Terms and privacy env

.env.example

@@ -9,6 +9,10 @@ JWT_SECRET="random string for your JWT secret, make it long"
 FRONTEND_URL="http://localhost:4200"
 NEXT_PUBLIC_BACKEND_URL="http://localhost:3000"
 BACKEND_INTERNAL_URL="http://localhost:3000"
+# === This needs to be exactly the URL you're accessing Terms of Service and 
+#=====Privacy Policy on need for youtube Authentication
+NEXT_PUBLIC_TERMS_URL=""
+NEXT_PUBLIC_PRIVACY_URL=""
 
 ## Remember to set your public internet IP address in the allow-list for the API token.
 ##

.github/workflows/build-containers.yml

@@ -1,11 +1,14 @@
----
 name: "Build Containers"
 
 on:
   workflow_dispatch:
   push:
     tags:
-      - '*'
+      - '*'   # dispara ao push de qualquer tag (ex.: v1.0.0)
+
+permissions:
+  contents: read
+  packages: write   # necessário para publicar no GHCR com o GITHUB_TOKEN
 
 jobs:
   build-containers-common:
@@ -25,7 +28,7 @@ jobs:
         include:
           - runnertags: ubuntu-latest
             arch: amd64
-          - runnertags: ubuntu-24.04-arm
+          - runnertags: ubuntu-24.04-arm   # garanta que esse runner ARM exista; senão, remova esta linha
             arch: arm64
     runs-on: ${{ matrix.runnertags }}
     steps:
@@ -34,68 +37,75 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Compute GHCR image path (owner lowercase)
+        run: |
+          OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
+          echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV
+          echo "Will push to: $IMAGE"
 
-      - name: Login to ghcr
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
+      # Buildx via CLI (sem ação externa)
+      - name: Enable Buildx
+        run: |
+          docker buildx create --name ci-builder --use || docker buildx use ci-builder
+          docker buildx inspect --bootstrap
+
+      # Login no GHCR via CLI usando o GITHUB_TOKEN
+      - name: Login to ghcr (CLI)
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
 
       - name: Build and Push Image
         env:
           CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
           NEXT_PUBLIC_VERSION: ${{ github.ref_name }}
         run: |
+          echo "Building $IMAGE:${CONTAINERVER}-${{ matrix.arch }}"
           docker buildx build --platform linux/${{ matrix.arch }} \
             -f Dockerfile.dev \
-            -t ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }} \
-            --build-arg NEXT_PUBLIC_VERSION=${{ env.NEXT_PUBLIC_VERSION }} \
+            -t "$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" \
+            --build-arg NEXT_PUBLIC_VERSION="${NEXT_PUBLIC_VERSION}" \
             --provenance=false --sbom=false \
-            --output "type=registry,name=ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-${{ matrix.arch }}" .
+            --output "type=registry,name=$IMAGE:${CONTAINERVER}-${{ matrix.arch }}" .
 
   build-container-manifest:
     needs: [build-containers, build-containers-common]
     runs-on: ubuntu-latest
     steps:
-      - name: Login to ghcr
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ github.token }}
+      - name: Compute GHCR image path (owner lowercase)
+        run: |
+          OWNER_LOWER=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
+          echo "IMAGE=ghcr.io/$OWNER_LOWER/postiz-app" >> $GITHUB_ENV
+          echo "Using: $IMAGE"
+
+      # Login no GHCR via CLI usando o GITHUB_TOKEN
+      - name: Login to ghcr (CLI)
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
 
       - name: Create Docker Manifest
         env:
           CONTAINERVER: ${{ needs.build-containers-common.outputs.containerver }}
         run: |
-          # Verify the architecture images
-          echo "Verifying AMD64 image:"
-          docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64
-
-          echo "Verifying ARM64 image:"
-          docker buildx imagetools inspect ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
-
-          # Try to remove any existing manifests first
-          docker manifest rm ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} || true
-          docker manifest rm ghcr.io/gitroomhq/postiz-app:latest || true
-
-          # Create and push the version-specific manifest
-          docker manifest create ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }} \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+          echo "Verifying per-arch images:"
+          docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-amd64"
+          docker buildx imagetools inspect "$IMAGE:${CONTAINERVER}-arm64"
 
-          docker manifest push ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}
+          echo "Removing existing manifests (if any)"
+          docker manifest rm "$IMAGE:${CONTAINERVER}" || true
+          docker manifest rm "$IMAGE:latest" || true
 
-          # Create and push the latest manifest
-          docker manifest create ghcr.io/gitroomhq/postiz-app:latest \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-amd64 \
-            --amend ghcr.io/gitroomhq/postiz-app:${{ env.CONTAINERVER }}-arm64
+          echo "Creating and pushing version manifest"
+          docker manifest create "$IMAGE:${CONTAINERVER}" \
+            --amend "$IMAGE:${CONTAINERVER}-amd64" \
+            --amend "$IMAGE:${CONTAINERVER}-arm64"
+          docker manifest push "$IMAGE:${CONTAINERVER}"
 
-          docker manifest push ghcr.io/gitroomhq/postiz-app:latest
+          echo "Creating and pushing latest manifest"
+          docker manifest create "$IMAGE:latest" \
+            --amend "$IMAGE:${CONTAINERVER}-amd64" \
+            --amend "$IMAGE:${CONTAINERVER}-arm64"
+          docker manifest push "$IMAGE:latest"
 
       - name: Verify Manifest
         run: |
-          docker manifest inspect ghcr.io/gitroomhq/postiz-app:latest
+          docker manifest inspect "$IMAGE:latest"

Dockerfile.dev

@@ -1,21 +1,59 @@
 FROM node:20-alpine3.19
+
 ARG NEXT_PUBLIC_VERSION
 ENV NEXT_PUBLIC_VERSION=$NEXT_PUBLIC_VERSION
-RUN apk add --no-cache g++ make py3-pip bash nginx
-RUN adduser -D -g 'www' www
-RUN mkdir /www
-RUN chown -R www:www /var/lib/nginx
-RUN chown -R www:www /www
+ENV NODE_ENV=production
 
+# deps úteis p/ Prisma + build em Alpine
+RUN apk add --no-cache g++ make py3-pip bash nginx openssl libc6-compat
 
-RUN npm --no-update-notifier --no-fund --global install [email protected] pm2
+# nginx user/dirs
+RUN adduser -D -g 'www' www \
+ && mkdir /www \
+ && chown -R www:www /var/lib/nginx /www
 
 WORKDIR /app
 
+# ---- PNPM global (pinado) + PM2 ----
+# Copie manifestos primeiro (melhor cache)
+COPY package.json pnpm-lock.yaml ./
+
+# Lê versão do packageManager ([email protected]); se não houver, usa 10.6.1
+RUN sh -lc '\
+  VER=$(node -e "try{const pm=require(\"./package.json\").packageManager||\"\";console.log(pm.includes(\"pnpm@\")?pm.split(\"@\")[1]:\"\")}catch{console.log(\"\")}") ; \
+  [ -z \"$VER\" ] && VER=10.6.1 ; \
+  echo Installing pnpm@$VER ; \
+  npm --no-update-notifier --no-fund -g install pnpm@$VER pm2 \
+'
+
+# (Opcional) se você tem .npmrc no repo, mantenha a linha abaixo; senão, remova.
+COPY .npmrc ./.npmrc
+
+# Alinha inject-workspace-packages ao lockfile (evita ERR_PNPM_LOCKFILE_CONFIG_MISMATCH)
+RUN sh -lc 'VAL=$(awk '\''/injectWorkspacePackages:/{print $2; exit}'\'' pnpm-lock.yaml | tr -d \"\\r\"); \
+            [ -n \"$VAL\" ] && pnpm config set inject-workspace-packages \"$VAL\" || true'
+
+# Evitar scripts (inclui postinstall do Prisma) durante o install
+ENV PRISMA_SKIP_POSTINSTALL=1
+RUN pnpm install --frozen-lockfile --ignore-scripts
+
+# ⬇️ Compile o bcrypt nativo (necessário no Alpine)
+RUN npm_config_build_from_source=true pnpm rebuild bcrypt
+
+# Agora copie o resto do código e nginx.conf
 COPY . /app
 COPY var/docker/nginx.conf /etc/nginx/nginx.conf
 
-RUN pnpm install
+# (Opcional) Se não quer runtime WASM/edge:
+# ENV PRISMA_CLIENT_ENGINE_TYPE=library
+
+# Gerar Prisma Client DEPOIS do install (ajuste o --schema se necessário)
+RUN pnpm exec prisma generate --schema libraries/nestjs-libraries/src/database/prisma/schema.prisma
+# Se o CLI estiver em um pacote específico:
+# RUN pnpm --filter @gitroom/nestjs-libraries exec prisma generate --schema src/database/prisma/schema.prisma
+
+# Build do app
 RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build
 
+# Start
 CMD ["sh", "-c", "nginx && pnpm run pm2"]

apps/frontend/src/components/auth/register.tsx

@@ -29,6 +29,11 @@ const WalletProvider = dynamic(
     loading: () => <WalletUiProvider />,
   }
 );
+const TERMS_URL =
+  process.env.NEXT_PUBLIC_TERMS_URL ?? 'https://postiz.com/terms';
+const PRIVACY_URL =
+  process.env.NEXT_PUBLIC_PRIVACY_URL ?? 'https://postiz.com/privacy';
+
 type Inputs = {
   email: string;
   password: string;
@@ -206,14 +211,14 @@ export function RegisterAfter({
             'By registering you agree to our'
           )}&nbsp;
           <a
-            href={`https://postiz.com/terms`}
+            href={TERMS_URL}
             className="underline hover:font-bold"
           >
             {t('terms_of_service', 'Terms of Service')}
           </a>&nbsp;
           {t('and', 'and')}&nbsp;
           <a
-            href={`https://postiz.com/privacy`}
+            href={PRIVACY_URL}
             className="underline hover:font-bold"
           >
             {t('privacy_policy', 'Privacy Policy')}