From fd335b5c471b76b8cad3d4e82b80ad80e3edae2f Mon Sep 17 00:00:00 2001
From: svemagie <869694+svemagie@users.noreply.github.com>
Date: Sun, 8 Mar 2026 02:17:35 +0100
Subject: [PATCH] fix(deploy): build sharp from source on FreeBSD

---
 .github/workflows/deploy.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 144d48ad..9b9c5362 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -36,9 +36,17 @@ jobs:
             set -eu
             restart_log=/tmp/indiekit-restart.log
 
+            # Ensure native sharp build prerequisites are present in the jail.
+            sudo bastille cmd node sh -lc 'env ASSUME_ALWAYS_YES=yes pkg update -f >/dev/null'
+            sudo bastille cmd node sh -lc 'env ASSUME_ALWAYS_YES=yes pkg install -y vips pkgconf python3 gmake'
+
             # Update code and dependencies as indiekit user inside the jail.
             sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && git pull origin main && npm ci && install -m 755 start.example.sh start.sh"'
 
+            # Build sharp against jail libraries and verify runtime load.
+            sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && npm rebuild sharp --build-from-source"'
+            sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && node -e \"require(\\\"sharp\\\"); console.log(\\\"sharp runtime OK\\\")\""'
+
             # Ensure env file exists and contains auth secrets required by start.sh.
             sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && test -f .env"'
             sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && if ! (grep -Eq \"^SECRET=.*\" .env && grep -Eq \"^PASSWORD_SECRET=.*\" .env); then echo \"Missing SECRET or PASSWORD_SECRET in /usr/local/indiekit/.env\"; exit 1; fi"'