openwork/packaging/docker/docker-compose.dev.yml

# docker-compose.dev.yml — Dev testability stack (no custom Dockerfile)
#
# Usage (from repo root):
#   docker compose -f packaging/docker/docker-compose.dev.yml up
#
# Then open the printed Web UI URL — already wired to headless, no config needed.
#
# Env overrides (optional, via .env or export):
#   OPENWORK_TOKEN        — shared client token (auto-generated if unset)
#   OPENWORK_HOST_TOKEN   — host/admin token (auto-generated if unset)
#   OPENWORK_WORKSPACE    — host path to mount as workspace (default: ./workspace)
#   OPENWORK_PORT         — host port to map to container :8787 (default: 8787)
#   WEB_PORT              — host port to map to container :5173 (default: 5173)
#   SHARE_PORT            — host port to map to the share service :3000 (default: 3006)
#   OPENWORK_DEV_ID       — unique ID for this stack (default: default)
#   OPENWORK_DEV_MODE     — enables isolated OpenCode dev state (set by dev-up.sh)
#   OPENWORK_PUBLIC_HOST  — browser-facing host/IP for LAN-accessible URLs (set by dev-up.sh)
#   OPENWORK_DOCKER_DEV_MOUNT_HOST_OPENCODE=1 — import host OpenCode config/auth into the isolated dev state
#   OPENWORK_OPENCODE_CONFIG_DIR      — host OpenCode config dir detection override (read by dev-up.sh)
#   OPENWORK_OPENCODE_DATA_DIR        — host OpenCode data dir detection override (read by dev-up.sh)
#   OPENWORK_HOST_OPENCODE_CONFIG_DIR — import source for OpenCode config (set by dev-up.sh)
#   OPENWORK_HOST_OPENCODE_DATA_DIR   — import source for OpenCode auth/data (set by dev-up.sh)

x-shared: &shared
  image: node:22-bookworm-slim
  working_dir: /app
  volumes:
    # Mount the entire repo so both services share node_modules + source
    - ../../:/app
    - pnpm-store:/root/.local/share/pnpm/store
    - bun-install:/root/.bun
    - ${OPENWORK_WORKSPACE:-./workspace}:/workspace
    - ${OPENWORK_HOST_OPENCODE_CONFIG_DIR:-./workspace/.openwork-host-opencode-config}:/persist/.config/opencode:ro
    - ${OPENWORK_HOST_OPENCODE_DATA_DIR:-./workspace/.openwork-host-opencode-data}:/persist/.openwork-host-opencode-data:ro

services:
  orchestrator:
    <<: *shared
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        set -e

        # --- Ensure workspace dir is writable ---
        mkdir -p /workspace && touch /workspace/.keep 2>/dev/null || true

        # --- Install system deps ---
        apt-get update -qq && apt-get install -y -qq --no-install-recommends \
          curl ca-certificates unzip git >/dev/null 2>&1

        # --- Install bun (cached in named volume) ---
        export BUN_INSTALL="/root/.bun"
        export PATH="$$BUN_INSTALL/bin:$$PATH"
        if ! command -v bun >/dev/null 2>&1; then
          echo "[orchestrator] Installing bun..."
          curl -fsSL https://bun.sh/install | bash
        fi

        # --- Enable pnpm via corepack ---
        corepack enable && corepack prepare pnpm@10.27.0 --activate

        # --- Install deps ---
        echo "[orchestrator] Installing dependencies..."
        pnpm install --no-frozen-lockfile --network-concurrency 1 --child-concurrency 1

        # --- Use source entrypoints for the dev stack ---
        # The orchestrator can spawn .ts files via Bun directly, which avoids bind-mount
        # issues from bun --compile inside Docker on macOS.
        export OPENWORK_SERVER_BIN="/app/apps/server/src/cli.ts"
        export OPENCODE_ROUTER_BIN="/app/apps/opencode-router/src/cli.ts"

        # --- Resolve tokens ---
        if [ -z "$$OPENWORK_TOKEN" ]; then
          OPENWORK_TOKEN=$$(cat /proc/sys/kernel/random/uuid)
          export OPENWORK_TOKEN
        fi
        if [ -z "$$OPENWORK_HOST_TOKEN" ]; then
          OPENWORK_HOST_TOKEN=$$(cat /proc/sys/kernel/random/uuid)
          export OPENWORK_HOST_TOKEN
        fi

        # Write tokens so the web service can source them
        mkdir -p /app/tmp
        printf 'OPENWORK_TOKEN=%s\nOPENWORK_HOST_TOKEN=%s\n' \
          "$$OPENWORK_TOKEN" "$$OPENWORK_HOST_TOKEN" > "/app/tmp/.dev-env-${OPENWORK_DEV_ID:-default}"

        echo ""
        echo "============================================"
        echo "  OpenWork orchestrator"
        echo "  Server:     http://localhost:${OPENWORK_PORT:-8787}"
        echo "  Health:     http://localhost:${OPENWORK_PORT:-8787}/health"
        echo "  Token:      $$OPENWORK_TOKEN"
        echo "  Host token: $$OPENWORK_HOST_TOKEN"
        echo "============================================"
        echo ""

        exec pnpm --filter openwork-orchestrator dev -- start \
          --workspace /workspace \
          --remote-access \
          --openwork-port 8787 \
          --openwork-token "$$OPENWORK_TOKEN" \
          --openwork-host-token "$$OPENWORK_HOST_TOKEN" \
          --openwork-server-bin "$$OPENWORK_SERVER_BIN" \
          --opencode-router-bin "$$OPENCODE_ROUTER_BIN" \
          --approval auto \
          --allow-external \
          --cors "*"
    ports:
      - "${OPENWORK_PORT:-8787}:8787"
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:8787/health || exit 1"]
      interval: 5s
      timeout: 5s
      retries: 30
      start_period: 90s
    environment:
      CI: "true"
      OPENWORK_TOKEN: ${OPENWORK_TOKEN:-}
      OPENWORK_HOST_TOKEN: ${OPENWORK_HOST_TOKEN:-}
      OPENWORK_DEV_ID: ${OPENWORK_DEV_ID:-default}
      OPENWORK_DEV_MODE: ${OPENWORK_DEV_MODE:-1}
      OPENWORK_DEV_OPENCODE_IMPORT_CONFIG_DIR: /persist/.config/opencode
      OPENWORK_DEV_OPENCODE_IMPORT_DATA_DIR: /persist/.openwork-host-opencode-data
      OPENWORK_SIDECAR_SOURCE: external
 
  web:
    <<: *shared
    depends_on:
      orchestrator:
        condition: service_healthy
      share:
        condition: service_healthy
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        set -e

        # --- Install system deps ---
        apt-get update -qq && apt-get install -y -qq --no-install-recommends \
          curl ca-certificates >/dev/null 2>&1

        # --- Bun + pnpm ---
        export BUN_INSTALL="/root/.bun"
        export PATH="$$BUN_INSTALL/bin:$$PATH"
        if ! command -v bun >/dev/null 2>&1; then
          curl -fsSL https://bun.sh/install | bash
        fi
        corepack enable && corepack prepare pnpm@10.27.0 --activate

        # --- Read token written by orchestrator ---
        if [ -f "/app/tmp/.dev-env-${OPENWORK_DEV_ID:-default}" ]; then
          . "/app/tmp/.dev-env-${OPENWORK_DEV_ID:-default}"
          export VITE_OPENWORK_TOKEN="$$OPENWORK_TOKEN"
        fi

        echo ""
        echo "============================================"
        echo "  OpenWork web UI"
        echo "  URL:   http://localhost:${WEB_PORT:-5173}"
        echo "  Token: $${VITE_OPENWORK_TOKEN:-<see orchestrator logs>}"
        echo "============================================"
        echo ""

        export VITE_OPENWORK_URL="http://${OPENWORK_PUBLIC_HOST:-localhost}:${OPENWORK_PORT:-8787}"
        export VITE_OPENWORK_PORT="${OPENWORK_PORT:-8787}"
        export VITE_OPENWORK_PUBLISHER_BASE_URL="http://${OPENWORK_PUBLIC_HOST:-localhost}:${SHARE_PORT:-3006}"
        export VITE_ALLOWED_HOSTS="all"
        export HOST="0.0.0.0"
        export PORT="5173"

        exec pnpm --filter @openwork/app exec vite \
          --host 0.0.0.0 \
          --port 5173 \
          --strictPort
    ports:
      - "${WEB_PORT:-5173}:5173"
    environment:
      OPENWORK_DEV_ID: ${OPENWORK_DEV_ID:-default}

  share:
    <<: *shared
    entrypoint: ["/bin/sh", "-c"]
    command:
      - |
        set -e

        apt-get update -qq && apt-get install -y -qq --no-install-recommends \
          curl ca-certificates >/dev/null 2>&1

        corepack enable && corepack prepare pnpm@10.27.0 --activate

        echo "[share] Installing dependencies..."
        pnpm install --no-frozen-lockfile --network-concurrency 1 --child-concurrency 1

        mkdir -p /app/tmp/share-service-blobs

        echo "[share] Building Next app..."
        pnpm --dir apps/share build

        echo ""
        echo "============================================"
        echo "  OpenWork share service"
        echo "  URL: http://localhost:${SHARE_PORT:-3006}"
        echo "============================================"
        echo ""

        exec pnpm --dir apps/share exec next start --hostname 0.0.0.0 --port 3000
    ports:
      - "${SHARE_PORT:-3006}:3000"
    healthcheck:
      test: ["CMD-SHELL", "curl -sf http://localhost:3000/api/health || exit 1"]
      interval: 5s
      timeout: 10s
      retries: 30
      start_period: 180s
    environment:
      CI: "true"
      OPENWORK_DEV_MODE: ${OPENWORK_DEV_MODE:-1}
      LOCAL_BLOB_DIR: /app/tmp/share-service-blobs
      PUBLIC_BASE_URL: http://${OPENWORK_PUBLIC_HOST:-localhost}:${SHARE_PORT:-3006}
      PUBLIC_OPENWORK_APP_URL: http://${OPENWORK_PUBLIC_HOST:-localhost}:${WEB_PORT:-5173}

volumes:
  pnpm-store:
    name: openwork-dev-pnpm-store
  bun-install:
    name: openwork-dev-bun-install