Two issues caused DB reset on every deploy:
1. docker-compose.prod.yml used bind mount (./data/postgres) with
PostgreSQL 18's incompatible /var/lib/postgresql/data path.
2. The Gitea CI runner shares Docker socket with the host, but
./data/postgres resolves to a temp path inside the runner container.
Each deploy creates a fresh workspace, so the bind mount always
points to an empty directory on the host.
Fix: Use a named Docker volume (same as docker-compose.yml dev config).
Named volumes are managed by Docker daemon directly, survive container
recreation, and don't depend on working directory resolution.
Also fix deploy.yml: remove unnecessary mkdir for data dirs, write
backup to /tmp instead of relative path.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Alpine's wget resolves localhost to IPv6 [::1] first, but Next.js
standalone listens on 0.0.0.0 (IPv4 only), causing connection refused.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The frontend container needs more time to initialize. Replace fixed
sleep with a retry loop that polls the container health status up to
30 times (150s max) before checking.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Install Docker CLI + Compose plugin in job container
- Remove rsync dependency (work directly from checkout workspace)
- Use --project-name for consistent compose project naming
- Use --env-file for compose variable substitution
- Use docker exec for health checks (job container can't reach host ports)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove nginx from docker-compose.prod.yml (NPM handles reverse proxy)
- Add Next.js rewrites to proxy /api/* to backend (backend fully hidden)
- Bind frontend to 127.0.0.1:3000 only (NPM proxies externally)
- Replace hardcoded localhost:8000 in history page with api client
- Make CORS origins configurable via environment variable
- Restrict CORS methods to GET/POST/PUT/DELETE
- Add Gitea Actions deploy workflow with secrets-based env management
- Add security headers (X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
- Add BACKEND_URL build arg to frontend Dockerfile for standalone builds
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
