search

electerious / Ackee

Self-hosted, Node.js based analytics tool for those who care about privacy.
https://ackee.electerious.com
MIT License
4.27k stars 359 forks source link

Separate pre-existing build outputs from runtime build outputs #379

Open jennydaman opened 9 months ago

jennydaman commented 9 months ago

Motivation

In high-security Kubernetes, e.g. OpenShift, the container user has an arbitrary underprivileged UID which (for all intents and purposes) means the filesystem is read-only. At runtime, Ackee wants to create the file dist/index.html which may not be possible if the container user is underprivileged.

What Was Changed

Build files that are identical on every installation are moved to a directory called public. build.js now copies files from public to dist. In effect, at runtime public may be a read-only directory while dist can be fully read-write.

This enables us to deploy Ackee on OpenShift by using an emptyDir volume mounted on /srv/app/dist (see also: https://github.com/jennydaman/suda-charts/commit/9719c86ae41e626fb5aa126ae6e27055e2eaacc0)

vercel[bot] commented 9 months ago

Someone is attempting to deploy a commit to a Personal Account owned by @electerious on Vercel.

@electerious first needs to authorize it.