Pocketbase Dockerfile and deployment documentation

[halocline]

Overview

• Establishing a design system database to serve as a source of truth for the current state of the design system.
  • Creating a Dockerfile to build and deploy the database on cloud infrastructure.
• Introduces an apps directory as part of the monorepo structure. pocketbase_app is the first app. Future monorepo structure might resemble the following:

/apps
    /aries-site
    /design-system-manager
    /design-tokens-manager
    /ds-assistant
    /ds-mcp-server
    /pocketbase_app
/core
    /aries-core
/packages
    /design-tokens
    /hpe-icons
    /hpe-ui-library
/sandbox
    ...
package.json

Above structure is conceptual and discussion is welcome.

---

PR detail

This pull request introduces a complete setup for deploying the PocketBase backend for the HPE Design System to Google Cloud Run with persistent storage and production-ready configuration. It adds essential documentation, a Dockerfile for containerization, a startup script for efficient data handling, and proper licensing. The changes focus on enabling persistent, performant, and safe operation of PocketBase in a cloud environment.

Cloud Deployment & Data Persistence

• Added a Dockerfile that builds a minimal Alpine-based container, downloads the PocketBase binary, sets up required directories, and uses a startup script to manage data and server startup.
• Introduced a startup.sh script that copies the database from the mounted Cloud Storage volume to local storage on startup for performance, and backs up data to Cloud Storage on shutdown for persistence.
• Updated .gitignore to exclude PocketBase binaries, data, logs, and temporary directories to keep the repository clean.

Documentation & Usage

• Added a comprehensive DEPLOYMENT.md guide detailing step-by-step deployment to Google Cloud Run, including prerequisites, setup, admin access, architecture, troubleshooting, and best practices for SQLite persistence.
• Provided a QUICK_REFERENCE.md with essential commands for deployment, admin credential reset, log checking, and key operational notes.
• Updated README.md to explain the backend's purpose, PocketBase features, and a high-level overview of cloud deployment strategies, emphasizing Cloud Run with persistent storage.

Licensing

• Added an LICENSE.md file with the MIT license for proper open-source compliance.

[changeset-bot]

⚠️ No Changeset found

Latest commit: dcde538

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

✅ Deploy Preview for hpe-theme-preview ready!

Name	Link
🔨 Latest commit	dcde538
🔍 Latest deploy log	https://app.netlify.com/projects/hpe-theme-preview/deploys/6893edf810b1370008d99166
😎 Deploy Preview	https://deploy-preview-5253--hpe-theme-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for unrivaled-bublanina-3a9bae ready!

Name	Link
🔨 Latest commit	dcde538
🔍 Latest deploy log	https://app.netlify.com/projects/unrivaled-bublanina-3a9bae/deploys/6893edf810b1370008d99168
😎 Deploy Preview	https://deploy-preview-5253--unrivaled-bublanina-3a9bae.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Copilot]

Pull Request Overview

This PR establishes a complete PocketBase cloud deployment infrastructure for the HPE Design System. It introduces the first app in the proposed monorepo structure with comprehensive Docker containerization, Google Cloud Run deployment scripts, and detailed documentation for cloud-based data persistence.

• Creates complete PocketBase deployment infrastructure with Cloud Run integration
• Introduces apps/pocketbase_app as the first application in a new monorepo structure
• Provides automated deployment scripts and comprehensive documentation

Reviewed Changes

Copilot reviewed 14 out of 15 changed files in this pull request and generated 7 comments.

Show a summary per file

File	Description
startup.sh	Container startup script with health checks and graceful shutdown handling
deploy.sh	Automated deployment script for Google Cloud infrastructure setup
cloud-run-service.yaml	Static Cloud Run service configuration for HPE Design System
cloud-run-service.template.yaml	Portable templated configuration with environment variable substitution
README.md	Project overview and quick start documentation
QUICK_REFERENCE.md	Essential commands and operations reference
LICENSE.md	MIT license for open-source compliance
Dockerfile.orig	Original Docker configuration preserved for reference
Dockerfile	Production-ready container build with security hardening
DEPLOYMENT.md	Comprehensive deployment guide with troubleshooting
CLOUD_STORAGE_SETUP.md	Detailed Cloud Storage integration documentation
CHANGELOG.md	PocketBase version changelog (v0.29.1)
.gitignore	Repository exclusions for binaries and generated files
.env.example	Environment configuration template

[Copilot]

Using chmod 755 on a data directory could expose sensitive database files to other users on the system. Consider using 750 or 700 for better security, as PocketBase data should only be accessible by the application user.

Suggested change

	chmod 755 "$DATA_DIR" 2>/dev/null || true
	chmod 700 "$DATA_DIR" 2>/dev/null || true

[Copilot]

Granting 'roles/storage.admin' provides broad permissions including the ability to delete buckets and modify IAM policies. Consider using 'roles/storage.objectAdmin' which provides sufficient permissions for PocketBase data operations without bucket-level administrative access.

Suggested change

	--role="roles/storage.admin"
	--role="roles/storage.objectAdmin"

[Copilot]

The service account email is hardcoded with a specific project ID 'hpe-design-system-adoption'. This makes the configuration non-portable across different projects. Consider using the template version or environment variable substitution for better maintainability.

Suggested change

	serviceAccountName: pocketbase-service-account@hpe-design-system-adoption.iam.gserviceaccount.com
	serviceAccountName: pocketbase-service-account@${PROJECT_ID}.iam.gserviceaccount.com

[Copilot]

The container image reference is hardcoded with a specific project ID 'hpe-design-system-adoption'. This makes the configuration non-portable across different projects. Consider using the template version for better maintainability.

Suggested change

	- image: gcr.io/hpe-design-system-adoption/pocketbase-app:latest
	serviceAccountName: pocketbase-service-account@${PROJECT_ID}.iam.gserviceaccount.com
	containers:
	- image: gcr.io/${PROJECT_ID}/pocketbase-app:latest

[Copilot]

The bucket name is hardcoded as 'ds-pocketbase'. This makes the configuration non-portable across different projects where the bucket name might need to be different. Consider using the template version for better maintainability.

Suggested change

	bucketName: ds-pocketbase
	bucketName: ${GCS_BUCKET_NAME}

[Copilot]

The checksum verification assumes the checksum file uses space as delimiter and the hash is in the first field. However, different checksum formats may use different delimiters or field orders. Consider using sha256sum -c with a properly formatted checksums file for more robust verification.

Suggested change

	rm /tmp/pocketbase.zip /tmp/checksums.txt && \
	grep "pocketbase_${PB_VERSION}_linux_amd64.zip" /tmp/checksums.txt | \
	sed "s/pocketbase_${PB_VERSION}_linux_amd64.zip$/\/tmp\/pocketbase.zip/" > /tmp/pb_checksum.txt && \
	sha256sum -c /tmp/pb_checksum.txt && \
	echo "✅ Checksum verification passed" && \
	unzip /tmp/pocketbase.zip -d /app && \
	rm /tmp/pocketbase.zip /tmp/checksums.txt /tmp/pb_checksum.txt && \