diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..2bbf71d --- /dev/null +++ b/.dockerignore @@ -0,0 +1,7 @@ +.venv +.git +.github +**/.pytest_cache +**/__pycache__ +.ruff_cache +**/.testing diff --git a/docker/Dockerfile.admin b/docker/Dockerfile.admin new file mode 100644 index 0000000..e138636 --- /dev/null +++ b/docker/Dockerfile.admin @@ -0,0 +1,30 @@ +# this Dockerfile should be built from the repo root +FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim AS builder + +ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy +ENV UV_PYTHON_DOWNLOADS=0 + +WORKDIR /build + +COPY . /build + +RUN uv build --package sshecret +RUN uv build --package sshecret-admin + + +FROM python:3.13-slim-bookworm + +COPY --from=builder --chown=app:app /build/dist /opt/sshecret + +RUN pip install /opt/sshecret/sshecret-*.whl +RUN pip install /opt/sshecret/sshecret_admin-*.whl + +EXPOSE 8822 + +VOLUME /opt/sshecret-admin + +WORKDIR /opt/sshecret-admin + +ENTRYPOINT [ "sshecret-admin" ] + +CMD ["run", "--host", "0.0.0.0"] diff --git a/docker/Dockerfile.backend b/docker/Dockerfile.backend new file mode 100644 index 0000000..4e0b3be --- /dev/null +++ b/docker/Dockerfile.backend @@ -0,0 +1,30 @@ +# this Dockerfile should be built from the repo root +FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim AS builder + +ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy +ENV UV_PYTHON_DOWNLOADS=0 +WORKDIR /build + +COPY . /build + +RUN uv build --package sshecret +RUN uv build --package sshecret-backend + + +FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim + +COPY --from=builder --chown=app:app /build/dist /opt/sshecret + +RUN uv pip install --system /opt/sshecret/sshecret-*.whl +RUN uv pip install --system /opt/sshecret/sshecret_backend-*.whl + +COPY packages/sshecret-backend /opt/sshecret-backend +COPY docker/backend.entrypoint.sh /entrypoint.sh + +WORKDIR /opt/sshecret-backend + +VOLUME /opt/sshecret-backend-db + +EXPOSE 8022 + +CMD ["/entrypoint.sh"] diff --git a/docker/Dockerfile.sshd b/docker/Dockerfile.sshd new file mode 100644 index 0000000..f635f18 --- /dev/null +++ b/docker/Dockerfile.sshd @@ -0,0 +1,26 @@ +# this Dockerfile should be built from the repo root +FROM ghcr.io/astral-sh/uv:python3.13-bookworm-slim AS builder + +ENV UV_COMPILE_BYTECODE=1 UV_LINK_MODE=copy +ENV UV_PYTHON_DOWNLOADS=0 +WORKDIR /build + +COPY . /build + +RUN uv build --package sshecret +RUN uv build --package sshecret-sshd + +FROM python:3.13-slim-bookworm + +COPY --from=builder --chown=app:app /build/dist /opt/sshecret + +RUN pip install /opt/sshecret/sshecret-*.whl +RUN pip install /opt/sshecret/sshecret_sshd-*.whl + +WORKDIR /opt/sshecret-sshd + +VOLUME /opt/sshecret-sshd + +EXPOSE 2222 + +CMD ["sshecret-sshd", "run", "--host", "0.0.0.0"] diff --git a/docker/backend.entrypoint.sh b/docker/backend.entrypoint.sh new file mode 100755 index 0000000..5576847 --- /dev/null +++ b/docker/backend.entrypoint.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +fail() { + printf '%s\n' "$1" >&2 ## Send message to stderr. + exit "${2-1}" ## Return a code specified by $2, or 1 by default. +} + +[[ -d migrations ]] || fail "Error: Must be run from the backend directory." +[[ -d /opt/sshecret-backend-db ]] || mkdir /opt/sshecret-backend-db + +export SSHECRET_BACKEND_DATABASE="/opt/sshecret-backend-db/sshecret.db" + +alembic upgrade head + +sshecret-backend run --host 0.0.0.0 diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml new file mode 100644 index 0000000..7c25f3d --- /dev/null +++ b/docker/docker-compose.yml @@ -0,0 +1,19 @@ +--- + +services: + backend: + image: sshecret-backend + container_name: sshecret_backend + build: + context: ../ + dockerfile: dockerfile.backend + networks: + - common + volumes: + - backend_data + +volumes: + backend_data: + +networks: + common: