Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
8429bd86d4fbb71b0b060245c21de717f0187606
CapaKraken/docker-compose.yml
T
Hartmut 0e119cfe73 security: close audit findings #19–#23 and harden Docker setup (#24) 
#19 MFA QR code: render locally via qrcode package, remove external qrserver.com request
#20 Webhook SSRF: add ssrf-guard.ts with DNS-verified IP blocklist; enforce on create/update/test/dispatch
#21 /api/perf: fail-closed when CRON_SECRET missing; remove query-string token auth
#22 CSP: remove unsafe-eval and unsafe-inline from script-src in production builds
#23 Active session registry: forward jti into session object; validate against ActiveSession on every tRPC request

#24 Docker: add missing packages/application to Dockerfile.dev; fix pnpm-lock.yaml glob;
    run db:migrate:deploy on container start so a fresh checkout boots without manual steps

Also: fix pre-existing TS error in e2e/allocations.spec.ts (args.length literal type overlap)

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-01 18:19:21 +02:00

90 lines
2.2 KiB
YAML
Raw Blame History

name: capakraken
services:
postgres:
image: postgres:16-alpine
ports:
- "5433:5432"
environment:
POSTGRES_DB: capakraken
POSTGRES_USER: capakraken
POSTGRES_PASSWORD: capakraken_dev
command: >
postgres
-c log_connections=on
-c log_disconnections=on
-c log_statement=ddl
-c log_line_prefix='%t [%p] %u@%d '
-c log_min_duration_statement=1000
volumes:
- capakraken_pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U capakraken -d capakraken"]
interval: 5s
timeout: 3s
retries: 5
redis:
image: redis:7-alpine
ports:
- "6380:6379"
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 5s
timeout: 3s
retries: 5
pgadmin:
image: dpage/pgadmin4
ports:
- "5050:80"
environment:
PGADMIN_DEFAULT_EMAIL: admin@capakraken.dev
PGADMIN_DEFAULT_PASSWORD: admin
depends_on:
postgres:
condition: service_healthy
app:
build:
context: .
dockerfile: Dockerfile.dev
ports:
- "3100:3100"
environment:
DATABASE_URL: ${DATABASE_URL:-postgresql://capakraken:capakraken_dev@postgres:5432/capakraken}
REDIS_URL: ${REDIS_URL:-redis://redis:6379}
NEXTAUTH_URL: ${NEXTAUTH_URL:-http://localhost:3100}
NEXTAUTH_SECRET: ${NEXTAUTH_SECRET:?set NEXTAUTH_SECRET}
depends_on:
postgres:
condition: service_healthy
redis:
condition: service_healthy
volumes:
- .:/app
# Anonymous volumes mask the bind-mount for generated/installed artefacts.
# Docker seeds them from the image layer on first start; they persist across restarts.
# pnpm stores all packages in the root node_modules/.pnpm virtual store — one volume covers it all.
- /app/node_modules
- /app/apps/web/.next
profiles:
- full
postgres-test:
image: postgres:16-alpine
ports:
- "${POSTGRES_TEST_PORT:-5434}:5432"
environment:
POSTGRES_DB: capakraken_test
POSTGRES_USER: capakraken
POSTGRES_PASSWORD: capakraken_test
tmpfs:
- /var/lib/postgresql/data
profiles:
- test
volumes:
capakraken_pgdata:
name: capakraken_pgdata
Reference in New Issue View Git Blame Copy Permalink