Files
apparel-designer/docker-compose.yml
2026-05-24 09:18:06 -05:00

58 lines
2.2 KiB
YAML

services:
apparel-designer:
build:
context: .
dockerfile: Dockerfile
# Pass a base64-encoded SSH private key in as a build secret so
# npm can authenticate against git.kadil.dev for the `goods-editor`
# git+ssh: dependency. The Dockerfile decodes the base64 inside
# the build. See Dockerfile docblock for the full mechanism and
# the rationale for base64 over raw PEM.
#
# The secret is only available during the single RUN step that
# mounts it; nothing about the key ends up in the built image.
secrets:
- ssh_key
container_name: apparel-designer
ports: ["3001:3001"]
volumes:
- uploads_data:/app/uploads
- exports_data:/app/exports
environment:
- NODE_ENV=production
- PORT=3001
restart: unless-stopped
# Build-time secret declaration.
#
# The Dockerfile expects a BASE64-ENCODED private key (not the raw
# PEM). See the Dockerfile docblock for the encoding command. Two
# ways to provide it, pick whichever fits where you're building from:
#
# ── A. File-based (typical local dev) ──────────────────────────────
# Encode the key to a temp file once, then point SSH_KEY_FILE at it:
#
# base64 < ~/.ssh/goods-editor-deploy | tr -d '\n' > ~/.ssh/goods-editor-deploy.b64
# SSH_KEY_FILE=$HOME/.ssh/goods-editor-deploy.b64 docker compose build
#
# The fallback `/dev/null` keeps `docker compose config` from erroring
# when SSH_KEY_FILE isn't set; actual builds against /dev/null fail
# with a clear base64-decode error rather than a cryptic compose error.
#
# ── B. Env-var-based (CI) ──────────────────────────────────────────
# Comment out the `file:` line and uncomment `environment:` below.
# Provide the base64-encoded key in SSH_KEY_B64:
#
# SSH_KEY_B64="$(base64 < ~/.ssh/goods-editor-deploy | tr -d '\n')" \
# docker compose build
#
# Requires Docker Compose v2.23+ for the `environment:` secret source.
secrets:
ssh_key:
file: ${SSH_KEY_FILE:-/dev/null}
# environment: SSH_KEY_B64
volumes:
uploads_data:
exports_data: