-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
79 lines (75 loc) · 2.6 KB
/
docker-compose.yml
File metadata and controls
79 lines (75 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
version: '3.8'
# Production deployment configuration
#
# Secrets Backend: Set SECRETS_BACKEND to "bitwarden" (default) or "vault"
#
# Bitwarden backend required environment variables:
# BW_SESSION - Bitwarden session token
# BW_COLLECTION_ID - Bitwarden collection containing agent items
#
# HashiCorp Vault backend required environment variables:
# VAULT_ADDR - Vault server address
# VAULT_TOKEN - Vault authentication token
#
# Optional environment variables:
# BW_SERVER_URL - Bitwarden/Vaultwarden server URL (default: bitwarden.com)
# VAULT_MOUNT_PATH - Vault KV v2 mount path (default: secret)
# VAULT_BASE_PATH - Vault path for agent secrets (default: agents)
# GITHUB_API_URL - GitHub API URL (default: https://api.github.com)
# LOG_LEVEL - Logging level: INFO or DEBUG (default: INFO)
services:
github-auth-service:
build:
context: .
dockerfile: Dockerfile
container_name: github-auth-service
environment:
# Secrets backend selection (uncomment one option)
# Option 1: Bitwarden (default)
- SECRETS_BACKEND=${SECRETS_BACKEND:-bitwarden}
- BW_SESSION=${BW_SESSION:-}
- BW_COLLECTION_ID=${BW_COLLECTION_ID:-}
- BW_SERVER_URL=${BW_SERVER_URL:-}
# Option 2: HashiCorp Vault (uncomment and set these instead)
# - SECRETS_BACKEND=vault
- VAULT_ADDR=${VAULT_ADDR:-}
- VAULT_TOKEN=${VAULT_TOKEN:-}
# - VAULT_MOUNT_PATH=secret
# - VAULT_BASE_PATH=agents
# Common
- GITHUB_API_URL=${GITHUB_API_URL:-https://api.github.com}
- LOG_LEVEL=${LOG_LEVEL:-INFO}
networks:
- agent-network
# No ports exposed - only accessible within agent-network
# Uncomment for debugging:
# ports:
# - "8080:8080"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 30s
restart: unless-stopped
# Example agent container configuration:
#
# agent-claude-1:
# image: your-agent-image:latest
# container_name: agent-claude-1
# environment:
# # Agent authentication
# - AGENT_NAME=agent-claude-1
# - AGENT_TOKEN=${AGENT_CLAUDE_1_TOKEN}
# # Auth service URL
# - GITHUB_AUTH_SERVICE=http://github-auth-service:8080
# networks:
# - agent-network # Internal network to reach auth service
# - external # External network for GitHub API access
# depends_on:
# github-auth-service:
# condition: service_healthy
networks:
agent-network:
driver: bridge
# Isolated network - only containers here can reach the auth service