-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| FROM golang:1.19-buster as builder | ||
|
|
||
| # build | ||
| WORKDIR /app | ||
|
|
||
| COPY go.mod ./ | ||
| COPY go.sum ./ | ||
|
|
||
| RUN go mod download | ||
|
|
||
| COPY ./pocketbase ./pocketbase | ||
| RUN go build -o /pocketbase pocketbase/main.go | ||
| #checkov:skip=CKV_DOCKER_4: Ensure that COPY is used instead of ADD in Dockerfiles | ||
| # Because we want to add from a remote URL, and there is no reason not to trust benbjohnson | ||
| # ADD https://github.com/benbjohnson/litestream/releases/download/v0.3.8/litestream-v0.3.8-linux-amd64-static.tar.gz /tmp/litestream.tar.gz | ||
| # RUN tar -C /usr/local/bin -xzf /tmp/litestream.tar.gz | ||
|
|
||
| # deploy | ||
| FROM debian:buster-slim | ||
| RUN set -x && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ | ||
| ca-certificates=20200601~deb10u2 && \ | ||
| rm -rf /var/lib/apt/lists/* | ||
|
|
||
| WORKDIR /app | ||
|
|
||
| COPY --from=builder /pocketbase /pocketbase | ||
| # COPY --from=builder /usr/local/bin/litestream /usr/local/bin/litestream | ||
| # COPY litestream.yml /etc/litestream.yml | ||
|
|
||
| COPY run.sh . | ||
|
|
||
|
|
||
| EXPOSE 8090 | ||
| # TODO add a health check to the API | ||
| HEALTHCHECK NONE | ||
| #checkov:skip=CKV_DOCKER_3: Ensure that a user for the container has been created | ||
| # Because it will run as root on the VM anyway, and there is nothing else there but a docker container | ||
|
|
||
| CMD ["/app/run.sh"] |
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| #!/bin/bash | ||
| set -e | ||
|
|
||
| echo "Check diskspace on VM" | ||
| df -h | ||
|
|
||
| # echo "litestream version" | ||
| # litestream version | ||
|
|
||
| # # Docker entry point for image will decode the base64 secret and put it into the GOOGLE_APPLICATION_CREDENTIALS PATH that has been specified | ||
| # # this has to be done before litestream starts! | ||
| # # Should be no issue with the correct entrypoint | ||
| # # then it can be used by flyctl secrets as well | ||
| # # https://www.avaitla16.com/google-application-credentials-json-as-an-environment-variable | ||
| # # https://community.fly.io/t/how-are-you-managing-cert-files-with-fly/2984/20 | ||
|
|
||
| # echo "set gcp key" | ||
| # echo "$GCP_KEY" | base64 -d > "$GOOGLE_APPLICATION_CREDENTIALS" | ||
|
|
||
| # echo "Restore db if exists" | ||
| # litestream restore -if-replica-exists /app/production.db | ||
|
|
||
| # echo "replicate!" | ||
| # exec litestream replicate -exec "/api" | ||
| /pocketbase serve --http 0.0.0.0:8090 |