From 45daa18bb13e45c700e01855d19abc67b7f07775 Mon Sep 17 00:00:00 2001
From: rw <john.doe6345789@gmail.com>
Date: Wed, 11 Mar 2026 22:38:17 +0000
Subject: [PATCH] fix(ci): add Verdaccio to stack and Gate 7 for @esbuild-kit
 registry

The base-node-deps Docker build failed because .npmrc routes @esbuild-kit
packages to localhost:4873 (Verdaccio), which is unreachable inside BuildKit.

- Add Verdaccio service to docker-compose.stack.yml with patched tarballs
- Start Verdaccio in Gate 7 Tier 1 before base-node-deps build
- Configure buildx with network=host so BuildKit can reach localhost:4873
- Update verdaccio.yaml storage path for container volume mount

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/gated-pipeline.yml | 50 ++++++++++++++++++++++++++++
 deployment/docker-compose.stack.yml  | 26 +++++++++++++++
 deployment/verdaccio.yaml            | 12 ++++---
 3 files changed, 84 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/gated-pipeline.yml b/.github/workflows/gated-pipeline.yml
index 267731640..08a5fd7c9 100644
--- a/.github/workflows/gated-pipeline.yml
+++ b/.github/workflows/gated-pipeline.yml
@@ -1342,6 +1342,56 @@ jobs:
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v4
+        with:
+          # host networking lets BuildKit reach Verdaccio on localhost:4873
+          driver-opts: network=host
+
+      - name: Start Verdaccio and publish patched packages
+        if: matrix.image == 'base-node-deps'
+        shell: bash
+        run: |
+          npm install -g verdaccio@6 --silent
+
+          mkdir -p /tmp/verdaccio-storage
+          cat > /tmp/verdaccio-ci.yaml << 'VERDACCIO_EOF'
+          storage: /tmp/verdaccio-storage
+          uplinks:
+            npmjs:
+              url: https://registry.npmjs.org/
+              timeout: 60s
+              max_fails: 3
+          packages:
+            '@esbuild-kit/*':
+              access: $all
+              publish: $all
+              proxy: npmjs
+            '**':
+              access: $all
+              publish: $all
+              proxy: npmjs
+          server:
+            keepAliveTimeout: 60
+          log:
+            type: stdout
+            format: pretty
+            level: warn
+          listen: 0.0.0.0:4873
+          VERDACCIO_EOF
+
+          verdaccio --config /tmp/verdaccio-ci.yaml &
+          timeout 30 bash -c 'until curl -sf http://localhost:4873/-/ping >/dev/null 2>&1; do sleep 1; done'
+          echo "Verdaccio ready"
+
+          # Publish patched tarballs
+          for tarball in deployment/npm-patches/*.tgz; do
+            [ -f "$tarball" ] || continue
+            echo "Publishing $tarball..."
+            npm publish "$tarball" \
+              --registry http://localhost:4873 \
+              --tag patched \
+              2>&1 | grep -v "^npm notice" || true
+          done
+          echo "Patched packages published to Verdaccio"
 
       - name: Log in to GitHub Container Registry
         uses: docker/login-action@v4
diff --git a/deployment/docker-compose.stack.yml b/deployment/docker-compose.stack.yml
index 84257cee7..b4c0ce931 100644
--- a/deployment/docker-compose.stack.yml
+++ b/deployment/docker-compose.stack.yml
@@ -36,6 +36,29 @@
 #   http://localhost/kibana/      Kibana (Elasticsearch admin)
 
 services:
+  # ============================================================================
+  # NPM Registry (Verdaccio) — serves patched @esbuild-kit packages
+  # ============================================================================
+
+  verdaccio:
+    image: verdaccio/verdaccio:6
+    container_name: metabuilder-verdaccio
+    restart: unless-stopped
+    ports:
+      - "4873:4873"
+    volumes:
+      - ./verdaccio.yaml:/verdaccio/conf/config.yaml:ro
+      - ./npm-patches:/verdaccio/patches:ro
+      - verdaccio-storage:/verdaccio/storage
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://127.0.0.1:4873/-/ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+    networks:
+      - metabuilder
+
   # ============================================================================
   # Core Services
   # ============================================================================
@@ -1062,6 +1085,9 @@ services:
 # Volumes
 # ============================================================================
 volumes:
+  # NPM registry
+  verdaccio-storage:
+    driver: local
   # Core
   postgres-data:
     driver: local
diff --git a/deployment/verdaccio.yaml b/deployment/verdaccio.yaml
index 38bbbd202..9822a1463 100644
--- a/deployment/verdaccio.yaml
+++ b/deployment/verdaccio.yaml
@@ -3,11 +3,15 @@
 # else to npmjs.org.
 #
 # Usage:
-#   npx verdaccio --config deployment/verdaccio.yaml &
-#   bash deployment/publish-npm-patches.sh --verdaccio
-#   # .npmrc already points @esbuild-kit:registry to localhost:4873
+#   Local dev: npx verdaccio --config deployment/verdaccio.yaml &
+#   Compose:   docker compose -f docker-compose.stack.yml up verdaccio
+#   CI:        uses inline config with /tmp/verdaccio-storage
+#   Then:      bash deployment/publish-npm-patches.sh --verdaccio
+#   .npmrc already points @esbuild-kit:registry to localhost:4873
 
-storage: /tmp/verdaccio-storage
+# Docker container path (volume-mounted in docker-compose.stack.yml).
+# For local dev, use the CI composite action or npx verdaccio (default config).
+storage: /verdaccio/storage
 uplinks:
   npmjs:
     url: https://registry.npmjs.org/