docker production files test

Author: dabblingwithcode

school_data_hub_server/Dockerfile.prod

@@ -0,0 +1,39 @@
+FROM dart:stable AS build
+
+# Accept the GITHUB_PAT and GITHUB_USER as an argument
+ARG GITHUB_PAT
+ARG GITHUB_USER
+
+WORKDIR /app
+COPY . .
+
+# Conditionally configure Git to use the provided GitHub token
+RUN if [ -n "$GITHUB_PAT" ] && [ -n "$GITHUB_USER" ]; then \
+    echo "Configuring Git to use provided GitHub token..."; \
+    # Add GitHub's public SSH key to known_hosts for security
+    mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts; \
+    git config --global credential.helper 'store'; \
+    echo "url=https://github.com/.insteadOf git://github.com/" >> ~/.gitconfig; \
+    echo "https://$GITHUB_USER:$GITHUB_PAT@github.com" > ~/.git-credentials; \
+    else \
+    echo "No GitHub token provided. Skipping Git configuration..."; \
+    fi
+
+RUN dart pub get
+RUN dart compile exe bin/main.dart -o bin/server
+
+FROM alpine:latest
+
+# Correcting the source directory for runtime dependencies
+COPY --from=build /runtime/ /
+COPY --from=build /app/bin/server server
+COPY --from=build /app/config/ config/
+COPY --from=build /app/web/ web/
+COPY --from=build /app/migrations/ migrations/
+
+EXPOSE 8080
+EXPOSE 8081
+EXPOSE 8082
+
+ENTRYPOINT ["/server"]
+CMD ["--mode", "production", "--server-id", "default", "--logging", "normal", "--role", "monolith"]

school_data_hub_server/docker-compose.production.yaml

@@ -0,0 +1,116 @@
+services:
+  traefik:
+    restart: on-failure
+    image: traefik:v3.0
+    command:
+      - "--api.insecure=true"
+      - "--providers.docker=true"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
+      - "--certificatesresolvers.myresolver.acme.email=nacho.dominguis@proton.me"
+      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "./letsencrypt:/letsencrypt"
+    depends_on:
+      - postgres
+      - serverpod
+    networks:
+      - serverpod-network
+
+  postgres:
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+    restart: on-failure
+    image: postgres:latest
+    labels:
+      - "traefik.enable=false" # We typically don't expose databases via HTTP.
+    ports:
+      # Bind the Postgres port to localhost only so it isn't exposed externally,
+      # while still allowing connections from the host machine.
+      - "127.0.0.1:5432:5432"
+    environment:
+      - POSTGRES_USER
+      - POSTGRES_DB
+      - POSTGRES_PASSWORD
+    volumes:
+      - school_data_hub_data:/var/lib/postgresql/data
+    networks:
+      - serverpod-network
+
+  serverpod:
+    restart: on-failure
+    image: ghcr.io/${GHCR_ORG}/school_data_hub_server:latest
+    environment:
+      - SERVERPOD_DATABASE_PASSWORD
+      - SERVERPOD_DATABASE_HOST
+      - SERVERPOD_DATABASE_NAME
+      - SERVERPOD_DATABASE_USER
+      - SERVERPOD_DATABASE_PORT
+      - SERVERPOD_DATABASE_REQUIRE_SSL
+      - SERVERPOD_DATABASE_IS_UNIX_SOCKET
+      - SERVERPOD_API_SERVER_PUBLIC_HOST
+      - SERVERPOD_API_SERVER_PUBLIC_PORT
+      - SERVERPOD_API_SERVER_PUBLIC_SCHEME
+      - SERVERPOD_API_SERVER_PORT
+      - SERVERPOD_INSIGHTS_SERVER_PUBLIC_HOST
+      - SERVERPOD_INSIGHTS_SERVER_PUBLIC_PORT
+      - SERVERPOD_INSIGHTS_SERVER_PUBLIC_SCHEME
+      - SERVERPOD_INSIGHTS_SERVER_PORT
+      - SERVERPOD_WEB_SERVER_PUBLIC_HOST
+      - SERVERPOD_WEB_SERVER_PUBLIC_PORT
+      - SERVERPOD_WEB_SERVER_PUBLIC_SCHEME
+      - SERVERPOD_WEB_SERVER_PORT
+      - SERVERPOD_SERVICE_SECRET
+      - SERVERPOD_MAX_REQUEST_SIZE
+    command:
+      [
+        "--mode",
+        "production",
+        "--server-id",
+        "default",
+        "--logging",
+        "normal",
+        "--role",
+        "monolith",
+        "--apply-migrations",
+      ]
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.api.rule=Host(`${SERVERPOD_API_SERVER_PUBLIC_HOST}`)"
+      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.service=api-service"
+      - "traefik.http.routers.api.tls.certresolver=myresolver"
+      - "traefik.http.services.api-service.loadbalancer.server.port=${SERVERPOD_API_SERVER_PORT}"
+
+      - "traefik.http.routers.insights.rule=Host(`${SERVERPOD_INSIGHTS_SERVER_PUBLIC_HOST}`)"
+      - "traefik.http.routers.insights.entrypoints=websecure"
+      - "traefik.http.routers.insights.service=insights-service"
+      - "traefik.http.routers.insights.tls.certresolver=myresolver"
+      - "traefik.http.services.insights-service.loadbalancer.server.port=${SERVERPOD_INSIGHTS_SERVER_PORT}"
+
+      - "traefik.http.routers.web.rule=Host(`${SERVERPOD_WEB_SERVER_PUBLIC_HOST}`)"
+      - "traefik.http.routers.web.entrypoints=websecure"
+      - "traefik.http.routers.web.service=web-service"
+      - "traefik.http.routers.web.tls.certresolver=myresolver"
+      - "traefik.http.services.web-service.loadbalancer.server.port=${SERVERPOD_WEB_SERVER_PORT}"
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - serverpod-network
+
+networks:
+  serverpod-network:
+    name: serverpod-network
+    driver: bridge
+
+volumes:
+  school_data_hub_data: