0e14d2761a
All checks were successful
Build and Deploy / build-and-deploy (push) Successful in 4m37s
- Add /health endpoint (returns 200, skips auth middleware) - Healthcheck now hits /health instead of / (which 302s to OAuth) - Advisory lock in db.init_pool() prevents deadlock when 4 uvicorn workers race to run schema DDL - CI: --resolve-image always on docker stack deploy to force re-pull Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
97 lines
2.5 KiB
YAML
97 lines
2.5 KiB
YAML
version: "3.8"
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
POSTGRES_USER: artdag
|
|
POSTGRES_DB: artdag
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- internal
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U artdag"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
deploy:
|
|
placement:
|
|
constraints:
|
|
- node.labels.gpu != true
|
|
|
|
ipfs:
|
|
image: ipfs/kubo:latest
|
|
ports:
|
|
- "4002:4001" # Swarm TCP (4002 external, L1 uses 4001)
|
|
- "4002:4001/udp" # Swarm UDP
|
|
volumes:
|
|
- ipfs_data:/data/ipfs
|
|
networks:
|
|
- internal
|
|
- externalnet # For gateway access
|
|
deploy:
|
|
replicas: 1
|
|
restart_policy:
|
|
condition: on-failure
|
|
placement:
|
|
constraints:
|
|
- node.labels.gpu != true
|
|
|
|
l2-server:
|
|
image: registry.rose-ash.com:5000/l2-server:latest
|
|
env_file:
|
|
- .env
|
|
environment:
|
|
- ARTDAG_DATA=/data/l2
|
|
- IPFS_API=/dns/ipfs/tcp/5001
|
|
- ANCHOR_BACKUP_DIR=/data/anchors
|
|
# Coop app internal URLs for fragment composition
|
|
- INTERNAL_URL_BLOG=http://blog:8000
|
|
- INTERNAL_URL_CART=http://cart:8000
|
|
- INTERNAL_URL_ACCOUNT=http://account:8000
|
|
# OAuth SSO
|
|
- OAUTH_AUTHORIZE_URL=https://account.rose-ash.com/auth/oauth/authorize
|
|
- OAUTH_TOKEN_URL=https://account.rose-ash.com/auth/oauth/token
|
|
- OAUTH_CLIENT_ID=artdag_l2
|
|
- OAUTH_REDIRECT_URI=https://artdag.rose-ash.com/auth/callback
|
|
- OAUTH_LOGOUT_URL=https://account.rose-ash.com/auth/sso-logout/
|
|
# DATABASE_URL, ARTDAG_DOMAIN, ARTDAG_USER, JWT_SECRET, SECRET_KEY from .env file
|
|
healthcheck:
|
|
test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8200/health')"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 15s
|
|
volumes:
|
|
- l2_data:/data/l2 # Still needed for RSA keys
|
|
- anchor_backup:/data/anchors # Persistent anchor proofs (survives DB wipes)
|
|
networks:
|
|
- internal
|
|
- externalnet
|
|
depends_on:
|
|
- postgres
|
|
- ipfs
|
|
deploy:
|
|
replicas: 1
|
|
update_config:
|
|
order: start-first
|
|
restart_policy:
|
|
condition: on-failure
|
|
placement:
|
|
constraints:
|
|
- node.labels.gpu != true
|
|
|
|
volumes:
|
|
l2_data:
|
|
postgres_data:
|
|
ipfs_data:
|
|
anchor_backup: # Persistent - don't delete when resetting DB
|
|
|
|
networks:
|
|
internal:
|
|
externalnet:
|
|
external: true
|