Files
apparel-designer/docker-compose.yml
khalid@traclabs.com 9fe0828986 Fix ssh key issues
2026-05-24 09:07:09 -05:00

57 lines
1.9 KiB
YAML

services:
apparel-designer:
build:
context: .
dockerfile: Dockerfile
# Pass an SSH private key in as a build secret so npm can
# authenticate against git.kadil.dev for the `goods-editor`
# git+ssh: dependency. The secret is only available during
# the single RUN step that mounts it; nothing about the key
# ends up in the built image. See Dockerfile docblock for
# the full mechanism.
secrets:
- ssh_key
container_name: apparel-designer
ports: ["3001:3001"]
volumes:
- uploads_data:/app/uploads
- exports_data:/app/exports
environment:
- NODE_ENV=production
- PORT=3001
restart: unless-stopped
# Build-time secret declaration.
#
# Two ways to provide the key, pick whichever fits where you're
# building from:
#
# ── A. File-based (typical local dev / deployment server) ───────
# Set SSH_KEY_FILE in the environment before running compose:
#
# SSH_KEY_FILE=$HOME/.ssh/id_ed25519 docker compose build
#
# The `file:` source below reads from that path. The fallback
# `/dev/null` exists so `docker compose config` (validation /
# linting) doesn't error out when the env var isn't set — actual
# builds against /dev/null will fail with a clear "permission
# denied" rather than a cryptic compose error.
#
# ── B. Env-var-based (typical CI) ──────────────────────────────
# Comment out the `file:` line and uncomment `environment:` below.
# Provide the key contents in the SSH_PRIVATE_KEY env var:
#
# SSH_PRIVATE_KEY="$(cat ~/.ssh/id_ed25519)" docker compose build
#
# In GitHub Actions / GitLab CI / etc., set SSH_PRIVATE_KEY from
# the platform's secret store. The `environment:` source for build
# secrets requires Docker Compose v2.23+.
secrets:
ssh_key:
file: ${SSH_KEY_FILE:-/dev/null}
# environment: SSH_PRIVATE_KEY
volumes:
uploads_data:
exports_data: