Dockerfile copies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dockerfile: keep node:22-alpine for both base and runner stages
- package.json: keep dev's full content + add packageManager field
- .gitea/workflows/ci.yml: keep fixed version with all 4 image targets
- petsExtendedFields.test.ts: keep dev UUIDs + PR's vi.fn() mocks
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Upgrade CI jobs (lint-typecheck, test, build) to Node 22
- Dockerfile uses node:22-alpine for base and runner stages
- Root package.json gets packageManager field for corepack pin
- Docker build already targets all 4 stages (api/migrate/seed/reset)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merges the dev branch history into gitea/migrate-workflows to resolve
PR #24. The two branches had unrelated git histories due to the Gitea
migration. Conflict resolution favors gitea/migrate-workflows for
packages/, src/, .gitea/ structure and dev for apps/, .github/ content.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Use pnpm --filter consistently for all three package builds in the
Dockerfile instead of mixing filter and cd approaches. Also set
--project . explicitly on tsc invocations to ensure tsconfig resolution
from the package directory rather than workspace root.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
tsc -p /app does not resolve to tsconfig.json at /app/tsconfig.json
without an explicit filename. Pass the full path.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
When pnpm --filter runs the api package build, tsc cannot find the
tsconfig.json. Use an absolute path to avoid any ambiguity about the
working directory context.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
pnpm --filter runs in the workspace root where tsc finds the root
tsconfig.json instead of packages/db/tsconfig.json. Change into the
package directory so tsc picks up the correct local tsconfig.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Without pnpm-workspace.yaml, pnpm install --frozen-lockfile can't discover
the apps/api workspace member, causing "Already up to date" and tsc not found.
Also removes stale packages/* entry from pnpm-workspace.yaml (no packages/
directory exists in the dev branch).
Fixes: GRO-1231
Co-Authored-By: Paperclip <noreply@paperclip.ing>
- Change apps/api/ to src/ (api package is now at root)
- Update COPY paths for new structure
- Change CMD from apps/api/dist/index.js to dist/index.js
- Remove api package.json copy (now at root)
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Phase 2 extraction: groombook/api from groombook/app monorepo.
Changes:
- Move packages/db content to apps/api/src/db/
- Move packages/types content to apps/api/src/types/
- Inline database schema and migrations into api package
- Update Dockerfile to build single package
- Update CI workflow for single-package structure
- Fix vitest.config.ts aliases
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Part of GRO-802 monorepo breakdown.
Changes:
- Extract apps/api/ as the main API service
- Inline packages/db/ (database schema, migrations, utilities)
- Inline packages/types/ (shared TypeScript types)
- Add CI workflow for lint, typecheck, test, build, docker
- Port Dockerfile with 4 stages: runner, migrate, seed, reset
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Paperclip
Flea Flicker
Chris Farhood