SpokeToWork/docker-compose.yml at main · TortoiseWolfe/SpokeToWork · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
# IMPORTANT: For A/B testing with multiple instances, set COMPOSE_PROJECT_NAME:
# COMPOSE_PROJECT_NAME=instance-a docker compose --profile supabase up -d
# COMPOSE_PROJECT_NAME=instance-b docker compose --profile supabase up -d
#
# All host ports are dynamically assigned by default (0 = OS-assigned).
# Discover dynamically assigned ports:
# docker compose port spoketowork 3000     # Dev server
# docker compose port spoketowork 6006     # Storybook
# docker compose port spoketowork 24678    # HMR websocket
# docker compose port supabase-kong 8000   # Supabase API
# docker compose port supabase-db 5432     # Supabase Database
# docker compose port supabase-studio 3000 # Supabase Studio
#
# To pin Supabase ports (single-instance), set in .env:
# SUPABASE_API_PORT=54321
# SUPABASE_DB_PORT=54322
# SUPABASE_STUDIO_PORT=54323
#
# For resource limits, add the override: -f docker-compose.limits.yml
# Set CPUSET and MEM_LIMIT in .env.

services:
  spoketowork:
    build:
      context: .
      dockerfile: docker/Dockerfile
      target: dev
    ports:
      - '0:3000' # Dev server – use `docker compose port spoketowork 3000`
      - '0:6006' # Storybook
      - '0:24678' # Next.js HMR websocket
    volumes:
      - .:/app
      - node_modules:/app/node_modules
      - type: tmpfs
        target: /app/.next
        tmpfs:
          mode: 01777
    env_file:
      - .env
      - path: .env.supabase.local
        required: false
    environment:
      - CI=true
      - HUSKY=0
      - WATCHPACK_POLLING=true
      - CHOKIDAR_USEPOLLING=true
      - GIT_AUTHOR_NAME=${GIT_AUTHOR_NAME}
      - GIT_AUTHOR_EMAIL=${GIT_AUTHOR_EMAIL}
      - GIT_COMMITTER_NAME=${GIT_AUTHOR_NAME}
      - GIT_COMMITTER_EMAIL=${GIT_AUTHOR_EMAIL}
    healthcheck:
      test: ['CMD', 'curl', '-f', 'http://localhost:3000/'] # Internal container port
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    init: true
    restart: unless-stopped
    networks:
      - SpokeToWork

  # =============================================================================
  # LOCAL SUPABASE SERVICES (start with: docker compose --profile supabase up)
  # =============================================================================

  supabase-db:
    image: supabase/postgres:15.8.1.085
    profiles: [supabase]
    ports:
      - '${SUPABASE_DB_PORT:-0}:5432'
    environment:
      POSTGRES_HOST: /var/run/postgresql
      PGPORT: 5432
      POSTGRES_PORT: 5432
      PGPASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
      POSTGRES_PASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
      PGDATABASE: postgres
      POSTGRES_DB: postgres
      JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      JWT_EXP: 28800
    volumes:
      - supabase_db_data:/var/lib/postgresql/data
    healthcheck:
      test:
        [
          'CMD-SHELL',
          'pg_isready -U postgres -h localhost && psql -U supabase_admin -d postgres -c "SELECT 1 FROM pg_roles WHERE rolname=''supabase_auth_admin''" | grep -q 1',
        ]
      interval: 5s
      timeout: 5s
      retries: 30
      start_period: 30s
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-init:
    image: supabase/postgres:15.8.1.085
    profiles: [supabase]
    depends_on:
      supabase-db:
        condition: service_healthy
    environment:
      PGPASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
    entrypoint: ['/bin/bash', '-c']
    command:
      - |
        psql -h supabase-db -U supabase_admin -d postgres -c "ALTER USER supabase_auth_admin WITH PASSWORD '$$PGPASSWORD';"
        psql -h supabase-db -U supabase_admin -d postgres -c "ALTER USER authenticator WITH PASSWORD '$$PGPASSWORD';"
        psql -h supabase-db -U supabase_admin -d postgres -c "ALTER USER supabase_storage_admin WITH PASSWORD '$$PGPASSWORD';"
        echo "Supabase role passwords configured"
    networks:
      - SpokeToWork

  supabase-auth:
    image: supabase/gotrue:v2.164.0
    profiles: [supabase]
    depends_on:
      supabase-init:
        condition: service_completed_successfully
    environment:
      GOTRUE_API_HOST: 0.0.0.0
      GOTRUE_API_PORT: 9999
      # Set by scripts/supabase-up.sh Phase 2 with discovered dynamic ports.
      # Do NOT hardcode these — a hookify rule will warn if you try.
      API_EXTERNAL_URL: ${API_EXTERNAL_URL:-http://localhost:${SUPABASE_API_PORT:-54321}}
      GOTRUE_DB_DRIVER: postgres
      GOTRUE_DB_DATABASE_URL: postgres://supabase_auth_admin:${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}@supabase-db:5432/postgres
      GOTRUE_SITE_URL: ${GOTRUE_SITE_URL:-http://localhost:3000}
      GOTRUE_URI_ALLOW_LIST: ''
      GOTRUE_DISABLE_SIGNUP: 'false'
      GOTRUE_JWT_ADMIN_ROLES: service_role
      GOTRUE_JWT_AUD: authenticated
      GOTRUE_JWT_DEFAULT_GROUP_NAME: authenticated
      GOTRUE_JWT_EXP: 28800
      GOTRUE_JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      GOTRUE_EXTERNAL_EMAIL_ENABLED: 'true'
      GOTRUE_EXTERNAL_ANONYMOUS_USERS_ENABLED: 'false'
      GOTRUE_MAILER_AUTOCONFIRM: 'true'
      GOTRUE_EXTERNAL_GOOGLE_ENABLED: 'true'
      GOTRUE_EXTERNAL_GOOGLE_CLIENT_ID: ${GOOGLE_OAUTH_CLIENT_ID:-}
      GOTRUE_EXTERNAL_GOOGLE_SECRET: ${GOOGLE_OAUTH_CLIENT_SECRET:-}
      GOTRUE_EXTERNAL_GOOGLE_REDIRECT_URI: http://localhost:${SUPABASE_API_PORT:-54321}/auth/v1/callback
      GOTRUE_EXTERNAL_GITHUB_ENABLED: 'true'
      GOTRUE_EXTERNAL_GITHUB_CLIENT_ID: ${GITHUB_OAUTH_CLIENT_ID:-}
      GOTRUE_EXTERNAL_GITHUB_SECRET: ${GITHUB_OAUTH_CLIENT_SECRET:-}
      GOTRUE_EXTERNAL_GITHUB_REDIRECT_URI: http://localhost:${SUPABASE_API_PORT:-54321}/auth/v1/callback
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-rest:
    image: postgrest/postgrest:v12.2.0
    profiles: [supabase]
    depends_on:
      supabase-init:
        condition: service_completed_successfully
    environment:
      PGRST_DB_URI: postgres://authenticator:${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}@supabase-db:5432/postgres
      PGRST_DB_SCHEMAS: public,graphql_public
      PGRST_DB_ANON_ROLE: anon
      PGRST_JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      PGRST_DB_USE_LEGACY_GUCS: 'false'
      PGRST_APP_SETTINGS_JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      PGRST_APP_SETTINGS_JWT_EXP: 28800
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-meta:
    image: supabase/postgres-meta:v0.83.2
    profiles: [supabase]
    depends_on:
      supabase-init:
        condition: service_completed_successfully
    environment:
      PG_META_PORT: 8080
      PG_META_DB_HOST: supabase-db
      PG_META_DB_PORT: 5432
      PG_META_DB_NAME: postgres
      PG_META_DB_USER: supabase_admin
      PG_META_DB_PASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-realtime:
    image: supabase/realtime:v2.30.34
    hostname: supabase-realtime
    profiles: [supabase]
    depends_on:
      supabase-init:
        condition: service_completed_successfully
    environment:
      PORT: 4000
      DB_HOST: supabase-db
      DB_PORT: 5432
      DB_USER: supabase_admin
      DB_PASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
      DB_NAME: postgres
      DB_AFTER_CONNECT_QUERY: 'SET search_path TO _realtime'
      DB_ENC_KEY: supabaserealtime
      API_JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      SECRET_KEY_BASE: ${SUPABASE_LOCAL_REALTIME_SECRET:-change-me-realtime-secret-key-base}
      ERL_AFLAGS: -proto_dist inet_tcp
      DNS_NODES: "''"
      RLIMIT_NOFILE: 10000
      APP_NAME: realtime
      SEED_SELF_HOST: 'false'
      REPLICATION_MODE: RLS
      REPLICATION_POLL_INTERVAL: 100
      SECURE_CHANNELS: 'true'
      SLOT_NAME: supabase_realtime_rls
      TEMPORARY_SLOT: 'true'
      MAX_REPLICATION_LAG_MB: 1000
      PROM_EX_PROM_MANUAL_METRICS_START_DELAY: 0
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-kong:
    image: kong:2.8.1
    profiles: [supabase]
    depends_on:
      supabase-auth:
        condition: service_started
      supabase-rest:
        condition: service_started
      supabase-realtime:
        condition: service_started
    ports:
      - '${SUPABASE_API_PORT:-0}:8000'
    environment:
      KONG_DATABASE: 'off'
      KONG_DECLARATIVE_CONFIG: /kong/kong.yml
      KONG_DNS_ORDER: LAST,A,CNAME
      KONG_PLUGINS: request-transformer,cors,key-auth,acl,basic-auth
      KONG_NGINX_PROXY_PROXY_BUFFER_SIZE: 160k
      KONG_NGINX_PROXY_PROXY_BUFFERS: 64 160k
      SUPABASE_ANON_KEY: ${SUPABASE_LOCAL_ANON_KEY:-set-anon-key-in-env-file}
      SUPABASE_SERVICE_KEY: ${SUPABASE_LOCAL_SERVICE_KEY:-set-service-key-in-env-file}
    volumes:
      - ./docker/kong/kong.generated.yml:/kong/kong.yml:ro
    restart: unless-stopped
    networks:
      - SpokeToWork

  supabase-studio:
    image: supabase/studio:20241202-71e5240
    profiles: [supabase]
    depends_on:
      supabase-kong:
        condition: service_started
      supabase-meta:
        condition: service_started
    ports:
      - '${SUPABASE_STUDIO_PORT:-0}:3000'
    environment:
      STUDIO_PG_META_URL: http://supabase-meta:8080
      POSTGRES_PASSWORD: ${SUPABASE_LOCAL_DB_PASSWORD:-your-super-secret-and-long-postgres-password}
      DEFAULT_ORGANIZATION_NAME: SpokeToWork
      DEFAULT_PROJECT_NAME: Local Development
      SUPABASE_URL: http://supabase-kong:8000
      # Cosmetic: displayed in Studio UI only. Set SUPABASE_API_PORT in .env for correct display.
      SUPABASE_PUBLIC_URL: http://localhost:${SUPABASE_API_PORT:-0}
      SUPABASE_ANON_KEY: ${SUPABASE_LOCAL_ANON_KEY:-set-anon-key-in-env-file}
      SUPABASE_SERVICE_KEY: ${SUPABASE_LOCAL_SERVICE_KEY:-set-service-key-in-env-file}
      AUTH_JWT_SECRET: ${SUPABASE_LOCAL_JWT_SECRET:-your-super-secret-jwt-token-with-at-least-32-characters-long}
      LOGFLARE_API_KEY: ''
      LOGFLARE_URL: ''
      NEXT_PUBLIC_ENABLE_LOGS: 'false'
      NEXT_ANALYTICS_BACKEND_PROVIDER: ''
    restart: unless-stopped
    networks:
      - SpokeToWork

networks:
  SpokeToWork:
    driver: bridge

volumes:
  node_modules:
  supabase_db_data: