fix(reactive-resume): update for v5.1.4 compatibility

- Replace obsolete PRINTER_ENDPOINT with ENCRYPTION_SECRET in .env (PDF generation moved client-side in v5.1.0; AI providers require ENCRYPTION_SECRET since v5.1.4) - Add commented REDIS_URL for the new AI Agent workspace (optional) - Inject ENCRYPTION_SECRET into existing installs on update if missing
fix(reactive-resume): use pnpm deploy instead of cp -rL for runtime externals
2026-05-20 07:24:57 +02:00 · 2026-05-19 10:21:22 +02:00 · 2026-05-19 10:08:26 +02:00 · 2026-05-19 10:04:17 +02:00 · 2026-05-19 09:58:36 +02:00 · 2026-05-19 09:46:37 +02:00
6 changed files with 36 additions and 18 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -476,16 +476,11 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
  - #### 🐞 Bug Fixes
    - ESPConnect: Fix paths to SSL certificates [@tremor021](https://github.com/tremor021) ([#14591](https://github.com/community-scripts/ProxmoxVE/pull/14591))
    - ReactiveResume: set correct WorkingDirectory for systemd service [@MickLesk](https://github.com/MickLesk) ([#14579](https://github.com/community-scripts/ProxmoxVE/pull/14579))
    - Sparkyfitness: add missing nginx template variable substitutions [@MickLesk](https://github.com/MickLesk) ([#14578](https://github.com/community-scripts/ProxmoxVE/pull/14578))
    - Wanderer: include dev dependencies during build [@MickLesk](https://github.com/MickLesk) ([#14577](https://github.com/community-scripts/ProxmoxVE/pull/14577))
    - Whisparr: switch from nightly to stable GitHub release [@MickLesk](https://github.com/MickLesk) ([#14581](https://github.com/community-scripts/ProxmoxVE/pull/14581))
  - #### 🔧 Refactor
    - Refactor: SonarQube [@tremor021](https://github.com/tremor021) ([#14594](https://github.com/community-scripts/ProxmoxVE/pull/14594))
 ## 2026-05-18
 ### 🆕 New Scripts
--- a/ct/reactive-resume.sh
+++ b/ct/reactive-resume.sh
@@ -48,7 +48,17 @@ function update_script() {
    export NODE_ENV="production"
    $STD pnpm install --frozen-lockfile
    $STD pnpm run build
    msg_info "Deploying Nitro Runtime Externals"
    $STD pnpm --filter=@reactive-resume/runtime-externals deploy --prod --legacy /tmp/rr-runtime
    cp -r /tmp/rr-runtime/node_modules/. /opt/reactive-resume/apps/web/node_modules/
    rm -rf /tmp/rr-runtime
    msg_ok "Deployed Nitro Runtime Externals"
    mv /opt/reactive-resume.env.bak /opt/reactive-resume/.env
    # Inject ENCRYPTION_SECRET if missing (required for AI providers since v5.1.4)
    if ! grep -q '^ENCRYPTION_SECRET=' /opt/reactive-resume/.env; then
      ENCRYPTION_SECRET=$(openssl rand -hex 32)
      echo "ENCRYPTION_SECRET=${ENCRYPTION_SECRET}" >> /opt/reactive-resume/.env
    fi
    msg_ok "Updated Reactive Resume"
    msg_info "Updating Service"
--- a/ct/sonarqube.sh
+++ b/ct/sonarqube.sh
@@ -39,11 +39,13 @@ function update_script() {
    msg_ok "Created Backup"
    msg_info "Updating SonarQube"
-    RELEASE=$(curl -fsSL "https://binaries.sonarsource.com/s3api?prefix=Distribution/sonarqube/sonarqube-&delimiter=/" |
+    temp_file=$(mktemp)
-      grep -oP 'sonarqube-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.zip' |
+    RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
-      sort -V | tail -n1)
+    curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
-    fetch_and_deploy_from_url "https://binaries.sonarsource.com/Distribution/sonarqube/${RELEASE}" /opt/sonarqube
+    unzip -q "$temp_file" -d /opt
-    echo "${RELEASE}" >~/.sonarqube
+    rm -f "$temp_file"
    mv /opt/sonarqube-${RELEASE} /opt/sonarqube
    echo "${RELEASE}" > ~/.sonarqube
    msg_ok "Updated SonarQube"
    msg_info "Restoring Backup"
--- a/install/espconnect-install.sh
+++ b/install/espconnect-install.sh
@@ -34,8 +34,8 @@ server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
-    ssl_certificate /etc/ssl/espconnect/espconnect.crt;
+    ssl_certificate /etc/ssl/certs/espconnect-selfsigned.crt;
-    ssl_certificate_key /etc/ssl/espconnect/espconnect.key;
+    ssl_certificate_key /etc/ssl/private/espconnect-selfsigned.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    root /opt/espconnect;
--- a/install/reactive-resume-install.sh
+++ b/install/reactive-resume-install.sh
@@ -34,11 +34,17 @@ export NODE_ENV="production"
 export CI="true"
 $STD pnpm install --frozen-lockfile
 $STD pnpm run build
 msg_info "Deploying Nitro Runtime Externals"
 $STD pnpm --filter=@reactive-resume/runtime-externals deploy --prod --legacy /tmp/rr-runtime
 cp -r /tmp/rr-runtime/node_modules/. /opt/reactive-resume/apps/web/node_modules/
 rm -rf /tmp/rr-runtime
 msg_ok "Deployed Nitro Runtime Externals"
 mkdir -p /opt/reactive-resume/data
 msg_ok "Built Reactive Resume"
 msg_info "Configuring Reactive Resume"
 AUTH_SECRET=$(openssl rand -hex 32)
 ENCRYPTION_SECRET=$(openssl rand -hex 32)
 cat <<EOF >/opt/reactive-resume/.env
 # Reactive Resume v5 Configuration
@@ -54,8 +60,8 @@ DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAM
 # Authentication Secret (do not change after initial setup)
 AUTH_SECRET=${AUTH_SECRET}
-# Printer (headless Chromium for PDF generation)
+# Encryption Secret (required for saved AI providers, do not change after initial setup)
-PRINTER_ENDPOINT=http://127.0.0.1:9222
+ENCRYPTION_SECRET=${ENCRYPTION_SECRET}
 # Storage: uses local filesystem (/opt/reactive-resume/data) when S3 is not configured
 # S3_ACCESS_KEY_ID=
@@ -78,6 +84,9 @@ PRINTER_ENDPOINT=http://127.0.0.1:9222
 # GOOGLE_CLIENT_ID=
 # GOOGLE_CLIENT_SECRET=
 # AI Agent (optional, required for the Agent workspace feature)
 # REDIS_URL=redis://localhost:6379
 # Feature Flags
 # FLAG_DISABLE_SIGNUPS=false
 # FLAG_DISABLE_EMAIL_AUTH=false
--- a/install/sonarqube-install.sh
+++ b/install/sonarqube-install.sh
@@ -17,10 +17,12 @@ PG_VERSION="17" setup_postgresql
 PG_DB_NAME="sonarqube" PG_DB_USER="sonarqube" setup_postgresql_db
 msg_info "Setting up SonarQube"
-RELEASE=$(curl -s "https://binaries.sonarsource.com/s3api?prefix=Distribution/sonarqube/sonarqube-&delimiter=/" |
+temp_file=$(mktemp)
-  grep -oP 'sonarqube-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.zip' |
+RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
-  sort -V | tail -n1)
+curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
-fetch_and_deploy_from_url "https://binaries.sonarsource.com/Distribution/sonarqube/${RELEASE}" /opt/sonarqube
+unzip -q "$temp_file" -d /opt
 rm -f "$temp_file"
 mv /opt/sonarqube-* /opt/sonarqube
 $STD useradd -r -m -U -d /opt/sonarqube -s /bin/bash sonarqube
 chown -R sonarqube:sonarqube /opt/sonarqube
 chmod -R 755 /opt/sonarqube
Author	SHA1	Message	Date
MickLesk	87c26b56bd	fix(reactive-resume): update for v5.1.4 compatibility - Replace obsolete PRINTER_ENDPOINT with ENCRYPTION_SECRET in .env (PDF generation moved client-side in v5.1.0; AI providers require ENCRYPTION_SECRET since v5.1.4) - Add commented REDIS_URL for the new AI Agent workspace (optional) - Inject ENCRYPTION_SECRET into existing installs on update if missing	2026-05-19 10:21:22 +02:00
MickLesk	81737f733f	fix(reactive-resume): use pnpm deploy instead of cp -rL for runtime externals cp -rL follows pnpm's circular symlink chains (sharp, @aws-sdk both have pkg/node_modules/pkg loops in the virtual store) causing infinite path recursion and 'File name too long' errors. Use pnpm deploy --legacy which is exactly what the upstream Dockerfile does: it creates a flat, real-file node_modules with no symlinks. cp -r (no -L) then copies it cleanly into apps/web/node_modules/.	2026-05-19 10:08:26 +02:00
MickLesk	6181e5aad4	fix(reactive-resume): drop @aws-sdk/client-s3 from cp -rL step @aws-sdk/client-s3 has a pathologically deep pnpm virtual store symlink tree; cp -rL follows the chain into thousands of nested client-s3 dirs causing 'File name too long' errors. S3 is an optional storage backend so skip it. bcrypt, sharp, linkedom and ioredis are unaffected.	2026-05-19 10:04:17 +02:00
MickLesk	0938891e77	fix(reactive-resume): copy runtime externals with cp -rL instead of symlinks pnpm symlink chains (our link -> packages/runtime-externals/node_modules/ -> pnpm virtual store) are not reliably followed by Node.js ESM resolution. The upstream Dockerfile uses pnpm deploy which produces real files. Replicate that by using cp -rL to dereference all symlinks and copy the actual package files into apps/web/node_modules/.	2026-05-19 09:58:36 +02:00
MickLesk	f52b055350	fix(reactive-resume): use shamefully-hoist to expose pnpm externals Replace the broken npm-install workaround with a simpler approach: write shamefully-hoist=true to .npmrc before pnpm install. This causes pnpm to hoist all packages to root node_modules/, including bcrypt, sharp, linkedom etc. (deps of @reactive-resume/runtime-externals), making them resolvable by the Nitro server at runtime. The upstream repo has no .npmrc, so git reset --hard leaves this file untouched on updates. The file is written before each pnpm install in both install and update scripts to ensure it is always in place.	2026-05-19 09:46:37 +02:00
MickLesk	5a322a4593	fix(reactive-resume): install Nitro runtime externals after build bcrypt, sharp, and linkedom are marked as Rolldown externals in apps/web/vite.config.ts and belong to the @reactive-resume/runtime-externals workspace package, but apps/web does not declare that package as a direct dependency. With pnpm strict node_modules, this means the packages are never symlinked into apps/web/node_modules/, causing ERR_MODULE_NOT_FOUND at runtime when the Nitro server tries to import them. Fix: after pnpm run build, use npm to install the three required packages directly into apps/web/node_modules/ without modifying package.json. Applies to both fresh install and update scripts.	2026-05-19 09:42:45 +02:00