-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
81 lines (77 loc) · 3.05 KB
/
Copy pathdocker-compose.yml
File metadata and controls
81 lines (77 loc) · 3.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
services:
db:
image: postgres:16-alpine
environment:
POSTGRES_USER: hire
POSTGRES_PASSWORD: hire
POSTGRES_DB: hire
ports:
- "5432:5432"
volumes:
- pgdata:/var/lib/postgresql/data
# Migrations are applied automatically by Postgres on first volume init.
- ./migrations:/docker-entrypoint-initdb.d:ro
healthcheck:
test: ["CMD-SHELL", "pg_isready -U hire -d hire"]
interval: 5s
timeout: 5s
retries: 5
# Search backend for GET /api/v1/jobs/search and the reindex command. The
# huggingFace embedder downloads and runs its model inside this container, so
# the model is cached in the meilisearch_data volume across restarts.
meilisearch:
image: getmeili/meilisearch:v1.49.0
environment:
MEILI_MASTER_KEY: "${MEILI_MASTER_KEY:-dev-insecure-meili-key}"
MEILI_ENV: development
ports:
- "${MEILI_HOST_PORT:-7700}:7700"
volumes:
- meilisearch_data:/meili_data
app:
build: .
environment:
PORT: "8080"
DATABASE_URL: "postgres://hire:hire@db:5432/hire?sslmode=disable"
# Required by the auth surface (server fails fast if unset or under 32 bytes).
# Dev default — set a real, random JWT_SECRET in any non-local deployment.
JWT_SECRET: "${JWT_SECRET:-dev-insecure-secret-change-me-0123456789}"
# OAuth callbacks redirect the browser back to this origin; it also
# derives the per-provider callback URL registered at each provider.
FRONTEND_ORIGIN: "${FRONTEND_ORIGIN:-http://localhost:5173}"
# OAuth sign-in is optional: a provider with empty credentials is simply
# disabled (no button in the SPA, its routes 404). Set the values in .env.
OAUTH_GOOGLE_CLIENT_ID: "${OAUTH_GOOGLE_CLIENT_ID:-}"
OAUTH_GOOGLE_CLIENT_SECRET: "${OAUTH_GOOGLE_CLIENT_SECRET:-}"
OAUTH_GITHUB_CLIENT_ID: "${OAUTH_GITHUB_CLIENT_ID:-}"
OAUTH_GITHUB_CLIENT_SECRET: "${OAUTH_GITHUB_CLIENT_SECRET:-}"
OAUTH_LINKEDIN_CLIENT_ID: "${OAUTH_LINKEDIN_CLIENT_ID:-}"
OAUTH_LINKEDIN_CLIENT_SECRET: "${OAUTH_LINKEDIN_CLIENT_SECRET:-}"
# Search is optional: an empty MEILI_MASTER_KEY disables the search
# endpoint without affecting the rest of the API.
MEILI_URL: "http://meilisearch:7700"
MEILI_MASTER_KEY: "${MEILI_MASTER_KEY:-dev-insecure-meili-key}"
ports:
- "${HIRE_HOST_PORT:-8080}:8080"
depends_on:
db:
condition: service_healthy
# SvelteKit SSR frontend. nginx (:80) fronts both the Node SSR server and the
# Go API, keeping them same-origin for the auth cookie. The browser talks only
# to this container.
web:
build:
context: ./web
dockerfile: Dockerfile
environment:
# Public origin for canonical/sitemap/JSON-LD — match the host-facing URL.
ORIGIN: "${WEB_ORIGIN:-http://localhost:8090}"
# The Node SSR server fetches the Go API server-to-server (never relative).
API_INTERNAL_URL: "http://app:8080"
ports:
- "${WEB_HOST_PORT:-8090}:80"
depends_on:
- app
volumes:
pgdata:
meilisearch_data: