57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
services:
|
|
apparel-designer:
|
|
build:
|
|
context: .
|
|
dockerfile: Dockerfile
|
|
# Pass an SSH private key in as a build secret so npm can
|
|
# authenticate against git.kadil.dev for the `goods-editor`
|
|
# git+ssh: dependency. The secret is only available during
|
|
# the single RUN step that mounts it; nothing about the key
|
|
# ends up in the built image. See Dockerfile docblock for
|
|
# the full mechanism.
|
|
secrets:
|
|
- ssh_key
|
|
container_name: apparel-designer
|
|
ports: ["3001:3001"]
|
|
volumes:
|
|
- uploads_data:/app/uploads
|
|
- exports_data:/app/exports
|
|
environment:
|
|
- NODE_ENV=production
|
|
- PORT=3001
|
|
restart: unless-stopped
|
|
|
|
# Build-time secret declaration.
|
|
#
|
|
# Two ways to provide the key, pick whichever fits where you're
|
|
# building from:
|
|
#
|
|
# ── A. File-based (typical local dev / deployment server) ───────
|
|
# Set SSH_KEY_FILE in the environment before running compose:
|
|
#
|
|
# SSH_KEY_FILE=$HOME/.ssh/id_ed25519 docker compose build
|
|
#
|
|
# The `file:` source below reads from that path. The fallback
|
|
# `/dev/null` exists so `docker compose config` (validation /
|
|
# linting) doesn't error out when the env var isn't set — actual
|
|
# builds against /dev/null will fail with a clear "permission
|
|
# denied" rather than a cryptic compose error.
|
|
#
|
|
# ── B. Env-var-based (typical CI) ──────────────────────────────
|
|
# Comment out the `file:` line and uncomment `environment:` below.
|
|
# Provide the key contents in the SSH_PRIVATE_KEY env var:
|
|
#
|
|
# SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" docker compose build
|
|
#
|
|
# In GitHub Actions / GitLab CI / etc., set SSH_PRIVATE_KEY from
|
|
# the platform's secret store. The `environment:` source for build
|
|
# secrets requires Docker Compose v2.23+.
|
|
secrets:
|
|
ssh_key:
|
|
file: ${SSH_KEY_FILE:-/dev/null}
|
|
# environment: SSH_PRIVATE_KEY
|
|
|
|
volumes:
|
|
uploads_data:
|
|
exports_data:
|