initial release

feshchenkod · feshchenkod · commit a396af067400 · 2026-03-16T23:13:53.000+10:00
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,7 @@
+.git
+.github
+.env
+.env.example
+.dockerignore
+docker-compose.yml
+README.md
diff --git a/.env.example b/.env.example
@@ -0,0 +1 @@
+DOMAIN=gitpkg.example.com
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,41 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+
+env:
+  IMAGE: ghcr.io/${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ${{ env.IMAGE }}
+          tags: |
+            type=sha
+            type=semver,pattern={{version}}
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,16 @@
+FROM python:3.12-alpine
+
+RUN adduser -D -h /app -s /sbin/nologin app
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip \
+    && pip install --no-cache-dir -r requirements.txt
+
+COPY app.py .
+
+USER app
+EXPOSE 8000
+
+CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "--timeout", "60", "app:app"]
diff --git a/README.md b/README.md
@@ -1 +1,24 @@
-# gitpkg-selfhost
+# GitPkg (self-hosted)
+
+Install npm packages from GitHub monorepo subdirectories. A self-hosted alternative to [gitpkg.now.sh](https://github.com/EqualMa/gitpkg).
+
+## Usage
+
+```bash
+npm install https://your-server/user/repo/packages/pkg?commit-ish
+```
+
+Full GitHub URL format is also supported:
+
+```bash
+npm install https://your-server/https://github.com/user/repo/tree/commit-ish/packages/pkg
+```
+
+If no commit is specified, defaults to `main`.
+
+## Deploy
+
+```bash
+cp .env.example .env  # set your domain
+docker compose up -d
+```
diff --git a/app.py b/app.py
@@ -0,0 +1,125 @@
+import hashlib
+import io
+import re
+import tarfile
+from typing import Any
+
+import requests
+from flask import Flask, Response, abort, request
+
+app = Flask(__name__)
+
+MAX_OUTPUT_BYTES = 50 * 1024 * 1024  # 50 MB limit for repacked tarball
+_SAFE_PARAM = re.compile(r"^[A-Za-z0-9._-]+$")
+
+_session = requests.Session()
+_session.headers["User-Agent"] = "gitpkg-selfhost/1.0"
+
+
+@app.route("/health")
+def health():
+    return "ok"
+
+
+@app.route("/<user>/<repo>/<path:subdir>")
+@app.route("/https://github.com/<user>/<repo>/tree/<commit>/<path:subdir>")
+def pkg(user: str, repo: str, subdir: str, commit: str | None = None):
+    if commit is None:
+        qs = request.query_string.decode()
+        commit = request.args.get("commit") or (qs if qs and "=" not in qs else "") or "main"
+
+    # Validate inputs
+    for param in (user, repo, commit):
+        if not _SAFE_PARAM.match(param):
+            abort(400, "Invalid characters in URL")
+
+    subdir = subdir.rstrip("/") + "/"
+
+    # Fetch full-repo tarball from GitHub
+    codeload_url = f"https://codeload.github.com/{user}/{repo}/tar.gz/{commit}"
+
+    # HEAD — skip download, no useful headers to return without repack
+    if request.method == "HEAD":
+        return Response(mimetype="application/gzip")
+
+    upstream = _session.get(codeload_url, stream=True, timeout=(5, 60))
+    if upstream.status_code != 200:
+        upstream.close()
+        abort(upstream.status_code, f"GitHub returned {upstream.status_code}")
+
+    upstream.raw.decode_content = True
+
+    # Stream the tarball, filter to subdir, repack with package/ prefix
+    try:
+        tgz_bytes = _repack(upstream.raw, subdir)
+    except ValueError:
+        abort(413, "Subdirectory too large to serve")
+    finally:
+        upstream.close()
+    if tgz_bytes is None:
+        abort(404, f"Subdirectory '{subdir}' not found in {user}/{repo}@{commit}")
+
+    etag = hashlib.sha256(tgz_bytes).hexdigest()[:16]
+    if request.headers.get("If-None-Match") == etag:
+        return Response(status=304)
+
+    safe_subdir = re.sub(r"[^\w.-]", "-", subdir)
+    filename = f"{user}-{repo}-{safe_subdir}{commit[:12]}.tgz"
+    return Response(
+        tgz_bytes,
+        mimetype="application/gzip",
+        headers={
+            "Content-Disposition": f'attachment; filename="{filename}"',
+            "ETag": etag,
+            "Cache-Control": "public, immutable, max-age=31536000",
+        },
+    )
+
+
+def _repack(stream: Any, subdir: str) -> bytes | None:
+    """Extract subdir from streamed tarball and repack as npm-compatible tgz."""
+    out_buf = io.BytesIO()
+
+    found = False
+    full_prefix = ""
+
+    with tarfile.open(fileobj=stream, mode="r|gz") as src:
+        with tarfile.open(fileobj=out_buf, mode="w:gz") as dst:
+            for member in src:
+                # First entry is the repo root dir, e.g. "wagmi-8fe5291/"
+                if not full_prefix:
+                    full_prefix = member.name.split("/")[0] + "/" + subdir
+                    continue
+
+                # Check if entry is inside the target subdir
+                if not member.name.startswith(full_prefix):
+                    continue
+
+                # Only allow regular files and directories
+                if not (member.isfile() or member.isdir()):
+                    continue
+
+                found = True
+
+                # Copy member info with remapped name
+                relative = member.name[len(full_prefix):]
+                info = tarfile.TarInfo(name="package/" + relative if relative else "package")
+                info.size = member.size if member.isfile() else 0
+                info.mode = member.mode
+                info.type = member.type
+                info.mtime = member.mtime
+
+                fileobj = src.extractfile(member) if member.isfile() else None
+                dst.addfile(info, fileobj)
+
+                if out_buf.tell() > MAX_OUTPUT_BYTES:
+                    raise ValueError("Output tarball too large")
+
+    if not found:
+        return None
+
+    return out_buf.getvalue()
+
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=8000)
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,22 @@
+services:
+  gitpkg:
+    image: ghcr.io/feshchenkod/gitpkg-selfhost:latest
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "wget", "-qO-", "http://localhost:8000/health"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+  caddy:
+    image: caddy:2
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - caddy_data:/data
+    command: caddy reverse-proxy --from ${DOMAIN} --to gitpkg:8000
+
+volumes:
+  caddy_data:
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,3 @@
+Flask==3.1.*
+requests==2.32.*
+gunicorn>=25,<26

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+Flask==3.1.*`
	`2`	`+requests==2.32.*`
	`3`	`+gunicorn>=25,<26`