goodpackagerepo
World's first good package repository - A schema-driven, secure, and fast artifact storage system.
Features
- 🔒 Secure by Design: Content-addressed storage with SHA256 verification
- ⚡ Lightning Fast: Built-in caching and intelligent indexing
- 📋 Schema-Driven: Declarative configuration with automatic validation
- 🔐 Authentication: Simple admin login with password management
- 🐳 Docker Ready: Full Docker and docker-compose support
- 📦 GHCR Support: Automated builds and publishing to GitHub Container Registry
- 🚀 CapRover Ready: Easy deployment with CapRover PaaS
Quick Start
Using Docker Compose
git clone https://github.com/johndoe6345789/goodpackagerepo.git
cd goodpackagerepo
docker-compose up -d
The frontend will be available at http://localhost:3000 and the backend API at http://localhost:5000.
Default credentials: admin / admin (change after first login!)
Manual Setup
Backend (Flask)
cd backend
pip install -r requirements.txt
export DATA_DIR=/tmp/data
export JWT_SECRET=your-secret-key
python app.py
Frontend (Next.js)
cd frontend
npm install
npm run dev
Seed Data and Templates
Load Example Data
To populate your repository with example packages for testing:
cd seed_data
pip install requests
python load_seed_data.py
This loads sample packages including:
acme/hello-world- Multi-version example with multiple variantsexample/webapp- Web application containerstools/cli-tool- CLI tool examplelibs/utility- Library with prerelease versions
Templates
The templates/ directory contains reusable templates for:
- Entity definitions - Define new data models
- API routes - Create custom endpoints
- Pipeline patterns - Common operation sequences
- Blob stores - Configure storage backends
- Auth scopes - Define permission sets
- Upstream proxies - Configure external repositories
See templates/README.md for the complete operation vocabulary and usage examples.
Documentation
Complete documentation is available at /docs when running the application, including:
- Getting Started Guide
- CapRover Deployment Instructions
- API Usage Examples
- Schema Configuration
- Operation Vocabulary Reference
Testing
E2E Tests (Playwright)
cd tests
npm install
npx playwright install
npm test
See tests/README.md for more testing options.
Deployment
CapRover
See the full CapRover setup guide in the documentation at /docs#caprover-setup.
Quick summary:
- Create two apps in CapRover:
goodrepo-backendandgoodrepo-frontend - Deploy from GitHub using the respective
captain-definitionfiles - Set environment variables
- Enable HTTPS
Docker Registries
Images are automatically built and pushed to GitHub Container Registry (GHCR) on push to main:
- Backend:
ghcr.io/johndoe6345789/goodpackagerepo/backend:latest - Frontend:
ghcr.io/johndoe6345789/goodpackagerepo/frontend:latest
Architecture
- Backend: Flask-based Python API implementing the schema.json specification
- Frontend: Next.js/React application with custom Material Design SCSS
- Storage: SQLite for user auth, filesystem for blobs, in-memory for metadata
- Authentication: JWT-based with bcrypt password hashing
API Endpoints
Authentication
POST /auth/login- Login and get JWT tokenPOST /auth/change-password- Change passwordGET /auth/me- Get current user info
Package Management
PUT /v1/{namespace}/{name}/{version}/{variant}/blob- Publish packageGET /v1/{namespace}/{name}/{version}/{variant}/blob- Download packageGET /v1/{namespace}/{name}/latest- Get latest versionGET /v1/{namespace}/{name}/versions- List all versionsPUT /v1/{namespace}/{name}/tags/{tag}- Set tag
API Access
Docker Compose: Backend is on http://localhost:5000, frontend on http://localhost:3000 proxies API requests automatically.
Production Deployments: Two options:
- Separate domains: Set
NEXT_PUBLIC_API_URLto backend URL (e.g.,https://api.example.com) - Single domain with proxy: Set
NEXT_PUBLIC_API_URL=""andBACKEND_URLto internal backend address. The frontend proxies/auth/*,/v1/*,/admin/*,/health, and/schemaroutes to the backend. Access all routes through the frontend domain (e.g.,https://repo.example.com/auth/login)
Schema Configuration
The repository behavior is defined by schema.json, which includes:
- Entities: Data models with validation rules
- Storage: Blob stores, KV stores, document schemas
- Indexes: Optimized package lookup
- Auth: JWT authentication with scope-based permissions
- API Routes: Declarative pipeline-based endpoints
- Caching: Response and blob caching policies
- Replication: Event sourcing for multi-region sync
- GC: Automatic garbage collection
License
See LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.