mirror of
https://github.com/johndoe6345789/metabuilder.git
synced 2026-04-24 13:54:57 +00:00
rw
9d4244891e
GitHub Actions: - checkout@v4 → @v6 (v6 is current, v4 was wrong downgrade) - upload-artifact@v4 → @v7 (latest), @v6 → @v7 in dbal-tests.yml - download-artifact@v4 → @v8 (latest) - cache@v6 → @v5 (v6 does not exist, v5 is latest) - codeql-action@v4 confirmed correct Security (Dependabot): - next 16.1.5 → 16.1.7 (dockerterminal): HTTP smuggling, CSRF, DoS fixes - PyJWT 2.10.1 → 2.12.0 (5 requirements.txt): unknown crit header bypass - CairoSVG 2.8.2 → 2.9.0 (pcbgenerator): recursive <use> ReDoS - postgres overrides: add hono >=4.12.4, @hono/node-server >=1.19.10, rollup >=4.59.0, serialize-javascript >=7.0.3 for transitive vulns Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
goodpackagerepo
World's first good package repository - A schema-driven, secure, and fast artifact storage system.
Features
- 🔒 Secure by Design: Content-addressed storage with SHA256 verification
- ⚡ Lightning Fast: Built-in caching and intelligent indexing
- 📋 Schema-Driven: Declarative configuration with automatic validation
- 🔐 Authentication: Simple admin login with password management
- 🐳 Docker Ready: Full Docker and docker-compose support
- 📦 GHCR Support: Automated builds and publishing to GitHub Container Registry
- 🚀 CapRover Ready: Easy deployment with CapRover PaaS
Quick Start
Using Docker Compose
git clone https://github.com/johndoe6345789/goodpackagerepo.git
cd goodpackagerepo
docker-compose up -d
The frontend will be available at http://localhost:3000 and the backend API at http://localhost:5000.
Default credentials: admin / admin (change after first login!)
Manual Setup
Backend (Flask)
cd backend
pip install -r requirements.txt
export DATA_DIR=/tmp/data
python app.py
Frontend (Next.js)
cd frontend
npm install
npm run dev
Seed Data and Templates
Load Example Data
To populate your repository with example packages for testing:
cd seed_data
pip install requests
python load_seed_data.py
This loads sample packages including:
acme/hello-world- Multi-version example with multiple variantsexample/webapp- Web application containerstools/cli-tool- CLI tool examplelibs/utility- Library with prerelease versions
Templates
The templates/ directory contains reusable templates for:
- Entity definitions - Define new data models
- API routes - Create custom endpoints
- Pipeline patterns - Common operation sequences
- Blob stores - Configure storage backends
- Auth scopes - Define permission sets
- Upstream proxies - Configure external repositories
See templates/README.md for the complete operation vocabulary and usage examples.
Documentation
Complete documentation is available at /docs when running the application, including:
- Getting Started Guide
- CapRover Deployment Instructions
- API Usage Examples
- Schema Configuration
- Operation Vocabulary Reference
Testing
E2E Tests (Playwright)
cd tests
npm install
npx playwright install
npm test
See tests/README.md for more testing options.
Deployment
CapRover
See the full CapRover setup guide in the documentation at /docs#caprover-setup.
Quick summary:
- Create two apps in CapRover:
goodrepo-backendandgoodrepo-frontend - Deploy from GitHub using the respective
captain-definitionfiles - Set environment variables
- Enable HTTPS
Docker Registries
Images are automatically built and pushed to GitHub Container Registry (GHCR) on push to main:
- Backend:
ghcr.io/johndoe6345789/goodpackagerepo/backend:latest - Frontend:
ghcr.io/johndoe6345789/goodpackagerepo/frontend:latest
Architecture
- Backend: Flask-based Python API implementing the schema.json specification
- Frontend: Next.js/React application with custom Material Design SCSS
- Storage: SQLite for user auth, filesystem for blobs, in-memory for metadata
- Authentication: Admin login with bcrypt password hashing
API Endpoints
Authentication
POST /auth/login- Login and get an auth tokenPOST /auth/change-password- Change passwordGET /auth/me- Get current user info
Package Management
PUT /v1/{namespace}/{name}/{version}/{variant}/blob- Publish packageGET /v1/{namespace}/{name}/{version}/{variant}/blob- Download packageGET /v1/{namespace}/{name}/latest- Get latest versionGET /v1/{namespace}/{name}/versions- List all versionsPUT /v1/{namespace}/{name}/tags/{tag}- Set tag
API Access
Docker Compose: Backend is on http://localhost:5000, frontend on http://localhost:3000 proxies API requests automatically.
Production Deployments: Two options:
- Separate domains: Set
NEXT_PUBLIC_API_URLto backend URL (e.g.,https://api.example.com) - Single domain with proxy: Set
NEXT_PUBLIC_API_URL=""andBACKEND_URLto internal backend address. The frontend proxies/auth/*,/v1/*,/admin/*,/health, and/schemaroutes to the backend. Access all routes through the frontend domain (e.g.,https://repo.example.com/auth/login)
Schema Configuration
The repository behavior is defined by schema.json, which includes:
- Entities: Data models with validation rules
- Storage: Blob stores, KV stores, document schemas
- Indexes: Optimized package lookup
- Auth: Scope-based authentication and permissions
- API Routes: Declarative pipeline-based endpoints
- Caching: Response and blob caching policies
- Replication: Event sourcing for multi-region sync
- GC: Automatic garbage collection
License
See LICENSE file for details.
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.