Kyle Pope
3496cf0f26
Some checks failed
Build and Deploy UMBRA / build-and-deploy (push) Failing after 11m24s
- Add /health proxy block with rate limiting for external uptime monitoring - Fix Permissions-Policy on API responses: add passkey directives - Strengthen CSP: add frame-ancestors 'none' + upgrade-insecure-requests - Relax backend healthcheck interval from 10s to 30s (reduce overhead) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
83 lines
2.1 KiB
YAML
83 lines
2.1 KiB
YAML
services:
|
|
db:
|
|
image: postgres:16-alpine
|
|
restart: unless-stopped
|
|
environment:
|
|
- POSTGRES_USER=${POSTGRES_USER}
|
|
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
|
|
- POSTGRES_DB=${POSTGRES_DB}
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
networks:
|
|
- backend_net
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U $POSTGRES_USER -d $POSTGRES_DB"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
cpus: "1.0"
|
|
|
|
backend:
|
|
image: git.sentinelforest.xyz/rohskiddo/umbra-backend:main-latest
|
|
restart: unless-stopped
|
|
environment:
|
|
- DATABASE_URL=postgresql+asyncpg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
|
|
- SECRET_KEY=${SECRET_KEY}
|
|
- ENVIRONMENT=${ENVIRONMENT:-production}
|
|
- UMBRA_URL=${UMBRA_URL:-https://umbra.ghost6.xyz}
|
|
- OPENWEATHERMAP_API_KEY=${OPENWEATHERMAP_API_KEY:-}
|
|
- WEBAUTHN_RP_ID=${WEBAUTHN_RP_ID:-umbra.ghost6.xyz}
|
|
- WEBAUTHN_RP_NAME=${WEBAUTHN_RP_NAME:-UMBRA}
|
|
- WEBAUTHN_ORIGIN=${WEBAUTHN_ORIGIN:-https://umbra.ghost6.xyz}
|
|
depends_on:
|
|
db:
|
|
condition: service_healthy
|
|
networks:
|
|
- backend_net
|
|
- frontend_net
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "python -c \"import urllib.request; urllib.request.urlopen('http://localhost:8000/health')\""]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
start_period: 30s
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 512M
|
|
cpus: "1.0"
|
|
|
|
frontend:
|
|
image: git.sentinelforest.xyz/rohskiddo/umbra-frontend:main-latest
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:8080"
|
|
depends_on:
|
|
backend:
|
|
condition: service_healthy
|
|
networks:
|
|
- frontend_net
|
|
healthcheck:
|
|
test: ["CMD", "wget", "--spider", "--quiet", "http://127.0.0.1:8080/"]
|
|
interval: 15s
|
|
timeout: 5s
|
|
retries: 3
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
memory: 128M
|
|
cpus: "0.5"
|
|
|
|
volumes:
|
|
postgres_data:
|
|
|
|
networks:
|
|
backend_net:
|
|
driver: bridge
|
|
frontend_net:
|
|
driver: bridge
|