fix(deps): update react to 19.2.4 to fix CVE-2025-55182, add docker workflow

.gitea/workflows/deploy.yml

@@ -1,124 +1,56 @@
-name: Build and Deploy to Production
-run-name: Deploying commit ${{ gitea.sha_short }} by @${{ gitea.actor }}
+name: Build and Push Docker Images
+
 on:
   push:
-    branches:
-      - main
+    branches: [ "main" ]
+    tags: [ "v*" ]
 
 jobs:
-  deploy:
+  build-and-push:
     runs-on: website-deploy-runner
-    env:
-      DOTNET_INSTALL_DIR: "$HOME/.dotnet"
-      NEXT_TELEMETRY_DISABLED: '1'
-
     steps:
-      - name: Checkout Code
-        uses: actions/checkout@v4
+    - name: Checkout repository
+      uses: actions/checkout@v4
 
-      - name: Setup .NET 8 SDK
-        uses: actions/setup-dotnet@v4
-        with:
-          dotnet-version: '8.0.x'
+    - name: Log in to Gitea Registry
+      uses: docker/login-action@v3
+      with:
+        registry: gitea.joaoloureiro.dev.br
+        username: ${{ secrets.GITEA_USER }}
+        password: ${{ secrets.GITEA_TOKEN }}
 
-      - name: Cache NuGet packages
-        uses: actions/cache@v4
-        with:
-          path: ~/.nuget/packages
-          key: ${{ runner.os }}-nuget-${{ hashFiles('**/packages.lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-nuget-
+    - name: Extract metadata (tags, labels) for Backend
+      id: meta-backend
+      uses: docker/metadata-action@v5
+      with:
+        images: gitea.joaoloureiro.dev.br/joaonloureiro/portfolio-backend
+        tags: |
+          type=semver,pattern={{version}}
+          type=ref,event=branch
+          type=raw,value=latest,enable={{is_default_branch}}
 
-      - name: Cache Node.js modules
-        uses: actions/cache@v4
-        with:
-          path: frontend/node_modules
-          key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node-
+    - name: Extract metadata (tags, labels) for Frontend
+      id: meta-frontend
+      uses: docker/metadata-action@v5
+      with:
+        images: gitea.joaoloureiro.dev.br/joaonloureiro/portfolio-frontend
+        tags: |
+          type=semver,pattern={{version}}
+          type=ref,event=branch
+          type=raw,value=latest,enable={{is_default_branch}}
 
-      - name: Cache Next.js build cache
-        uses: actions/cache@v4
-        with:
-          path: frontend/.next/cache
-          key: ${{ runner.os }}-next-cache-${{ hashFiles('frontend/package-lock.json') }}-${{ env.NODE_VERSION || 'node' }}
-          restore-keys: |
-            ${{ runner.os }}-next-cache-
+    - name: Build and push Backend
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        push: true
+        tags: ${{ steps.meta-backend.outputs.tags }}
+        labels: ${{ steps.meta-backend.outputs.labels }}
 
-      - name: Create Backend appsettings.Production.json
-        run: |
-          echo "Creating backend appsettings.Production.json file..."
-          mkdir -p backend
-          cat <<EOF > backend/appsettings.Production.json
-          {
-            "SmtpSettings": {
-              "Host": "${{ vars.SMTP_HOST }}",
-              "Port": ${{ vars.SMTP_PORT }},
-              "User": "${{ secrets.SMTP_USER }}",
-              "Pass": "${{ secrets.SMTP_PASS }}",
-              "FromEmail": "${{ vars.SMTP_FROM_EMAIL }}",
-              "ReceivingEmail": "${{ vars.YOUR_RECEIVING_EMAIL }}"
-            },
-            "CorsOrigins": "${{ vars.FRONTEND_URL }}",
-            "BackendPort": "${{ vars.BACKEND_PORT }}"
-          }
-          EOF
-
-      - name: Create Frontend .env.local file
-        run: |
-          echo "Creating frontend .env.local file..."
-          mkdir -p frontend
-          cat <<EOF > frontend/.env.local
-          NEXT_PUBLIC_GITHUB_URL=${{ vars.NEXT_PUBLIC_GITHUB_URL }}
-          NEXT_PUBLIC_LINKEDIN_URL=${{ vars.NEXT_PUBLIC_LINKEDIN_URL }}
-          EOF
-
-      - name: Install Dependencies and Build
-        run: |
-          echo "Restoring backend NuGet packages..."
-          dotnet restore backend/JoaoLoureiro.Portfolio.Api/JoaoLoureiro.Portfolio.Api.csproj
-
-          echo "Building and publishing backend..."
-          dotnet publish backend/JoaoLoureiro.Portfolio.Api/JoaoLoureiro.Portfolio.Api.csproj --configuration Release --output ./publish
-
-          echo "Copying backend appsettings to published output..."
-          # ensure the production appsettings travels with the published output so the deployed app reads it
-          if [ -f backend/appsettings.Production.json ]; then
-            mkdir -p ./publish
-            cp backend/appsettings.Production.json ./publish/
-          fi
-
-          echo "Installing frontend dependencies..."
-          cd frontend && npm install
-
-          echo "Building frontend application..."
-          npm run build
-
-      - name: Sync Files to Production Directory
-        run: |
-          echo "Syncing files to production directory..."
-          rsync -auv --itemize-changes --progress ./publish/ /var/www/website.joaoloureiro.dev.br/backend/
-          echo "rsync publish exit: $?"
-
-          rsync -auv --itemize-changes --progress ./frontend/.next/ /var/www/website.joaoloureiro.dev.br/frontend/.next/
-          echo "rsync .next exit: $?"
-
-          rsync -auv --itemize-changes --progress ./frontend/public/ /var/www/website.joaoloureiro.dev.br/frontend/public/
-          echo "rsync public exit: $?"
-
-          rsync -av --itemize-changes --progress ./frontend/package.json /var/www/website.joaoloureiro.dev.br/frontend/
-          echo "rsync package.json exit: $?"
-
-          # copy both frontend and backend ecosystem files into the deployment root so PM2 can find them
-          rsync -av --itemize-changes --progress ./frontend/ecosystem.config.json /var/www/website.joaoloureiro.dev.br/frontend/
-          echo "rsync frontend ecosystem exit: $?"
-
-          rsync -av --itemize-changes --progress ./backend/ecosystem.config.json /var/www/website.joaoloureiro.dev.br/backend/
-          echo "rsync backend ecosystem exit: $?"
-
-      - name: Restart Applications with PM2
-        env:
-          DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}
-        run: |
-          echo "Restarting applications with PM2..."
-          restart-portfolio
+    - name: Build and push Frontend
+      uses: docker/build-push-action@v5
+      with:
+        context: ./frontend
+        push: true
+        tags: ${{ steps.meta-frontend.outputs.tags }}
+        labels: ${{ steps.meta-frontend.outputs.labels }}

backend/.dockerignore

@@ -1,3 +1,4 @@
+# Ignore common files that shouldn't be in the container
 **/.classpath
 **/.dockerignore
 **/.env
@@ -13,16 +14,23 @@
 **/*.jfm
 **/azds.yaml
 **/bin
+**/obj
 **/charts
 **/docker-compose*
 **/Dockerfile*
 **/node_modules
 **/npm-debug.log
-**/obj
-**/secrets.dev.yaml
-**/values.dev.yaml
-LICENSE
-README.md
+**/.idea
+**/.vs
+**/.vscode
+**/*.user
+**/*.suo
+**/*.userosscache
+**/*.sln.docstates
+
+# Include all .csproj files - they are needed for the build
+!**/*.csproj
+!**/*.sln
 !**/.gitignore
 !.git/HEAD
 !.git/config

backend/Dockerfile

@@ -0,0 +1,47 @@
+# Build stage - using .NET SDK
+FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
+WORKDIR /src
+
+# Copy project files first for better layer caching
+COPY ["*.sln", "./"]
+COPY ["JoaoLoureiro.Portfolio.Api/*.csproj", "JoaoLoureiro.Portfolio.Api/"]
+COPY ["JoaoLoureiro.Portfolio.Application/*.csproj", "JoaoLoureiro.Portfolio.Application/"]
+COPY ["JoaoLoureiro.Portfolio.Domain/*.csproj", "JoaoLoureiro.Portfolio.Domain/"]
+COPY ["JoaoLoureiro.Portfolio.Infrastructure/*.csproj", "JoaoLoureiro.Portfolio.Infrastructure/"]
+
+# Restore dependencies
+WORKDIR "/src/JoaoLoureiro.Portfolio.Api"
+RUN dotnet restore
+
+# Copy remaining source code
+WORKDIR "/src"
+COPY . .
+
+# Build and publish
+WORKDIR "/src/JoaoLoureiro.Portfolio.Api"
+RUN dotnet publish -c Release -o /app/publish
+
+# Runtime stage
+FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS runtime
+WORKDIR /app
+
+# curl used by docker-compose healthcheck
+RUN apt-get update \
+    && apt-get install -y curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Configure logging to show in container logs
+ENV ASPNETCORE_ENVIRONMENT=Development
+ENV DOTNET_CLI_TELEMETRY_OPTOUT=1
+ENV ASPNETCORE_URLS=http://+:3001
+ENV ASPNETCORE_HTTP_PORT=3001
+ENV ASPNETCORE_LOGGING__CONSOLE__DISABLECOLORS=true
+
+# Expose the port
+EXPOSE 3001
+
+# Copy published app
+COPY --from=build /app/publish .
+
+# Entry point with enhanced logging
+ENTRYPOINT ["dotnet", "JoaoLoureiro.Portfolio.Api.dll"]

docker-compose.yml

@@ -0,0 +1,47 @@
+version: '3.8'
+
+services:
+  # Backend Service
+  backend:
+    build:
+      context: ./backend
+      dockerfile: Dockerfile
+    container_name: portfolio-backend
+    environment:
+      - ASPNETCORE_ENVIRONMENT=Production
+      - ASPNETCORE_URLS=http://+:80
+    networks:
+      - traefik_network
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portfolio-backend.rule=Host(`api.yourdomain.com`)"
+      - "traefik.http.routers.portfolio-backend.entrypoints=websecure"
+      - "traefik.http.services.portfolio-backend.loadbalancer.server.port=80"
+      - "traefik.docker.network=traefik_network"
+      - "traefik.http.routers.portfolio-backend.tls.certresolver=le"
+      - "traefik.http.routers.portfolio-backend.middlewares=auth@docker"
+
+  # Frontend Service
+  frontend:
+    build:
+      context: ./frontend
+      dockerfile: Dockerfile
+    container_name: portfolio-frontend
+    environment:
+      - NEXT_PUBLIC_API_URL=https://api.yourdomain.com
+    networks:
+      - traefik_network
+    restart: unless-stopped
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.portfolio-frontend.rule=Host(`yourdomain.com`, `www.yourdomain.com`)"
+      - "traefik.http.routers.portfolio-frontend.entrypoints=websecure"
+      - "traefik.http.services.portfolio-frontend.loadbalancer.server.port=3000"
+      - "traefik.docker.network=traefik_network"
+      - "traefik.http.routers.portfolio-frontend.tls.certresolver=le"
+      - "traefik.http.routers.portfolio-frontend.middlewares=auth@docker"
+
+networks:
+  traefik_network:
+    external: true  # Using your existing Traefik network

frontend/package.json

@@ -11,11 +11,12 @@
   "dependencies": {
     "@heroicons/react": "^2.2.0",
     "framer-motion": "^12.16.0",
-    "next": "15.3.3",
+    "next": "^15.5.6",
+    "next-auth": "^4.24.13",
     "next-intl": "^4.1.0",
-    "react": "^19.0.0",
+    "react": "^19.2.4",
     "react-country-flag": "^3.1.0",
-    "react-dom": "^19.0.0",
+    "react-dom": "^19.2.4",
     "react-hot-toast": "^2.5.2",
     "react-icons": "^5.5.0",
     "react-type-animation": "^3.2.0"
@@ -31,4 +32,4 @@
     "tailwindcss": "^4",
     "typescript": "^5"
   }
-}
+}