pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
cannamanage/docker-compose.yml
T
Patrick Plate ade9673f02
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details
fix: harden CI security gates, parallelize builds, externalize secrets 
- Make OWASP, Gitleaks, pnpm audit blocking (remove || true fallbacks)
- Add Maven -T 1C for parallel reactor threads
- Fix parallel Docker build race condition (PID tracking + set -euo pipefail)
- Externalize JWT/NextAuth secrets via env vars with dev-only defaults
- Add .env.example with generation instructions
- Add CI/CD infrastructure review document
2026-06-19 16:04:09 +02:00

63 lines
1.9 KiB
YAML
Raw Permalink Blame History

services:
db:
image: postgres:16-alpine
container_name: cannamanage-db
environment:
POSTGRES_DB: cannamanage
POSTGRES_USER: cannamanage
POSTGRES_PASSWORD: cannamanage_dev
ports:
- "5432:5432"
volumes:
- pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U cannamanage"]
interval: 5s
timeout: 3s
retries: 5
backend:
build:
context: .
dockerfile: Dockerfile.backend
container_name: cannamanage-backend
ports:
- "8080:8080"
environment:
SPRING_PROFILES_ACTIVE: docker
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/cannamanage
SPRING_DATASOURCE_USERNAME: cannamanage
SPRING_DATASOURCE_PASSWORD: ${DB_PASSWORD:-cannamanage_dev}
# JwtService base64-decodes this secret (Decoders.BASE64.decode) before using it as the
# HMAC-SHA key. It MUST be valid base64 — a plaintext string with hyphens throws
# "Illegal base64 character: '-'" at token-signing time (HTTP 500 after a successful login).
CANNAMANAGE_SECURITY_JWT_SECRET: ${JWT_SECRET:-dGhpcy1pcy1hLWRldi1vbmx5LXNlY3JldC1kby1ub3QtdXNlLWluLXByb2R1Y3Rpb24=}
depends_on:
db:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "--spider", "-q", "http://localhost:8080/actuator/health"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
frontend:
build:
context: ./cannamanage-frontend
dockerfile: Dockerfile
container_name: cannamanage-frontend
ports:
- "3000:3000"
environment:
NEXTAUTH_URL: http://localhost:3000
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:-dev-only-nextauth-secret-do-not-use-in-production-min32}
BACKEND_URL: http://backend:8080
AUTH_URL: http://localhost:3000
depends_on:
backend:
condition: service_healthy
volumes:
pgdata:
Reference in New Issue View Git Blame Copy Permalink