Terms and privacy env

.env.example

@@ -9,6 +9,10 @@ JWT_SECRET="random string for your JWT secret, make it long"
 FRONTEND_URL="http://localhost:4200"
 NEXT_PUBLIC_BACKEND_URL="http://localhost:3000"
 BACKEND_INTERNAL_URL="http://localhost:3000"
+# === This needs to be exactly the URL you're accessing Terms of Service and 
+#=====Privacy Policy on need for youtube Authentication
+NEXT_PUBLIC_TERMS_URL=""
+NEXT_PUBLIC_PRIVACY_URL=""
 
 ## Remember to set your public internet IP address in the allow-list for the API token.
 ##

.github/workflows/build-containers.yml

@@ -1,4 +1,3 @@
----
 name: "Build Containers"
 
 on:
@@ -7,33 +6,47 @@ on:
     tags:
       - '*'
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   build-containers-common:
     runs-on: ubuntu-latest
     outputs:
       containerver: ${{ steps.getcontainerver.outputs.containerver }}
+      image: ${{ steps.imagepath.outputs.image }}
     steps:
       - name: Get Container Version
         id: getcontainerver
+        run: echo "containerver=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+      - name: Compute image name (lowercase owner)
+        id: imagepath
         run: |
-          echo "containerver=${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          OWNER_LOWER=$(echo "${GITHUB_REPOSITORY_OWNER}" | tr '[:upper:]' '[:lower:]')
+          echo "image=ghcr.io/${OWNER_LOWER}/postiz-app" >> "$GITHUB_OUTPUT"
 
   build-containers:
     needs: build-containers-common
     strategy:
       matrix:
         include:
-          - runnertags: ubuntu-latest
-            arch: amd64
-          - runnertags: ubuntu-24.04-arm
-            arch: arm64
-    runs-on: ${{ matrix.runnertags }}
+          - arch: amd64
+            platform: linux/amd64
+          - arch: arm64
+            platform: linux/arm64
+    runs-on: ubuntu-latest
+    env:
+      IMAGE: ${{ needs.build-containers-common.outputs.image }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
@@ -49,16 +62,18 @@ jobs:
           CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
           NEXT_PUBLIC_VERSION: ${{ github.ref_name }}
         run: |
-          docker buildx build --platform linux/${{ matrix.arch }} \
+          docker buildx build --platform ${{ matrix.platform }} \
             -f Dockerfile.dev \
-            -t ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }} \
-            --build-arg NEXT_PUBLIC_VERSION=${{ env.NEXT_PUBLIC_VERSION }} \
+            -t $IMAGE:${CONTAINERVER}-${{ matrix.arch }} \
+            --build-arg NEXT_PUBLIC_VERSION=${NEXT_PUBLIC_VERSION} \
             --provenance=false --sbom=false \
-            --output "type=registry,name=ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }}" .
+            --output "type=registry,name=$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" .
 
   build-container-manifest:
     needs: [build-containers, build-containers-common]
     runs-on: ubuntu-latest
+    env:
+      IMAGE: ${{ needs.build-containers-common.outputs.image }}
     steps:
       - name: Login to ghcr
         uses: docker/login-action@v3
@@ -71,31 +86,21 @@ jobs:
         env:
           CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
         run: |
-          # Verify the architecture images
-          echo "Verifying AMD64 image:"
-          docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64
-
-          echo "Verifying ARM64 image:"
-          docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
-
-          # Try to remove any existing manifests first
-          docker manifest rm ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} || true
-          docker manifest rm ghcr.io/gitroomhq/postiz-app:latest || true
-
-          # Create and push the version-specific manifest
-          docker manifest create ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+          docker buildx imagetools inspect $IMAGE:${CONTAINERVER}-amd64
+          docker buildx imagetools inspect $IMAGE:${CONTAINERVER}-arm64
 
-          docker manifest push ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}
+          docker manifest rm $IMAGE:${CONTAINERVER} || true
+          docker manifest rm $IMAGE:latest || true
 
-          # Create and push the latest manifest
-          docker manifest create ghcr.io/gitroomhq/postiz-app:latest \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+          docker manifest create $IMAGE:${CONTAINERVER} \
+            --amend $IMAGE:${CONTAINERVER}-amd64 \
+            --amend $IMAGE:${CONTAINERVER}-arm64
+          docker manifest push $IMAGE:${CONTAINERVER}
 
-          docker manifest push ghcr.io/gitroomhq/postiz-app:latest
+          docker manifest create $IMAGE:latest \
+            --amend $IMAGE:${CONTAINERVER}-amd64 \
+            --amend $IMAGE:${CONTAINERVER}-arm64
+          docker manifest push $IMAGE:latest
 
       - name: Verify Manifest
-        run: |
-          docker manifest inspect ghcr.io/gitroomhq/postiz-app:latest
+        run: docker manifest inspect $IMAGE:latest

Dockerfile.dev

@@ -1,21 +1,59 @@
-FROM node:20-alpine3.19
+FROM node:20.19.0-alpine
+
 ARG NEXT_PUBLIC_VERSION
 ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION
-RUN apk add --no-cache g++ make py3-pip bash nginx
-RUN adduser -D -g 'www' www
-RUN mkdir /www
-RUN chown -R www:www /var/lib/nginx
-RUN chown -R www:www /www
+ENV NODE_ENV=production
 
+# deps extras para Prisma e build em Alpine
+RUN apk add --no-cache g++ make py3-pip bash nginx openssl libc6-compat
 
-RUN npm --no-update-notifier --no-fund --global install [email protected] pm2
+# nginx user/dirs
+RUN adduser -D -g 'www' www \
+ && mkdir /www \
+ && chown -R www:www /var/lib/nginx /www
 
 WORKDIR /app
 
+# ---- PNPM global (pinado) + PM2 ----
+# Copie manifestos primeiro (melhor cache)
+COPY package.json pnpm-lock.yaml ./
+
+# Le versao do packageManager ([email protected]); se nao houver, usa 10.6.1
+RUN sh -lc '\
+  VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}") ; \
+  [ -z \"$VER\" ] && VER=10.6.1 ; \
+  echo Installing pnpm@$VER ; \
+  npm --no-update-notifier --no-fund -g install pnpm@$VER pm2 \
+'
+
+# (Opcional) se voce tem .npmrc no repo, mantenha a linha abaixo; senao, remova.
+COPY .npmrc ./.npmrc
+
+# Alinha inject-workspace-packages ao lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH)
+RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \
+            [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true'
+
+# Evitar scripts (inclui postinstall do Prisma) durante o install
+ENV PRISMA_SKIP_POSTINSTALL=1
+RUN pnpm install --frozen-lockfile --ignore-scripts
+
+# Compile o bcrypt nativo (necessario no Alpine)
+RUN npm_config_build_from_source=true pnpm rebuild bcrypt
+
+# Agora copie o resto do codigo e nginx.conf
 COPY . /app
 COPY var/docker/nginx.conf /etc/nginx/nginx.conf
 
-RUN pnpm install
+# (Opcional) Se nao quer runtime WASM/edge:
+# ENV PRISMA_CLIENT_ENGINE_TYPE=library
+
+# Gerar Prisma Client DEPOIS do install (ajuste o --schema se necessario)
+RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma
+# Se o CLI estiver em um pacote especifico:
+# RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma
+
+# Build do app
 RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build
 
+# Start
 CMD ["sh", "-c", "nginx && pnpm run pm2"]

Jenkinsfile

@@ -2,7 +2,7 @@ pipeline {
     agent any
 
     environment {
-        NODE_VERSION = '20.17.0'
+        NODE_VERSION = '20.19.0'
         PR_NUMBER = "${env.CHANGE_ID}" // PR number comes from webhook payload
         IMAGE_TAG="ghcr.io/gitroomhq/postiz-app-pr:${env.CHANGE_ID}"
     }

apps/frontend/src/components/auth/register.tsx

@@ -29,6 +29,11 @@ const WalletProvider = dynamic(
     loading: () => <WalletUiProvider />,
   }
 );
+const TERMS_URL =
+  process.env.NEXT_PUBLIC_TERMS_URL ?? 'https://postiz.com/terms';
+const PRIVACY_URL =
+  process.env.NEXT_PUBLIC_PRIVACY_URL ?? 'https://postiz.com/privacy';
+
 type Inputs = {
   email: string;
   password: string;
@@ -206,14 +211,14 @@ export function RegisterAfter({
             'By registering you agree to our'
           )}&nbsp;
           <a
-            href={`https://postiz.com/terms`}
+            href={TERMS_URL}
             className="underline hover:font-bold"
           >
             {t('terms_of_service', 'Terms of Service')}
           </a>&nbsp;
           {t('and', 'and')}&nbsp;
           <a
-            href={`https://postiz.com/privacy`}
+            href={PRIVACY_URL}
             className="underline hover:font-bold"
           >
             {t('privacy_policy', 'Privacy Policy')}