antarux-dev · theAntarux · Jun 10, 2026 · Jun 9, 2026 · Jun 9, 2026 · Jun 10, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -1,20 +1,29 @@
 node_modules
+
 .git
 .github
 .gitignore
+.vscode
+.editorconfig
+.prettier*
+vitest.config.ts
+eslint*
+
 dist
 coverage
+generated
+
 *.log
 .DS_Store
 .env
 .env.*
 *.tar
-.vscode
-.editorconfig
-.prettier*
-eslint*
+**/*.test.ts
+
 README.md
 LICENSE
-vitest.config.ts
+*.md
+
+Dockerfile
 docker-compose*.yml
-Dockerfile
+.dockerignore
diff --git a/.env.example b/.env.example
@@ -4,4 +4,5 @@ CORS_ALLOWED_ORIGINS=
 
 POSTGRES_USER=
 POSTGRES_PASSWORD=
-POSTGRES_DB=
+POSTGRES_DB=
+DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@database:5432/${POSTGRES_DB}?schema=public
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -10,6 +10,10 @@ jobs:
     name: Backend deployment
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      packages: write
+
     concurrency:
       group: ${{ github.workflow }}-${{ github.ref }}
       cancel-in-progress: true
@@ -20,14 +24,14 @@ jobs:
 
       - name: Docker Buildx
         uses: docker/setup-buildx-action@v3
-      
+
       - name: GHCR Login
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-        
+
       - name: Docker Image Build & Push
         uses: docker/build-push-action@v6
         with:
@@ -44,10 +48,10 @@ jobs:
           username: deploy
           port: ${{ secrets.VPS_PORT }}
           key: ${{ secrets.VPS_SSH_KEY }}
-          source: "docker-compose.prod.yml"
-          target: "/opt/nti/api.antarux.dev/"
+          source: 'docker-compose.prod.yml'
+          target: '/opt/nti/api.antarux.dev/'
           overwrite: true
-      
+
       - name: Deploy to VPS
         uses: appleboy/ssh-action@v1.0.3
         with:
@@ -58,6 +62,19 @@ jobs:
           script: |
             set -e
             cd /opt/nti/api.antarux.dev
+            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+            cat > .env << 'EOF'
+            NODE_ENV=production
+            PORT=3000
+            CORS_ALLOWED_ORIGINS=${{ secrets.VPS_CORS_ALLOWED_ORIGINS }}
+            POSTGRES_USER=${{ secrets.VPS_POSTGRES_USERNAME }}
+            POSTGRES_PASSWORD=${{ secrets.VPS_POSTGRES_PASSWORD }}
+            POSTGRES_DB=${{ secrets.VPS_POSTGRES_DB }}
+            DATABASE_URL=postgresql://${{ secrets.VPS_POSTGRES_USERNAME }}:${{ secrets.VPS_POSTGRES_PASSWORD }}@database:5432/${{ secrets.VPS_POSTGRES_DB }}?schema=public
+            EOF
+
+            VERSION=${{ github.ref_name }} docker compose -f docker-compose.prod.yml pull
+            VERSION=${{ github.ref_name }} docker compose -f docker-compose.prod.yml up -d --remove-orphans
 
-            docker stack deploy -c docker-compose.prod.yml --with-registry-auth nti
-            docker image prune -f --filter "until=168h"
+            docker image prune -f --filter "until=168h"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -29,6 +29,9 @@ jobs:
       - name: Install packages
         run: npm ci --prefer-offline --no-audit --ignore-scripts
 
+      - name: Generate Prisma Client
+        run: npx prisma generate
+
       - name: NPM security audit
         run: npm audit --audit-level=critical
 

diff --git a/.gitignore b/.gitignore
@@ -23,3 +23,5 @@ dist-ssr
 *.njsproj
 *.sln
 *.sw?
+
+/src/generated/prisma
diff --git a/Dockerfile b/Dockerfile
@@ -1,12 +1,40 @@
-FROM node:22-alpine
+FROM node:22-alpine AS base
 WORKDIR /app
 
+# DEPENDENCIES
+FROM base AS dev-deps
 COPY package*.json ./
 RUN npm ci
+
+FROM base AS prod-deps
+COPY package*.json ./
+RUN npm ci --omit=dev --ignore-scripts
+
+# DEFAULT BUILD STAGE
+FROM dev-deps AS build
 COPY . .
-RUN npm run build
+RUN npx prisma generate && npm run build
 
-USER node
+# DEV STAGE
+FROM base AS development
+ENV NODE_ENV=development
+COPY --from=dev-deps /app/node_modules ./node_modules
+COPY . .
+RUN npx prisma generate
 EXPOSE 3000
+CMD ["npm", "run", "dev"]
 
-CMD ["npm", "start"]
+# PRODUCTION STAGE
+FROM base AS production
+ENV NODE_ENV=production
+COPY --from=prod-deps /app/node_modules ./node_modules
+COPY --from=build /app/dist ./dist
+COPY --from=build /app/src/generated ./src/generated
+COPY --from=build /app/prisma ./prisma
+COPY --from=build /app/prisma.config.ts ./prisma.config.ts
+COPY --from=build /app/node_modules/.bin/prisma ./node_modules/.bin/prisma
+COPY --from=build /app/node_modules/prisma ./node_modules/prisma
+COPY --from=build /app/node_modules/@prisma ./node_modules/@prisma
+COPY package*.json ./
+EXPOSE 3000
+CMD ["sh", "-c", "npx prisma migrate deploy && npm start"]
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -7,10 +7,25 @@ services:
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
       POSTGRES_DB: ${POSTGRES_DB}
     ports:
-      - "5432:5432"
+      - '5432:5432'
     volumes:
       - postgres_data:/var/lib/postgresql
     restart: unless-stopped
 
+  backend:
+    build:
+      context: .
+      dockerfile: Dockerfile
+      target: development
+    ports:
+      - '3000:3000'
+    env_file:
+      - .env
+    volumes:
+      - .:/app
+      - /app/node_modules
+      - /app/generated
+    command: sh -c "npx prisma generate && npx prisma migrate deploy && npm run dev"
+
 volumes:
-  postgres_data:
+  postgres_data:
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
@@ -1,54 +1,24 @@
-version: '3.8'
-
 services:
-  backend:
-    image: ghcr.io/antarux-dev/nti-backend:${VERSION:-latest}
-    deploy:
-      replicas: 1
-      restart_policy:
-        condition: on-failure
-      resources:
-        limits:
-          cpus: '1.0'
-          memory: 512M
-    environment:
-      NODE_ENV: production
-      PORT: 3000
-      CORS_ALLOWED_ORIGINS: https://antarux.dev, https://www.antarux.dev
-      POSTGRES_USER: nti_db
-      POSTGRES_DB: nti_production
-      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
-    secrets:
-      - db_password
-    ports:
-      - '3000:3000'
-    networks:
-      - nti-net
-
   database:
     image: postgres:latest
-    deploy:
-      replicas: 1
-      restart_policy:
-        condition: any
+    container_name: nti-database
+    restart: unless-stopped
     environment:
-      POSTGRES_USER: nti_db
-      POSTGRES_DB: nti_production
-      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
-    secrets:
-      - db_password
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+      POSTGRES_DB: ${POSTGRES_DB}
     volumes:
-      - type: bind
-        source: /opt/nti/data/postgres
-        target: /var/lib/postgresql/data
-    networks:
-      - nti-net
+      - nti_postgres_data:/var/lib/postgresql
+    ports:
+      - '127.0.0.1:5432:5432'
 
-secrets:
-  db_password:
-    external: true
-    name: nti_db_password
+  backend:
+    image: ghcr.io/antarux-dev/nti-backend:${VERSION:-latest}
+    restart: unless-stopped
+    env_file:
+      - .env
+    ports:
+      - '3000:3000'
 
-networks:
-  nti-net:
-    driver: overlay
+volumes:
+  nti_postgres_data:
-Original file line number
+Diff line change
@@ Expand Up / @@ -23,3 +23,5 @@ dist-ssr @@
     *.njsproj
     *.sln
     *.sw?
+    /src/generated/prisma