Skip to content

Comments

Remove submodules and use pipeline artifacts#12

Open
rubenhensen wants to merge 5 commits intomainfrom
remove-submodules-use-artifacts
Open

Remove submodules and use pipeline artifacts#12
rubenhensen wants to merge 5 commits intomainfrom
remove-submodules-use-artifacts

Conversation

@rubenhensen
Copy link
Contributor

@rubenhensen rubenhensen commented Feb 12, 2026
edited
Loading

Summary

This PR removes the cryptify and postguard-tb-addon git submodules and adds comprehensive Docker Compose setups for easy development and production deployment.

Changes

Submodules Removed

  • cryptify submodule - now uses container image
  • postguard-tb-addon submodule - now redirects to GitHub releases

Docker Compose Added

New Files:

  • docker-compose.dev.yml - Development environment with hot reload
  • docker-compose.yml - Production deployment
  • docker/dev.Dockerfile - Development container
  • .dockerignore - Optimized Docker builds
  • .env.staging - Staging environment configuration

Services Included:

  1. cryptify-backend (port 8000) - Filehosting with Cryptify
  2. postguard-pkg (port 8087) - Private Key Generator
  3. mailcrab (ports 1080, 1025) - Email testing
  4. postguard-website - Main app (port 5173 dev / 80 prod)

All services use :edge tags to always get the latest builds.

Dockerfile Updates

  • Removed all tb-addon download logic from Docker build
  • Smaller, simpler Docker image with no bundled addon
  • Docker image never needs rebuilding for addon updates

Nginx Configuration

Added a redirect that serves the latest tb-addon release:

location = /downloads/postguard-tb-addon.xpi {
    return 302 https://github.com/encryption4all/postguard-tb-addon/releases/latest/download/postguard-tb-addon.xpi;
}

Configuration Updates

  • Renamed VITE_BACKEND_URLVITE_FILEHOST_URL (Cryptify is the filehosting service)
  • Updated VITE_PKG_URL to point to port 8087
  • Updated .env.example with localhost URLs for Docker Compose usage

CI/CD Updates

GitHub Workflow (.github/workflows/docker-build.yml):

  • Removed submodules: recursive from checkout
  • Removed postguard-tb-addon build step

GitLab CI (.gitlab-ci.yml):

  • Removed GIT_SUBMODULE_STRATEGY: recursive
  • Removed build-cryptify job
  • Removed build-downloads job
  • Simplified build-image dependencies

Documentation

README.md now includes:

  • Quick start with Docker Compose (recommended method)
  • Development and production setup instructions
  • Instructions for swapping out services for local development
  • Architecture overview of all 4 components
  • Comprehensive troubleshooting section

Benefits

Faster onboarding - docker-compose up starts everything
Hot reload - Dev mode mounts source code for instant updates
Easy service swapping - Comment out a service to run locally
Always up-to-date - Users always get latest addon release
Zero maintenance - No need to rebuild Docker for addon updates
Smaller image - No bundled addon in the Docker image
Simpler workflow - No submodule management needed
Reduced complexity - 397 lines added, 61 removed

Quick Start

Development

docker-compose -f docker-compose.dev.yml up
# Access at http://localhost:5173

Production

docker-compose up --build
# Access at http://localhost

Develop Individual Services

Comment out the service in docker-compose and run locally:

git clone git@github.com:encryption4all/cryptify.git
cd cryptify && cargo run  # Runs on localhost:8000

Requirements

⚠️ Important: The postguard-tb-addon repository must upload a file named postguard-tb-addon.xpi (without version number) to each release for the /releases/latest/download/ URL to work.

Related Issues

Closes #11

@rubenhensen
Remove submodules and use pipeline artifacts
9c0f8a8 
This removes the cryptify and postguard-tb-addon submodules and replaces them with artifacts from their respective pipelines.

Changes:
- Remove .gitmodules and both submodules (cryptify, postguard-tb-addon)
- Update Dockerfile to download tb-addon .xpi from GitHub releases
- Remove submodule checkout and build steps from GitHub workflow
- Remove cryptify and tb-addon build jobs from GitLab CI
- Simplify build-image job dependencies

Benefits:
- Faster onboarding - no submodule management required
- Consistent builds using verified artifacts from CI/CD
- Simplified development workflow
- Reduced repository complexity

The tb-addon is now downloaded during Docker build from:
https://github.com/encryption4all/postguard-tb-addon/releases

Relates to #11
@rubenhensen
Use latest tb-addon release instead of pinned version
7ba264b 
Instead of pinning to a specific version, the Dockerfile now automatically
fetches and downloads the latest release from GitHub using the GitHub API.

This eliminates the need to manually update the version in the Dockerfile
when new releases are published.
@rubenhensen
Redirect tb-addon downloads to GitHub releases instead of bundling
8cc0ffc 
Instead of downloading and bundling the tb-addon .xpi in the Docker image,
nginx now redirects download requests directly to GitHub's latest release.

Changes:
- Removed tb-addon download step from Dockerfile (simpler, smaller image)
- Added nginx location to redirect /downloads/postguard-tb-addon.xpi to GitHub
- Uses GitHub's /releases/latest/download/ URL pattern

Benefits:
- Docker image never needs rebuilding for tb-addon updates
- Always serves the absolute latest release automatically
- Smaller Docker image (no bundled .xpi)
- No periodic checks needed - GitHub handles it

Note: Requires tb-addon repo to upload a file named 'postguard-tb-addon.xpi'
(without version number) to releases, in addition to the versioned file.
@rubenhensen
Add Docker Compose for dev and production environments
8a8a76e 
Added comprehensive Docker Compose setup for easy local development
and production deployment with all required services.

New files:
- docker-compose.dev.yml - Development with hot reload
- docker-compose.yml - Production deployment
- docker/dev.Dockerfile - Development container
- .dockerignore - Optimized Docker builds
- .env.staging - Staging environment configuration

Updated files:
- .env.example - Updated with localhost URLs and renamed to VITE_FILEHOST_URL
- README.md - Comprehensive Docker Compose documentation

Services included:
1. cryptify-backend (port 8000) - Filehosting with Cryptify
2. postguard-pkg (port 8087) - Private Key Generator
3. mailcrab (ports 1080, 1025) - Email testing
4. postguard-website - Main application (port 5173 dev / 80 prod)

Features:
- Development mode with hot reload and mounted volumes
- Production mode with full nginx build
- All services use :edge tags for latest builds
- Easy to swap services for local development
- Clear documentation for developing individual services

Usage:
- Dev: docker-compose -f docker-compose.dev.yml up
- Prod: docker-compose up --build
@rubenhensen
Add nginx redirects for updates.json and versioned releases
8c3ce8a 
Added redirects for:
- /downloads/updates.json -> latest release updates.json
- /downloads/v{version}/postguard-tb-addon-{version}.xpi -> versioned .xpi
- /downloads/v{version}/updates.json -> versioned updates.json

This allows Thunderbird to check for updates via updates.json and
download specific versions when needed, all served from GitHub releases.

Examples:
- /downloads/updates.json
- /downloads/v0.7.9/postguard-tb-addon-0.7.9.xpi
- /downloads/v0.7.9/updates.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove submodules and use pipeline artifacts

1 participant

@rubenhensen