appstore/readme.md

# @serve.zone/appstore

This repository is the curated App Store index consumed by serve.zone runtimes. It publishes `@serve.zone/appstore`, a small TypeScript client that parses and resolves App Store metadata, linked `servezone.appstore.json` manifests, and Docker digest-tracked image sources.

## Issue Reporting and Security

For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.

## What Is In This Repo

| File or directory | Purpose |
| --- | --- |
| `appstore.json` | Top-level App Store index with app IDs, display names, descriptions, categories, icons, latest versions, and tags. |
| `apps/<app>/app.json` | App-specific metadata, maintained version list, and optional links. |
| `apps/<app>/versions/<version>/config.json` | Deployable version definition: image, internal port, environment variables, platform requirements, and compatibility metadata. |
| `ts_client/` | Published `@serve.zone/appstore` parser and resolver client. |
| `source.type=repoManifest` | Optional link to a `servezone.appstore.json` file owned by the upstream app repo. |

Changes are reviewed by reading the JSON data, running the client tests, and testing affected templates in Onebox or Cloudly.

## Current App Store

The App Store currently lists 20 app templates.

| App ID | Name | App Store category | Image | Port |
| --- | --- | --- | --- | --- |
| `adminer` | Adminer | Dev Tools | `adminer:latest` | `8080` |
| `cloudly` | Cloudly | Dev Tools | `code.foss.global/serve.zone/cloudly:latest` | `80` |
| `ghost` | Ghost | CMS | `ghost:latest` | `2368` |
| `gitea` | Gitea | Dev Tools | `gitea/gitea:latest` | `3000` |
| `gitops` | GitOps | Dev Tools | `code.foss.global/serve.zone/gitops:2.13.0` | `3000` |
| `grafana` | Grafana | Monitoring | `grafana/grafana:latest` | `3000` |
| `mariadb` | MariaDB | Database | `mariadb:latest` | `3306` |
| `mattermost` | Mattermost | Communication | `mattermost/mattermost-team-edition:latest` | `8065` |
| `n8n` | N8N | Automation | `n8nio/n8n:latest` | `5678` |
| `nextcloud` | Nextcloud | Storage | `nextcloud:latest` | `80` |
| `nginx` | Nginx | Web Server | `nginx:alpine` | `80` |
| `plausible` | Plausible Analytics | Analytics | `plausible/analytics:latest` | `8000` |
| `portainer` | Portainer | Dev Tools | `portainer/portainer-ce:latest` | `9000` |
| `postgres` | PostgreSQL | Database | `postgres:16-alpine` | `5432` |
| `redis` | Redis | Database | `redis:alpine` | `6379` |
| `rustdesk-server` | RustDesk Server | Remote Access | `rustdesk/rustdesk-server-s6:latest` | `21116` |
| `siprouter` | SIP Router | Communication | `code.foss.global/serve.zone/siprouter:1.28.0` | `3060` |
| `uptime-kuma` | Uptime Kuma | Monitoring | `louislam/uptime-kuma:latest` | `3001` |
| `vaultwarden` | Vaultwarden | Security | `vaultwarden/server:latest` | `80` |
| `wordpress` | WordPress | CMS | `wordpress:latest` | `80` |

## Platform Requirements

Some templates ask Onebox to provision local platform services and inject connection variables into the workload.

| App ID | Requirements | Notes |
| --- | --- | --- |
| `cloudly` | MongoDB, S3 | Requires Onebox `1.24.2` or newer. Uses provisioned MongoDB and MinIO/S3 values for Cloudly state and registry storage. |
| `ghost` | MariaDB | Uses MySQL-style `database__connection__*` environment variables. |
| `gitea` | MariaDB | Uses Gitea database environment variables with `${MARIADB_*}` placeholders. |
| `nextcloud` | MariaDB, Redis | Uses MySQL-compatible database variables. Redis is declared as a platform requirement. |
| `plausible` | ClickHouse | Declares ClickHouse as a platform requirement. |
| `siprouter` | MongoDB, S3 | Uses SmartData state and object storage for telephony-related runtime data. |
| `wordpress` | MariaDB | Uses standard WordPress database environment variables. |

Standalone templates such as `nginx`, `adminer`, `redis`, `portainer`, `mattermost`, `n8n`, `uptime-kuma`, and `vaultwarden` currently define only image and port unless their version config adds explicit environment variables. `rustdesk-server` uses the official all-in-one s6 image and requires `RELAY` to advertise the public relay endpoint; RustDesk clients also require firewall access to TCP `21115`, TCP/UDP `21116`, TCP `21117`, and optional web-client TCP `21118`/`21119`.

## Template Schema In Practice

Version configs use a small, pragmatic schema understood by serve.zone runtimes:

```jsonc
{
  "image": "container/image:tag",
  "port": 8080,
  "envVars": [
    {
      "key": "ENV_NAME",
      "value": "${PLACEHOLDER_OR_DEFAULT}",
      "description": "Shown in the App Store UI",
      "required": true
    }
  ],
  "platformRequirements": {
    "mariadb": true,
    "mongodb": true,
    "s3": true,
    "redis": true,
    "clickhouse": true
  },
  "minOneboxVersion": "1.24.2"
}
```

Linked app manifests use the same runtime schema and let the upstream app repo own its install and upgrade metadata:

```jsonc
{
  "schemaVersion": 1,
  "app": {
    "id": "cloudly",
    "name": "Cloudly",
    "description": "Multi-node serve.zone control plane.",
    "category": "Dev Tools"
  },
  "latestVersion": "latest",
  "source": {
    "type": "dockerImage",
    "image": "code.foss.global/serve.zone/cloudly:latest",
    "tracking": "digest"
  },
  "runtime": {
    "image": "code.foss.global/serve.zone/cloudly:latest",
    "port": 80
  }
}
```

When `tracking` is `digest`, Onebox resolves the Docker manifest digest and treats digest changes as App Store upgrades while keeping the image reference simple for deployment.

## Client Usage

```ts
import { AppStoreResolver } from '@serve.zone/appstore';

const resolver = new AppStoreResolver();
const appStore = await resolver.getAppStoreIndex();
const cloudly = await resolver.getAppMeta('cloudly');
const config = await resolver.getAppVersionConfig('cloudly', cloudly.latestVersion);
```

The resolver defaults to `https://code.foss.global/serve.zone/appstore/raw/branch/main` and reads `appstore.resolved.json` first, then `appstore.json`. Tests can inject a custom `fetch` implementation and base URL.

Only include keys that are actually needed by a template. For example, `nginx` is currently just:

```json
{
  "image": "nginx:alpine",
  "port": 80
}
```

## Working With Templates

- Keep `appstore.json`, `apps/<app>/app.json`, and each version config in sync when adding or changing an app.
- Prefer `source.type=repoManifest` for serve.zone-owned apps so upgrades can be controlled by merging `servezone.appstore.json` changes into the app repo's main branch.
- Prefer explicit environment variable descriptions because Onebox surfaces them to users during installation.
- Use platform placeholders such as `${MARIADB_HOST}`, `${MARIADB_PORT}`, `${MARIADB_DATABASE}`, `${MARIADB_USER}`, `${MARIADB_PASSWORD}`, `${MONGODB_URI}`, `${S3_BUCKET}`, `${S3_ACCESS_KEY}`, and `${S3_SECRET_KEY}` only when the matching platform service is declared.
- Keep template images boring and operationally safe unless there is a reason to pin a more specific upstream tag.
- Validate non-trivial templates by installing them through Onebox instead of only checking JSON syntax.

## Project Map

```text
appstore/
├── appstore.json
├── ts_client/
└── apps/
    ├── cloudly/
    │   ├── app.json
    │   └── versions/1.0.0/config.json
    └── ...
```

## License and Legal Information

This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.

**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.

### Trademarks

This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.

Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.

### Company Information

Task Venture Capital GmbH
Registered at District Court Bremen HRB 35230 HB, Germany

For any legal inquiries or further information, please contact us via email at hello@task.vc.

By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.