284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
358 lines
12 KiB
YAML
358 lines
12 KiB
YAML
services:
|
|
server:
|
|
extends:
|
|
file: ./server/docker-compose.yaml
|
|
service: server
|
|
container_name: ${APP_NAME:-sebastian}_server_ce
|
|
# Build the CE server image from the current worktree (no GHCR dependency).
|
|
# This image is also reused by the `setup` one-shot container.
|
|
image: ${APP_NAME:-sebastian}_server_ce_local
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.build
|
|
args:
|
|
NEXT_BUILD_MAX_OLD_SPACE_SIZE: ${NEXT_BUILD_MAX_OLD_SPACE_SIZE:-12288}
|
|
environment:
|
|
EDITION: community
|
|
DB_NAME: server
|
|
PGBOSS_DATABASE: server
|
|
DB_NAME_SERVER: server
|
|
DB_NAME_HOCUSPOCUS: ${DB_NAME_HOCUSPOCUS:-hocuspocus}
|
|
DB_USER_SERVER: app_user
|
|
DB_USER_ADMIN: ${DB_USER_ADMIN:-postgres}
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
VERIFY_EMAIL_ENABLED: ${VERIFY_EMAIL_ENABLED:-false}
|
|
REDIS_HOST: ${REDIS_HOST:-redis}
|
|
REDIS_PORT: ${REDIS_PORT:-6379}
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: ${PGBOUNCER_HOST:-pgbouncer}
|
|
DB_PORT: ${PGBOUNCER_PORT:-6432}
|
|
REQUIRE_HOCUSPOCUS: ${REQUIRE_HOCUSPOCUS:-false}
|
|
COLLAB_PERSIST_API_KEY: ${COLLAB_PERSIST_API_KEY:-alga-collab-persist-dev}
|
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
|
LOG_IS_FORMAT_JSON: ${LOG_IS_FORMAT_JSON:-false}
|
|
LOG_IS_FULL_DETAILS: ${LOG_IS_FULL_DETAILS:-false}
|
|
EMAIL_ENABLE: ${EMAIL_ENABLE:-false}
|
|
EMAIL_FROM: ${EMAIL_FROM:-noreply@example.com}
|
|
EMAIL_PORT: ${EMAIL_PORT:-587}
|
|
EMAIL_USERNAME: ${EMAIL_USERNAME:-noreply@example.com}
|
|
NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3000}
|
|
NEXTAUTH_SESSION_EXPIRES: ${NEXTAUTH_SESSION_EXPIRES:-86400}
|
|
# Secret provider configuration (CE edition)
|
|
SECRET_READ_CHAIN: ${SECRET_READ_CHAIN:-env,filesystem}
|
|
SECRET_WRITE_PROVIDER: ${SECRET_WRITE_PROVIDER:-filesystem}
|
|
# Workflow configuration
|
|
WORKFLOW_DISTRIBUTED_MODE: "true"
|
|
WORKFLOW_REDIS_STREAM_PREFIX: "workflow:events:"
|
|
WORKFLOW_REDIS_CONSUMER_GROUP: "workflow-workers"
|
|
IMAP_WEBHOOK_SECRET: ${IMAP_WEBHOOK_SECRET:-}
|
|
volumes:
|
|
- type: bind
|
|
source: ./secrets/db_password_server
|
|
target: /run/secrets/db_password_server
|
|
read_only: true
|
|
entrypoint: ["/bin/sh", "-c", "export DATABASE_URL=postgresql://app_user:$$(cat /run/secrets/db_password_server)@${PGBOUNCER_HOST:-pgbouncer}:${PGBOUNCER_PORT:-6432}/server && /app/entrypoint.sh"]
|
|
secrets:
|
|
- postgres_password
|
|
- db_password_server
|
|
- db_password_hocuspocus
|
|
- redis_password
|
|
- email_password
|
|
- crypto_key
|
|
- token_secret_key
|
|
- nextauth_secret
|
|
- google_oauth_client_id
|
|
- google_oauth_client_secret
|
|
- alga_auth_key
|
|
networks:
|
|
- app-network
|
|
depends_on:
|
|
postgres:
|
|
condition: service_started
|
|
pgbouncer:
|
|
condition: service_started
|
|
redis:
|
|
condition: service_started
|
|
hocuspocus:
|
|
condition: service_started
|
|
setup:
|
|
condition: service_completed_successfully
|
|
|
|
setup:
|
|
# One-shot DB bootstrap (create DB/users, run migrations/seeds).
|
|
# Use the locally-built CE server image so this works without GHCR access.
|
|
image: ${APP_NAME:-sebastian}_server_ce_local
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile.build
|
|
args:
|
|
NEXT_BUILD_MAX_OLD_SPACE_SIZE: ${NEXT_BUILD_MAX_OLD_SPACE_SIZE:-12288}
|
|
environment:
|
|
EDITION: community
|
|
NODE_OPTIONS: --experimental-vm-modules
|
|
DB_NAME_SERVER: server
|
|
DB_NAME_HOCUSPOCUS: ${DB_NAME_HOCUSPOCUS:-hocuspocus}
|
|
DB_USER_SERVER: app_user
|
|
DB_USER_HOCUSPOCUS: ${DB_USER_HOCUSPOCUS:-hocuspocus_user}
|
|
DB_USER_ADMIN: ${DB_USER_ADMIN:-postgres}
|
|
PGBOSS_DATABASE: server
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: ${DB_HOST_ADMIN:-postgres}
|
|
DB_PORT: ${DB_PORT_ADMIN:-5432}
|
|
# Ensure admin operations talk directly to Postgres even if app traffic points to PgBouncer
|
|
DB_HOST_ADMIN: ${DB_HOST_ADMIN:-postgres}
|
|
DB_PORT_ADMIN: ${DB_PORT_ADMIN:-5432}
|
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
|
LOG_IS_FORMAT_JSON: ${LOG_IS_FORMAT_JSON:-false}
|
|
LOG_IS_FULL_DETAILS: ${LOG_IS_FULL_DETAILS:-false}
|
|
EMAIL_ENABLE: ${EMAIL_ENABLE:-false}
|
|
EMAIL_FROM: ${EMAIL_FROM:-noreply@example.com}
|
|
EMAIL_PORT: ${EMAIL_PORT:-587}
|
|
EMAIL_USERNAME: ${EMAIL_USERNAME:-noreply@example.com}
|
|
NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3000}
|
|
NEXTAUTH_SESSION_EXPIRES: ${NEXTAUTH_SESSION_EXPIRES:-86400}
|
|
# Secret provider configuration for setup (CE edition)
|
|
SECRET_READ_CHAIN: ${SECRET_READ_CHAIN:-env,filesystem}
|
|
SECRET_WRITE_PROVIDER: ${SECRET_WRITE_PROVIDER:-filesystem}
|
|
volumes:
|
|
- type: bind
|
|
source: ./setup/config.ini
|
|
target: /app/setup/config.ini
|
|
read_only: true
|
|
- type: bind
|
|
source: ./setup/entrypoint.sh
|
|
target: /app/setup/entrypoint.sh
|
|
read_only: true
|
|
- type: bind
|
|
source: ./secrets/postgres_password
|
|
target: /run/secrets/postgres_password
|
|
read_only: true
|
|
- type: bind
|
|
source: ./secrets/db_password_server
|
|
target: /run/secrets/db_password_server
|
|
read_only: true
|
|
secrets:
|
|
- postgres_password
|
|
- db_password_server
|
|
- db_password_hocuspocus
|
|
networks:
|
|
- app-network
|
|
depends_on:
|
|
postgres:
|
|
condition: service_started
|
|
pgbouncer: # Added dependency on pgbouncer
|
|
condition: service_started
|
|
entrypoint: ["/app/setup/entrypoint.sh"]
|
|
|
|
workflow-worker:
|
|
# Remove extends to use a custom build
|
|
# extends:
|
|
# file: ./server/docker-compose.yaml
|
|
# service: server
|
|
# Remove container_name to allow multiple instances
|
|
# container_name: ${APP_NAME:-sebastian}_workflow_worker_ce
|
|
build:
|
|
context: .
|
|
dockerfile: services/workflow-worker/Dockerfile
|
|
environment:
|
|
EDITION: community
|
|
DB_NAME: server
|
|
PGBOSS_DATABASE: server
|
|
DB_NAME_SERVER: server
|
|
DB_USER_SERVER: app_user
|
|
DB_USER_ADMIN: ${DB_USER_ADMIN:-postgres}
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
REDIS_HOST: ${REDIS_HOST:-redis}
|
|
REDIS_PORT: ${REDIS_PORT:-6379}
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: ${PGBOUNCER_HOST:-pgbouncer}
|
|
DB_PORT: ${PGBOUNCER_PORT:-6432}
|
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
|
LOG_IS_FORMAT_JSON: ${LOG_IS_FORMAT_JSON:-false}
|
|
LOG_IS_FULL_DETAILS: ${LOG_IS_FULL_DETAILS:-false}
|
|
# Secret provider configuration for workflow-worker (CE edition)
|
|
SECRET_READ_CHAIN: ${SECRET_READ_CHAIN:-env,filesystem}
|
|
SECRET_WRITE_PROVIDER: ${SECRET_WRITE_PROVIDER:-filesystem}
|
|
# Workflow-specific configuration
|
|
# Run v2 runtime by default (legacy can be re-enabled via WORKFLOW_WORKER_MODE=all|legacy)
|
|
WORKFLOW_WORKER_MODE: ${WORKFLOW_WORKER_MODE:-v2}
|
|
WORKFLOW_DISTRIBUTED_MODE: "true"
|
|
WORKFLOW_REDIS_STREAM_PREFIX: "workflow:events:"
|
|
WORKFLOW_REDIS_CONSUMER_GROUP: "workflow-workers"
|
|
WORKFLOW_REDIS_BATCH_SIZE: "10"
|
|
WORKFLOW_REDIS_IDLE_TIMEOUT_MS: "60000"
|
|
ports:
|
|
# Expose a random port for health checks/monitoring
|
|
- "3000"
|
|
volumes:
|
|
- type: bind
|
|
source: ./secrets/db_password_server
|
|
target: /run/secrets/db_password_server
|
|
read_only: true
|
|
- type: bind
|
|
source: ./services/workflow-worker/entrypoint.sh
|
|
target: /app/entrypoint.sh
|
|
read_only: true
|
|
entrypoint: ["/app/entrypoint.sh"]
|
|
secrets:
|
|
- postgres_password
|
|
- db_password_server
|
|
- redis_password
|
|
- crypto_key
|
|
- token_secret_key
|
|
- nextauth_secret
|
|
networks:
|
|
- app-network
|
|
depends_on:
|
|
postgres:
|
|
condition: service_started
|
|
pgbouncer:
|
|
condition: service_started
|
|
redis:
|
|
condition: service_started
|
|
server:
|
|
condition: service_started
|
|
# Enable scaling of worker instances
|
|
deploy:
|
|
replicas: ${WORKFLOW_WORKER_REPLICAS:-1}
|
|
|
|
email-service:
|
|
build:
|
|
context: .
|
|
dockerfile: services/email-service/Dockerfile
|
|
environment:
|
|
EDITION: community
|
|
DB_NAME: server
|
|
DB_NAME_SERVER: server
|
|
DB_USER_SERVER: app_user
|
|
DB_USER_ADMIN: ${DB_USER_ADMIN:-postgres}
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
REDIS_HOST: ${REDIS_HOST:-redis}
|
|
REDIS_PORT: ${REDIS_PORT:-6379}
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: ${PGBOUNCER_HOST:-pgbouncer}
|
|
DB_PORT: ${PGBOUNCER_PORT:-6432}
|
|
LOG_LEVEL: ${LOG_LEVEL:-INFO}
|
|
LOG_IS_FORMAT_JSON: ${LOG_IS_FORMAT_JSON:-false}
|
|
LOG_IS_FULL_DETAILS: ${LOG_IS_FULL_DETAILS:-false}
|
|
SECRET_READ_CHAIN: ${SECRET_READ_CHAIN:-env,filesystem}
|
|
SECRET_WRITE_PROVIDER: ${SECRET_WRITE_PROVIDER:-filesystem}
|
|
IMAP_PROVIDER_REFRESH_MS: ${IMAP_PROVIDER_REFRESH_MS:-60000}
|
|
IMAP_POLL_INTERVAL_MS: ${IMAP_POLL_INTERVAL_MS:-30000}
|
|
IMAP_LEASE_TTL_MS: ${IMAP_LEASE_TTL_MS:-120000}
|
|
IMAP_MAX_CONNECTIONS_PER_TENANT: ${IMAP_MAX_CONNECTIONS_PER_TENANT:-5}
|
|
IMAP_MAX_ATTACHMENT_BYTES: ${IMAP_MAX_ATTACHMENT_BYTES:-0}
|
|
IMAP_FETCH_DELAY_MS: ${IMAP_FETCH_DELAY_MS:-0}
|
|
IMAP_EVENT_CHANNEL_BY_TENANT: ${IMAP_EVENT_CHANNEL_BY_TENANT:-false}
|
|
IMAP_OAUTH_AUTH_MECHANISM: ${IMAP_OAUTH_AUTH_MECHANISM:-XOAUTH2}
|
|
IMAP_WEBHOOK_URL: ${IMAP_WEBHOOK_URL:-http://server:3000/api/email/webhooks/imap}
|
|
IMAP_WEBHOOK_TIMEOUT_MS: ${IMAP_WEBHOOK_TIMEOUT_MS:-10000}
|
|
IMAP_WEBHOOK_MAX_ATTEMPTS: ${IMAP_WEBHOOK_MAX_ATTEMPTS:-3}
|
|
IMAP_WEBHOOK_SECRET: ${IMAP_WEBHOOK_SECRET:-}
|
|
volumes:
|
|
- type: bind
|
|
source: ./secrets/db_password_server
|
|
target: /run/secrets/db_password_server
|
|
read_only: true
|
|
- type: bind
|
|
source: ./services/email-service/entrypoint.sh
|
|
target: /app/entrypoint.sh
|
|
read_only: true
|
|
entrypoint: ["/app/entrypoint.sh"]
|
|
secrets:
|
|
- postgres_password
|
|
- db_password_server
|
|
- redis_password
|
|
- crypto_key
|
|
- token_secret_key
|
|
- nextauth_secret
|
|
networks:
|
|
- app-network
|
|
depends_on:
|
|
postgres:
|
|
condition: service_started
|
|
pgbouncer:
|
|
condition: service_started
|
|
redis:
|
|
condition: service_started
|
|
server:
|
|
condition: service_started
|
|
|
|
hocuspocus:
|
|
extends:
|
|
file: ./hocuspocus/docker-compose.yaml
|
|
service: hocuspocus
|
|
container_name: ${APP_NAME:-sebastian}_hocuspocus_ce
|
|
build:
|
|
context: .
|
|
dockerfile: hocuspocus/Dockerfile
|
|
environment:
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
REDIS_HOST: redis
|
|
REDIS_PORT: 6379
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: postgres
|
|
DB_PORT: 5432
|
|
DB_NAME_HOCUSPOCUS: ${DB_NAME_HOCUSPOCUS:-hocuspocus}
|
|
DB_USER_HOCUSPOCUS: ${DB_USER_HOCUSPOCUS:-hocuspocus_user}
|
|
AI_DOCUMENT_API_URL: ${AI_DOCUMENT_API_URL:-http://host.docker.internal:3000/api/v1/ai/document-assist}
|
|
AI_DOCUMENT_API_KEY: ${AI_DOCUMENT_API_KEY:-}
|
|
COLLAB_PERSIST_API_URL: ${COLLAB_PERSIST_API_URL:-http://host.docker.internal:3000/api/internal/collab/persist}
|
|
COLLAB_PERSIST_API_KEY: ${COLLAB_PERSIST_API_KEY:-alga-collab-persist-dev}
|
|
secrets:
|
|
- postgres_password
|
|
- db_password_hocuspocus
|
|
- redis_password
|
|
networks:
|
|
- app-network
|
|
depends_on:
|
|
redis:
|
|
condition: service_started
|
|
|
|
postgres:
|
|
extends:
|
|
file: docker-compose.base.yaml
|
|
service: postgres # Updated from postgres-base
|
|
environment:
|
|
POSTGRES_DB: server
|
|
VERSION: ${VERSION}
|
|
APP_NAME: ${APP_NAME}
|
|
APP_ENV: ${APP_ENV:-development}
|
|
NODE_ENV: ${APP_ENV:-development}
|
|
HOST: ${HOST}
|
|
DB_TYPE: ${DB_TYPE:-postgres}
|
|
DB_HOST: postgres
|
|
DB_PORT: ${DB_PORT:-5432}
|
|
secrets:
|
|
- postgres_password
|
|
|
|
redis:
|
|
extends:
|
|
file: docker-compose.base.yaml
|
|
service: redis # Updated from redis-base
|
|
|
|
networks:
|
|
app-network:
|
|
driver: bridge
|