mirror of
https://github.com/TecharoHQ/anubis.git
synced 2026-05-20 05:10:30 +00:00
Xe Iaso
652cef7ffe
Add a pod-level security context to the nginx container in the public docs deployment (non-root uid 101, dropped capabilities, read-only root filesystem, RuntimeDefault seccomp) and rebind it to unprivileged port 8080 so it does not need CAP_NET_BIND_SERVICE. The nginx PID and proxy temp paths move under a tmpfs-backed emptyDir so the read-only root filesystem does not break startup. Replace the mutable :main tags on both containers with immutable sha256 digests and switch imagePullPolicy to IfNotPresent so each rollout references an auditable artifact instead of whatever happens to be tagged :main when the pod starts. The docs-deploy workflow now overlays the freshly built docs digest via `kustomize edit set image` so the manifest stays accurate without a manual edit on each push to main. The docs Dockerfile pins its node and nginx-micro base images to specific versions for the same reason. Ref: AWOO-011, AWOO-012 Assisted-by: Claude Opus 4.7 via Claude Code Signed-off-by: Xe Iaso <me@xeiaso.net>
Website
This website is built using Docusaurus, a modern static website generator.
Installation
$ yarn
Local Development
$ yarn start
This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
Build
$ yarn build
This command generates static content into the build directory and can be served using any static contents hosting service.
Deployment
Using SSH:
$ USE_SSH=true yarn deploy
Not using SSH:
$ GIT_USER=<Your GitHub username> yarn deploy
If you are using GitHub pages for hosting, this command is a convenient way to build the website and push to the gh-pages branch.