refactor: Update deployment workflows and Dockerfiles for production

- Modified the GitHub Actions workflow to streamline the deployment process by installing Docker directly and using shell commands for building and pushing images.
- Changed the base image for the backend Dockerfile from `python:3.11-slim` to `python:alpine` for a smaller footprint.
- Updated the frontend Dockerfile to use `node:23-alpine` instead of `node:24-alpine`, and refactored the production stage to use `node:slim`. Added a script for runtime environment variable injection.

.gitea/workflows/deploy-prod.yml

@@ -3,42 +3,35 @@ name: Deploy to Production, build images and push to Gitea Registry
 on:
   push:
     branches:
-      - prod # Trigger deployment only on pushes to main
+      - prod
 
 jobs:
-  deploy:
+  build_and_push:
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Set up Docker Buildx
+      - name: Install Docker
-        uses: docker/setup-buildx-action@v2
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y docker.io
 
-      - name: Log in to Gitea Container Registry
+      - name: Build and push backend image
-        uses: docker/login-action@v2
+        env:
-        with:
+          GITEA_USERNAME: ${{ secrets.ME_USERNAME }}
-          registry: git.vinylnostalgia.com:5000 # IMPORTANT: Verify this is your Gitea registry URL (e.g., git.vinylnostalgia.com or with a different port).
+          GITEA_PASSWORD: ${{ secrets.ME_PASSWORD }}
-          username: ${{ gitea.actor }} # Uses the user that triggered the action. You can replace with 'mo' if needed.
+        run: |
-          password: ${{ secrets.GITEA_TOKEN }} # IMPORTANT: Create a Gitea repository secret named GITEA_TOKEN with your password or access token.
+          echo $GITEA_PASSWORD | docker login git.vinylnostalgia.com:5000 -u $GITEA_USERNAME --password-stdin
+          docker build -t git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest ./be -f ./be/Dockerfile.prod
+          docker push git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest
 
-      - name: Build and push backend image to Gitea Registry
+      - name: Build and push frontend image
-        uses: docker/build-push-action@v4
+        env:
-        with:
+          GITEA_USERNAME: ${{ secrets.ME_USERNAME }}
-          context: ./be
+          GITEA_PASSWORD: ${{ secrets.ME_PASSWORD }}
-          file: ./be/Dockerfile.prod
+        run: |
-          push: true
+          echo $GITEA_PASSWORD | docker login git.vinylnostalgia.com:5000 -u $GITEA_USERNAME --password-stdin
-          tags: git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-backend:latest # IMPORTANT: Verify registry URL matches the login step.
+          docker build -t git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest ./fe -f ./fe/Dockerfile.prod
-          # Ensure gitea.repository_owner and gitea.repository_name resolve as expected for your image path.
+          docker push git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest
-
-      - name: Build and push frontend image to Gitea Registry
-        uses: docker/build-push-action@v4
-        with:
-          context: ./fe
-          file: ./fe/Dockerfile.prod
-          push: true
-          tags: git.vinylnostalgia.com:5000/${{ gitea.repository_owner }}/${{ gitea.repository_name }}-frontend:latest # IMPORTANT: Verify registry URL matches the login step.
-          # Ensure gitea.repository_owner and gitea.repository_name resolve as expected for your image path.
-          build-args: |
-            VITE_API_URL=${{ secrets.VITE_API_URL }}
-            VITE_SENTRY_DSN=${{ secrets.VITE_SENTRY_DSN }}

be/Dockerfile

@@ -1,7 +1,7 @@
 # be/Dockerfile
 
 # Choose a suitable Python base image
-FROM python:3.11-slim
+FROM python:alpine
 
 # Set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1  # Prevent python from writing pyc files

fe/Dockerfile.prod

@@ -1,5 +1,5 @@
 # Multi-stage build for production
-FROM node:24-alpine AS base
+FROM node:23-alpine AS base
 
 # Install dependencies only when needed
 FROM base AS deps
@@ -28,22 +28,14 @@ RUN npm ci
 # Copy source code
 COPY . .
 
-# Build arguments for environment variables
-ARG VITE_API_URL
-ARG VITE_SENTRY_DSN
-ARG VITE_ROUTER_MODE=history
-
 # Set environment variables for build
-ENV VITE_API_URL=$VITE_API_URL
-ENV VITE_SENTRY_DSN=$VITE_SENTRY_DSN
-ENV VITE_ROUTER_MODE=$VITE_ROUTER_MODE
 ENV NODE_ENV=production
 
 # Build the application
 RUN npm run build
 
 # Production stage
-FROM node:24-alpine AS production # Using node image to use serve
+FROM node:slim AS production
 
 # Install serve globally
 RUN npm install -g serve
@@ -57,6 +49,15 @@ COPY --from=build /app/dist .
 # Create a default static.json for serve to handle SPA routing
 RUN echo '{ \n  "rewrites": [ \n    { "source": "**", "destination": "/index.html" } \n  ] \n}' > static.json
 
+# Create a script to inject environment variables at runtime
+RUN echo '#!/bin/sh\n\
+echo "window.ENV = { \
+  VITE_API_URL: \"$VITE_API_URL\", \
+  VITE_SENTRY_DSN: \"$VITE_SENTRY_DSN\", \
+  VITE_ROUTER_MODE: \"$VITE_ROUTER_MODE\" \
+}" > /app/env-config.js\n\
+serve -s . -l 3000' > /app/start.sh && chmod +x /app/start.sh
+
 # Expose port 3000 (serve default)
 EXPOSE 3000
 
@@ -64,5 +65,5 @@ EXPOSE 3000
 # HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
 # CMD curl -f http://localhost:3000/ || exit 1
 
-# Start serve
+# Start serve with environment variable injection
-CMD ["serve", "-s", ".", "-l", "3000"] 
+CMD ["/app/start.sh"]