mirror of
https://github.com/different-ai/openwork
synced 2026-04-26 01:25:10 +02:00
0589897b2f
* feat(den): add org-managed llm provider library Let Den admins curate shared providers and models with encrypted credentials, then let the app connect through the existing add-provider flow. This keeps org-wide model access consistent without requiring per-user OAuth setup. * docs(den): prefer longer db encryption keys * fix(den): pass db encryption key through local dev --------- Co-authored-by: src-opn <src-opn@users.noreply.github.com>
150 lines
6.0 KiB
YAML
150 lines
6.0 KiB
YAML
# docker-compose.den-dev.yml — Den local testability stack
|
|
#
|
|
# Usage (from repo root):
|
|
# docker compose -f packaging/docker/docker-compose.den-dev.yml up
|
|
#
|
|
# Then open the printed web UI or Den demo URL.
|
|
#
|
|
# Env overrides (optional, via export or .env):
|
|
# DEN_API_PORT — host port to map to Den control plane :8788
|
|
# DEN_WEB_PORT — host port to map to the cloud web app :3005
|
|
# DEN_WORKER_PROXY_PORT — host port to map to the worker proxy :8789
|
|
# DEN_MYSQL_PORT — host port to map to MySQL :3306
|
|
# DEN_BETTER_AUTH_SECRET — Better Auth secret (auto-generated by den-dev-up.sh)
|
|
# DEN_DB_ENCRYPTION_KEY — dev-only DB encryption key for encrypted columns
|
|
# — defaults to a premade local key for Docker smoke tests
|
|
# — generate a replacement with: openssl rand -base64 128
|
|
# DEN_PUBLIC_HOST — browser-facing host/IP for LAN access (set by den-dev-up.sh)
|
|
# DEN_BETTER_AUTH_URL — browser-facing auth origin (default: http://<DEN_PUBLIC_HOST>:<DEN_WEB_PORT>)
|
|
# DEN_BETTER_AUTH_TRUSTED_ORIGINS — Better Auth trusted origins (defaults to DEN_CORS_ORIGINS)
|
|
# DEN_CORS_ORIGINS — comma-separated trusted origins for Better Auth + CORS
|
|
# DEN_PROVISIONER_MODE — stub, render, or daytona (default: stub)
|
|
# DEN_WORKER_URL_TEMPLATE — worker URL template used by stub provisioning
|
|
# DAYTONA_API_URL / DAYTONA_API_KEY / DAYTONA_TARGET / DAYTONA_SNAPSHOT
|
|
# — optional Daytona passthrough vars when DEN_PROVISIONER_MODE=daytona
|
|
# POLAR_FEATURE_GATE_ENABLED / POLAR_API_BASE / POLAR_ACCESS_TOKEN
|
|
# POLAR_PRODUCT_ID / POLAR_BENEFIT_ID / POLAR_SUCCESS_URL / POLAR_RETURN_URL
|
|
# — optional Polar passthrough vars for billing/paywall testing
|
|
|
|
x-shared: &shared
|
|
restart: unless-stopped
|
|
|
|
services:
|
|
mysql:
|
|
image: mysql:8.4
|
|
command:
|
|
- --performance_schema=OFF
|
|
- --innodb-buffer-pool-size=64M
|
|
- --innodb-log-buffer-size=8M
|
|
- --tmp-table-size=16M
|
|
- --max-heap-table-size=16M
|
|
environment:
|
|
MYSQL_ROOT_PASSWORD: password
|
|
MYSQL_DATABASE: openwork_den
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "mysqladmin ping -h 127.0.0.1 -ppassword --silent"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 30
|
|
start_period: 10s
|
|
ports:
|
|
- "${DEN_MYSQL_PORT:-3306}:3306"
|
|
volumes:
|
|
- den-mysql-data:/var/lib/mysql
|
|
|
|
den:
|
|
<<: *shared
|
|
build:
|
|
context: ../../
|
|
dockerfile: packaging/docker/Dockerfile.den
|
|
depends_on:
|
|
mysql:
|
|
condition: service_healthy
|
|
ports:
|
|
- "${DEN_API_PORT:-8788}:8788"
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:8788/health').then((res)=>process.exit(res.ok?0:1)).catch(()=>process.exit(1))"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 30
|
|
start_period: 120s
|
|
environment:
|
|
CI: "true"
|
|
OPENWORK_DEV_MODE: "1"
|
|
DATABASE_URL: mysql://root:password@mysql:3306/openwork_den
|
|
BETTER_AUTH_SECRET: ${DEN_BETTER_AUTH_SECRET:-dev-den-local-auth-secret-please-override-1234567890}
|
|
DEN_DB_ENCRYPTION_KEY: ${DEN_DB_ENCRYPTION_KEY:-dev-den-db-encryption-key-please-change-1234567890}
|
|
BETTER_AUTH_URL: ${DEN_BETTER_AUTH_URL:-http://localhost:3005}
|
|
DEN_BETTER_AUTH_TRUSTED_ORIGINS: ${DEN_BETTER_AUTH_TRUSTED_ORIGINS:-}
|
|
PORT: "8788"
|
|
CORS_ORIGINS: ${DEN_CORS_ORIGINS:-http://localhost:3005,http://127.0.0.1:3005,http://0.0.0.0:3005,http://localhost:8788,http://127.0.0.1:8788}
|
|
PROVISIONER_MODE: ${DEN_PROVISIONER_MODE:-stub}
|
|
WORKER_URL_TEMPLATE: ${DEN_WORKER_URL_TEMPLATE:-}
|
|
POLAR_FEATURE_GATE_ENABLED: ${POLAR_FEATURE_GATE_ENABLED:-false}
|
|
POLAR_API_BASE: ${POLAR_API_BASE:-}
|
|
POLAR_ACCESS_TOKEN: ${POLAR_ACCESS_TOKEN:-}
|
|
POLAR_PRODUCT_ID: ${POLAR_PRODUCT_ID:-}
|
|
POLAR_BENEFIT_ID: ${POLAR_BENEFIT_ID:-}
|
|
POLAR_SUCCESS_URL: ${POLAR_SUCCESS_URL:-}
|
|
POLAR_RETURN_URL: ${POLAR_RETURN_URL:-}
|
|
DAYTONA_API_URL: ${DAYTONA_API_URL:-}
|
|
DAYTONA_API_KEY: ${DAYTONA_API_KEY:-}
|
|
DAYTONA_TARGET: ${DAYTONA_TARGET:-}
|
|
DAYTONA_SNAPSHOT: ${DAYTONA_SNAPSHOT:-}
|
|
DAYTONA_WORKER_PROXY_BASE_URL: ${DEN_DAYTONA_WORKER_PROXY_BASE_URL:-http://localhost:8789}
|
|
|
|
worker-proxy:
|
|
<<: *shared
|
|
build:
|
|
context: ../../
|
|
dockerfile: packaging/docker/Dockerfile.den-worker-proxy
|
|
depends_on:
|
|
mysql:
|
|
condition: service_healthy
|
|
ports:
|
|
- "${DEN_WORKER_PROXY_PORT:-8789}:8789"
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:8789/unknown').then((res)=>process.exit([404,502].includes(res.status)?0:1)).catch(()=>process.exit(1))"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 30
|
|
start_period: 90s
|
|
environment:
|
|
CI: "true"
|
|
DATABASE_URL: mysql://root:password@mysql:3306/openwork_den
|
|
PORT: "8789"
|
|
OPENWORK_DAYTONA_ENV_PATH: ${OPENWORK_DAYTONA_ENV_PATH:-}
|
|
DAYTONA_API_URL: ${DAYTONA_API_URL:-}
|
|
DAYTONA_API_KEY: ${DAYTONA_API_KEY:-}
|
|
DAYTONA_TARGET: ${DAYTONA_TARGET:-}
|
|
DAYTONA_OPENWORK_PORT: ${DAYTONA_OPENWORK_PORT:-8787}
|
|
DAYTONA_SIGNED_PREVIEW_EXPIRES_SECONDS: ${DAYTONA_SIGNED_PREVIEW_EXPIRES_SECONDS:-86400}
|
|
|
|
web:
|
|
<<: *shared
|
|
build:
|
|
context: ../../
|
|
dockerfile: packaging/docker/Dockerfile.den-web
|
|
command: ["sh", "-lc", "npm run build && npm run start"]
|
|
depends_on:
|
|
den:
|
|
condition: service_healthy
|
|
ports:
|
|
- "${DEN_WEB_PORT:-3005}:3005"
|
|
healthcheck:
|
|
test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:3005/api/den/health').then((res)=>process.exit(res.ok?0:1)).catch(()=>process.exit(1))"]
|
|
interval: 5s
|
|
timeout: 10s
|
|
retries: 30
|
|
start_period: 180s
|
|
environment:
|
|
CI: "true"
|
|
OPENWORK_DEV_MODE: "1"
|
|
DEN_API_BASE: http://den:8788
|
|
DEN_AUTH_FALLBACK_BASE: http://den:8788
|
|
DEN_AUTH_ORIGIN: ${DEN_BETTER_AUTH_URL:-http://localhost:3005}
|
|
NEXT_PUBLIC_OPENWORK_AUTH_CALLBACK_URL: ${DEN_BETTER_AUTH_URL:-http://localhost:3005}
|
|
|
|
volumes:
|
|
den-mysql-data:
|