-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathdocker-compose.dev.yml
More file actions
108 lines (102 loc) · 4.57 KB
/
Copy pathdocker-compose.dev.yml
File metadata and controls
108 lines (102 loc) · 4.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# ──────────────────────────────────────────────────────────────────────────────
# Steward — Development Override
#
# ⚠️ DEV-ONLY — NEVER RUN ON A PUBLIC HOST. ⚠️
# This file ships throwaway default secrets (STEWARD_MASTER_PASSWORD,
# STEWARD_SESSION_SECRET, platform/tenant keys) purely for local convenience.
# Published ports are bound to 127.0.0.1 so the dev stack is not reachable from
# the network, but the defaults here are not safe for any shared or internet-
# facing machine. Use docker-compose.yml (which requires real secrets) for
# production.
#
# Layered on top of docker-compose.yml for local development:
# - Live source mounts (hot reload via bun --hot)
# - PGLite in-process DB (no Postgres container needed)
# - Redis removed (in-memory fallback)
# - Debug ports exposed (loopback only)
# - Verbose logging
#
# Usage:
# docker compose -f docker-compose.yml -f docker-compose.dev.yml up
#
# Or add a shell alias:
# alias dcd="docker compose -f docker-compose.yml -f docker-compose.dev.yml"
# ──────────────────────────────────────────────────────────────────────────────
services:
steward-api:
build:
context: .
dockerfile: Dockerfile
target: deps # Stop at deps stage — runtime is the mounted src
# Run with --hot for live reload when source files change
command: ["bun", "--hot", "packages/api/src/index.ts"]
environment:
NODE_ENV: "development"
PORT: "3200"
STEWARD_BIND_HOST: "0.0.0.0"
# PGLite: skip external postgres entirely
STEWARD_DB_MODE: "pglite"
STEWARD_PGLITE_PATH: "/app/.pglite"
# Unset DATABASE_URL so the API uses PGLite
DATABASE_URL: ""
# Redis is removed in dev; API falls back to in-memory stores
REDIS_URL: ""
STEWARD_MASTER_PASSWORD: "${STEWARD_MASTER_PASSWORD:-dev_master_password_not_for_prod}"
STEWARD_SESSION_SECRET: "${STEWARD_SESSION_SECRET:-dev_session_secret}"
STEWARD_PLATFORM_KEYS: "${STEWARD_PLATFORM_KEYS:-dev_platform_key}"
STEWARD_DEFAULT_TENANT_KEY: "${STEWARD_DEFAULT_TENANT_KEY:-dev_tenant_key}"
AGENT_TOKEN_EXPIRY: "7d"
RPC_URL: "${RPC_URL:-https://sepolia.base.org}"
CHAIN_ID: "${CHAIN_ID:-84532}"
volumes:
# Mount entire monorepo source (live edits, no rebuild needed)
- ./packages:/app/packages
# Persist PGLite data across restarts
- pglite-data:/app/.pglite
ports:
# Bound to loopback only — dev stack must not be exposed to the network.
# API
- "127.0.0.1:3200:3200"
# Node/Bun inspector (attach with chrome://inspect or VS Code)
- "127.0.0.1:9229:9229"
healthcheck:
# Relaxed for dev: /health only (PGLite doesn't do full /ready checks)
test: ["CMD", "bun", "-e", "const r=await fetch('http://127.0.0.1:3200/health');process.exit(r.ok?0:1)"]
interval: 15s
timeout: 5s
start_period: 20s
retries: 5
# Remove postgres/redis dependencies in dev
depends_on: {}
steward-proxy:
command: ["bun", "--hot", "packages/proxy/src/index.ts"]
environment:
NODE_ENV: "development"
STEWARD_PROXY_PORT: "8080"
# Proxy also uses PGLite in dev
STEWARD_DB_MODE: "pglite"
STEWARD_PGLITE_PATH: "/app/.pglite"
DATABASE_URL: ""
REDIS_URL: ""
STEWARD_MASTER_PASSWORD: "${STEWARD_MASTER_PASSWORD:-dev_master_password_not_for_prod}"
STEWARD_SESSION_SECRET: "${STEWARD_SESSION_SECRET:-dev_session_secret}"
volumes:
- ./packages:/app/packages
- pglite-data:/app/.pglite
ports:
# Bound to loopback only — dev stack must not be exposed to the network.
- "127.0.0.1:8080:8080"
depends_on:
steward-api:
condition: service_healthy
# Disable Postgres and Redis in dev (API uses in-process PGLite + in-memory stores).
# NOTE: the throwaway STEWARD_MASTER_PASSWORD default above is intentional for local
# dev only and is never reached in the production compose, which requires real secrets.
postgres:
profiles: ["disabled"]
redis:
profiles: ["disabled"]
# ── Dev volumes ───────────────────────────────────────────────────────────────
volumes:
pglite-data:
driver: local