Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Add docker support #182

Open
wants to merge 4 commits into
base: development
Choose a base branch
from
Open

feat: Add docker support #182

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1b3f20d
feat: add docker support
YuevUwU Sep 25, 2024
a107b9a
feat(docker,env): add dev/prod mode switch with better config
YuevUwU Dec 1, 2024
218477c
refactor(docker): shorten dockerfile
YuevUwU Dec 15, 2024
a3685ea
feat(docker): add run scripts
YuevUwU Dec 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions .docker/bot/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
FROM python:3.11-slim-bullseye AS base

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
&& rm -rf /var/lib/apt/lists/*
Comment on lines +5 to +7
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! Let's pin those package versions for reproducibility 🐱

To ensure consistent builds across environments, we should pin the version of build-essential.

Here's how to fix it:

 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential \
+    build-essential=12.9 \
     && rm -rf /var/lib/apt/lists/*

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Hadolint (2.12.0)

[warning] 6-6: Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>

(DL3008)


FROM base AS builder

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

FROM base AS development

COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages

CMD ["python3", "main.py"]
Comment on lines +14 to +19
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

This development environment needs some toys to play with! 🧶

Consider adding development tools like:

  • debugger (pdb)
  • testing frameworks
  • linters
    Also, let's not run as root!
FROM base AS development

COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages

+RUN pip install --no-cache-dir pytest pylint debugpy
+
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+USER appuser

CMD ["python3", "main.py"]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
FROM base AS development
COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
CMD ["python3", "main.py"]
FROM base AS development
COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
RUN pip install --no-cache-dir pytest pylint debugpy
RUN groupadd -r appuser && useradd -r -g appuser appuser
USER appuser
CMD ["python3", "main.py"]


FROM base AS production

COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages

COPY . .
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Careful with that COPY command! 🙀

The COPY . . command might include unnecessary files like .git, __pycache__, etc.

Let's add a .dockerignore file to exclude unnecessary files. Would you like me to help create one?

Also, consider being more explicit about what files you need:

-COPY . .
+COPY main.py .
+COPY src/ src/

Committable suggestion skipped: line range outside the PR's diff.


CMD ["python3", "main.py"]
2 changes: 2 additions & 0 deletions .docker/nginx/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
FROM nginx:1.26-alpine
COPY nginx.conf /etc/nginx/conf.d/default.conf
Comment on lines +1 to +2
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Add some Dockerfile whiskers for better security! 🐱

Meow! Let's make this Dockerfile more secure and efficient:

 FROM nginx:1.26-alpine
+# Add non-root user
+RUN adduser -D -H -u 101 -s /sbin/nologin nginx
+
 COPY nginx.conf /etc/nginx/conf.d/default.conf
+# Set proper permissions
+RUN chown -R nginx:nginx /etc/nginx/conf.d/default.conf \
+    && chmod 644 /etc/nginx/conf.d/default.conf
+
+# Switch to non-root user
+USER nginx

Committable suggestion skipped: line range outside the PR's diff.

20 changes: 20 additions & 0 deletions .docker/nginx/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
server {
listen 80;
server_name localhost;
# listen 443 ssl http2;
# server_name localhost;
# ssl_protocols TLSv1.2 TLSv1.3;
# ssl_prefer_server_ciphers on;
# ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

location / {
proxy_pass http://web:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Comment on lines +10 to +16
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Add some security whiskers to your proxy configuration! 🐱

Meow! While your proxy settings are good, they could use some extra protection. Let's add some security headers:

 location / {
     proxy_pass http://web:5000;
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
+    # Security headers
+    add_header X-Frame-Options "SAMEORIGIN" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header X-Content-Type-Options "nosniff" always;
 }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
location / {
proxy_pass http://web:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://web:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
}


access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
Comment on lines +18 to +19
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Redirect logs for smoother sailing in Docker 🌊

In Docker environments, it's common to direct logs to stdout and stderr. This allows Docker to handle log management effectively:

-    access_log /var/log/nginx/access.log;
-    error_log /var/log/nginx/error.log;
+    access_log /dev/stdout;
+    error_log /dev/stderr;
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
access_log /dev/stdout;
error_log /dev/stderr;

}
Comment on lines +1 to +20
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Consider tidying up the commented sections 🐾

The Nginx configuration contains several commented-out SSL directives. If SSL isn't set up yet, consider removing or organizing these comments to reduce clutter and avoid confusion.

36 changes: 36 additions & 0 deletions .docker/web/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
FROM python:3.11-slim-bullseye AS base

WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
build-essential \
&& rm -rf /var/lib/apt/lists/*
Comment on lines +4 to +6
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! Let's pin those package versions for reproducibility 🐱

For a more deterministic build process, we should pin the version of build-essential. This ensures consistent builds across different environments.

 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential \
+    build-essential=12.9 \
     && rm -rf /var/lib/apt/lists/*

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 Hadolint (2.12.0)

[warning] 6-6: Pin versions in apt get install. Instead of apt-get install <package> use apt-get install <package>=<version>

(DL3008)


FROM base AS builder
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
Comment on lines +9 to +10
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Add hash pinning to requirements.txt 🐱

paws at the requirements file Let's enhance security by adding hash pinning.

Example format for requirements.txt:

flask==2.0.1 --hash=sha256:1c4c257b1892aec1398784c63791cbaa43062f1f7aeb555c4da961b20ee68f55


FROM base AS development
WORKDIR /app
COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
ENV FLASK_APP=app.py \
FLASK_ENV=development \
FLASK_RUN_PORT=5000 \
FLASK_RUN_HOST=0.0.0.0
EXPOSE 5000
CMD ["flask", "run"]

FROM base AS gunicorn
RUN pip install --no-cache-dir gunicorn

FROM base AS production

COPY --from=builder /usr/local/bin /usr/local/bin
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=gunicorn /usr/local/bin /usr/local/bin
COPY --from=gunicorn /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages

COPY . .
ENV GUNICORN_CMD_ARGS="--bind=0.0.0.0:5000 --workers=3"
EXPOSE 5000
CMD ["gunicorn", "app:app"]
179 changes: 179 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,179 @@
# Byte-compiled / optimized / DLL files
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Meow! Let's add proper attribution! 🐱

grooms thoughtfully Since this file was copied from another repository, we should add proper attribution at the top:

+# This .dockerignore file was sourced from: [original repository URL]
+# Original license: MIT
+
 # Byte-compiled / optimized / DLL files

This helps maintain transparency and comply with the original MIT license!

Committable suggestion skipped: line range outside the PR's diff.

__pycache__/
*.py[cod]
*$py.class

# C extensions
*.so

# Distribution / packaging
.Python
# build/
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Meow! Uncomment that build pattern! 🐱

paws at line 11 The build/ directory should be ignored to prevent unnecessary files from being included in your Docker context:

-# build/
+build/
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# build/
build/

develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
.pybuilder/
target/

# Jupyter Notebook
.ipynb_checkpoints

# IPython
profile_default/
ipython_config.py

# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version

# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock

# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
Comment on lines +85 to +102
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Purr-haps we should make a decision about these? 🐱

tilts head curiously Since we're using Docker, it's recommended to uncomment these patterns to keep our build context clean:

-# .python-version
+.python-version

-#Pipfile.lock
+Pipfile.lock
+Pipfile

-#poetry.lock
+poetry.lock
+pyproject.toml

These files aren't needed in the Docker context since we'll manage dependencies through requirements.txt or similar!

Committable suggestion skipped: line range outside the PR's diff.


# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/latest/usage/project/#working-with-version-control
.pdm.toml
.pdm-python
.pdm-build/

# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/

# Celery stuff
celerybeat-schedule
celerybeat.pid

# SageMath parsed files
*.sage.py

# Environments
# .env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

Comment on lines +124 to +132
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Purr-tect your secrets! 🐱

scratches thoughtfully The .env file is commented out (line 125), but it should be ignored to prevent sensitive information from being included in the Docker context:

 # Environments
-# .env
+.env
+.env.*
+!.env.example

This ensures your secrets stay safe while keeping the example file for reference!

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Environments
# .env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Environments
.env
.env.*
!.env.example
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
.dmypy.json
dmypy.json

# Pyre type checker
.pyre/

# pytype static type analyzer
.pytype/

# Cython debug symbols
cython_debug/

# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/

# Docker
.docker/
**/docker-compose.yml
**/docker-compose.*.yml
**/docker-compose.yaml
**/docker-compose.*.yaml
**/compose.yml
**/compose.*.yml
**/compose.yaml
**/compose.*.yaml

Comment on lines +164 to +174
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Meow! Watch out for those Docker compose patterns! 🐱

purrs with concern The patterns **/docker-compose.yml and related entries might prevent Docker from finding your compose files. Consider modifying these patterns to exclude the root docker-compose files:

 .docker/
-**/docker-compose.yml
-**/docker-compose.*.yml
-**/docker-compose.yaml
-**/docker-compose.*.yaml
+**/*/docker-compose.yml
+**/*/docker-compose.*.yml
+**/*/docker-compose.yaml
+**/*/docker-compose.*.yaml

This way, only nested compose files are ignored while keeping the root ones accessible!

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Docker
.docker/
**/docker-compose.yml
**/docker-compose.*.yml
**/docker-compose.yaml
**/docker-compose.*.yaml
**/compose.yml
**/compose.*.yml
**/compose.yaml
**/compose.*.yaml
# Docker
.docker/
**/*/docker-compose.yml
**/*/docker-compose.*.yml
**/*/docker-compose.yaml
**/*/docker-compose.*.yaml
**/compose.yml
**/compose.*.yml
**/compose.yaml
**/compose.*.yaml

db-data/
log/

# CI/CD
.github
8 changes: 8 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,14 @@ MYSQL_PORT=資料庫連接埠
MYSQL_DATABASE=資料庫名稱
HOST=資料庫主機位址

# Docker MySQL initialization
MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
MYSQL_HOST_PORT=本地訪問容器內MySQL的端口號
NGINX_HOST_PORT=本地訪問容器內NGINX的端口號
NGINX_HTTPS_HOST_PORT=本地訪問容器內NGINX用於HTTPS的端口號
FLASK_HOST_PORT=本地訪問容器內商店的端口號
NGINX_LOG_PATH=本地 NGINX Log 儲存位置
Comment on lines +11 to +17
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! Let's make these Docker configurations more secure and clear! 🐱

A few whiskers need grooming in our Docker configuration:

  1. The MySQL root password should be used only for initial setup
  2. Port configurations should have default values
  3. Documentation could be more detailed
 # Docker MySQL initialization
-MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
+# WARNING: Use a strong password (min 16 chars, mixed case, numbers, symbols)
+# This password is only used during initial database setup
+MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
+
+# Docker port mappings (default values shown)
+MYSQL_HOST_PORT=3306
+NGINX_HOST_PORT=80
+NGINX_HTTPS_HOST_PORT=443
+FLASK_HOST_PORT=5000
+
+# Docker volume configurations
+# Absolute path recommended for NGINX logs
+NGINX_LOG_PATH=/var/log/nginx/myapp
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Docker MySQL initialization
MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
MYSQL_HOST_PORT=本地訪問容器內MySQL的端口號
NGINX_HOST_PORT=本地訪問容器內NGINX的端口號
NGINX_HTTPS_HOST_PORT=本地訪問容器內NGINX用於HTTPS的端口號
FLASK_HOST_PORT=本地訪問容器內商店的端口號
NGINX_LOG_PATH=本地 NGINX Log 儲存位置
# Docker MySQL initialization
# WARNING: Use a strong password (min 16 chars, mixed case, numbers, symbols)
# This password is only used during initial database setup
MYSQL_ROOT_PASSWORD=資料庫root密碼(Docker用戶必填)
# Docker port mappings (default values shown)
MYSQL_HOST_PORT=3306
NGINX_HOST_PORT=80
NGINX_HTTPS_HOST_PORT=443
FLASK_HOST_PORT=5000
# Docker volume configurations
# Absolute path recommended for NGINX logs
NGINX_LOG_PATH=/var/log/nginx/myapp


# Global configuration
DISCORD_TOKEN=Discord機器人token
GUILD_ID=機器人所在伺服器ID
Expand Down
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,4 @@ read.txt

# Docker
docker-compose.override.yml
log/
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Paw-sitive addition, but let's make it more specific! 😸

While adding log/ is good, we could make it more comprehensive for logging patterns.

Here's a more detailed suggestion:

-log/
+# Logs
+logs/
+log/
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Docker specific
+docker-compose.override.yaml
+.docker/data/
+.docker-sync/

This will help keep our repository clean and tidy, just like a well-groomed cat! 🧹

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
log/
# Logs
logs/
log/
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
# Docker specific
docker-compose.override.yaml
.docker/data/
.docker-sync/

13 changes: 13 additions & 0 deletions docker-compose.override.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
version: '3.8'

services:
web:
build:
target: development
volumes:
- .:/app
Comment on lines +7 to +8
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Hiss! 🙀 These volume mounts are too purr-miscuous!

Mounting the entire project directory could expose sensitive files and impact performance. Let's be more selective!

Apply this diff to fix the volume mounts and add development configurations:

   web:
     build:
       target: development
     volumes:
-      - .:/app
+      - ./app:/app
+      - ./tests:/app/tests
+    environment:
+      - FLASK_ENV=development
+      - FLASK_DEBUG=1
+    ports:
+      - "${FLASK_HOST_PORT:-5000}:5000"
   bot:
     build:
       target: development
     volumes:
-      - .:/app
+      - ./app:/app
+      - ./tests:/app/tests
+    environment:
+      - ENV=development
+    ports:
+      - "8080:8080"

Also applies to: 12-13

bot:
build:
target: development
volumes:
- .:/app
9 changes: 9 additions & 0 deletions docker-compose.prod.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
version: '3.8'

services:
web:
build:
target: production
bot:
build:
target: production
Comment on lines +1 to +9
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! 😺 This production configuration needs more whiskers!

The production configuration is too bare-bones. Consider adding these essential configurations:

  1. Resource limits to prevent container resource abuse
  2. Health checks for container monitoring
  3. Restart policies for reliability
  4. Network configurations for security

Here's a more robust configuration:

 version: '3.8'
 
 services:
   web:
     build:
       target: production
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 512M
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+    networks:
+      - internal
   bot:
     build:
       target: production
+    deploy:
+      resources:
+        limits:
+          cpus: '0.3'
+          memory: 256M
+    healthcheck:
+      test: ["CMD", "python3", "-c", "import http.client; conn = http.client.HTTPConnection('localhost:8080'); conn.request('GET', '/health'); response = conn.getresponse(); exit(0 if response.status == 200 else 1)"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+    networks:
+      - internal
+
+networks:
+  internal:
+    driver: bridge
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
version: '3.8'
services:
web:
build:
target: production
bot:
build:
target: production
version: '3.8'
services:
web:
build:
target: production
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:5000/health"]
interval: 30s
timeout: 10s
retries: 3
restart: unless-stopped
networks:
- internal
bot:
build:
target: production
deploy:
resources:
limits:
cpus: '0.3'
memory: 256M
healthcheck:
test: ["CMD", "python3", "-c", "import http.client; conn = http.client.HTTPConnection('localhost:8080'); conn.request('GET', '/health'); response = conn.getresponse(); exit(0 if response.status == 200 else 1)"]
interval: 30s
timeout: 10s
retries: 3
restart: unless-stopped
networks:
- internal
networks:
internal:
driver: bridge
🧰 Tools
🪛 yamllint (1.35.1)

[error] 9-9: no new line character at the end of file

(new-line-at-end-of-file)

71 changes: 71 additions & 0 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
version: '3.8'

services:
db:
image: mysql:8.0
restart: unless-stopped
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 600s
volumes:
- db-data:/var/lib/mysql
- ./static:/docker-entrypoint-initdb.d
networks:
- backnet
env_file:
- .env
expose:
- 3306
Comment on lines +4 to +21
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! Let's secure our database configuration 🐱

A few whiskers need grooming in our database setup:

  1. The static directory mount at line 15 needs careful consideration
  2. We should add resource constraints
  3. Consider using secrets instead of environment variables for sensitive data

Here's a purr-fect improvement:

   db:
     image: mysql:8.0
     restart: unless-stopped
+    deploy:
+      resources:
+        limits:
+          memory: 1G
     healthcheck:
       test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}"]
       interval: 10s
       timeout: 5s
       retries: 5
       start_period: 600s
     volumes:
       - db-data:/var/lib/mysql
-      - ./static:/docker-entrypoint-initdb.d
+      - type: bind
+        source: ./static
+        target: /docker-entrypoint-initdb.d
+        read_only: true
     networks:
       - backnet
     env_file:
       - .env
     expose:
       - 3306
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
db:
image: mysql:8.0
restart: unless-stopped
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 600s
volumes:
- db-data:/var/lib/mysql
- ./static:/docker-entrypoint-initdb.d
networks:
- backnet
env_file:
- .env
expose:
- 3306
db:
image: mysql:8.0
restart: unless-stopped
deploy:
resources:
limits:
memory: 1G
healthcheck:
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "${MYSQL_USER}", "--password=${MYSQL_PASSWORD}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 600s
volumes:
- db-data:/var/lib/mysql
- type: bind
source: ./static
target: /docker-entrypoint-initdb.d
read_only: true
networks:
- backnet
env_file:
- .env
expose:
- 3306


web:
build:
context: .
dockerfile: .docker/web/Dockerfile
restart: unless-stopped
ports:
- ${FLASK_HOST_PORT}:5000
networks:
- backnet
- frontnet
depends_on:
db:
condition: service_healthy
env_file:
- .env

bot:
build:
context: .
dockerfile: .docker/bot/Dockerfile
restart: unless-stopped
networks:
- backnet
depends_on:
db:
condition: service_healthy
env_file:
- .env

nginx:
build:
context: .docker/nginx
restart: unless-stopped
ports:
- ${NGINX_HOST_PORT}:80
# - ${NGINX_HTTPS_HOST_PORT}:443
depends_on:
- web
volumes:
- "${NGINX_LOG_PATH}:/var/log/nginx"
networks:
- frontnet

volumes:
db-data:

networks:
backnet:
frontnet:
Comment on lines +66 to +71
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick (assertive)

Just a tiny formatting fix needed 🐱

The network separation looks great! Just need to add a newline at the end of the file.

 networks:
   backnet:
   frontnet:
+

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 yamllint (1.35.1)

[error] 74-74: no new line character at the end of file

(new-line-at-end-of-file)

1 change: 1 addition & 0 deletions run-dev.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
docker compose up --build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Meow! Let's make this script more purr-fessional! 🐱

While the command is correct, we need some whisker-twitching improvements:

+#!/bin/bash
+set -e
+
 docker compose up --build
+
+# Add graceful shutdown
+trap 'docker compose down' EXIT

Reasons for these changes:

  • Adding shebang for proper shell identification
  • set -e ensures the script stops if any command fails
  • Trap ensures cleanup on script exit

Would you like me to help implement these improvements? Just give me a purr! 😺

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
docker compose up --build
#!/bin/bash
set -e
docker compose up --build
# Add graceful shutdown
trap 'docker compose down' EXIT
🧰 Tools
🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

1 change: 1 addition & 0 deletions run-prod.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
docker compose -f docker-compose.yaml -f docker-compose.prod.yaml up --build
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Time to make this production script purr-fect! 🐱

Just like its development sibling, this script needs some improvements to be production-ready!

+#!/bin/bash
+set -e
+
+# Verify compose files exist
+for file in docker-compose.yaml docker-compose.prod.yaml; do
+  if [ ! -f "$file" ]; then
+    echo "Missing required file: $file" >&2
+    exit 1
+  fi
+done
+
 docker compose -f docker-compose.yaml -f docker-compose.prod.yaml up --build
+
+# Add graceful shutdown
+trap 'docker compose -f docker-compose.yaml -f docker-compose.prod.yaml down' EXIT

Meow! These changes will:

  • Add proper shell script structure
  • Verify required files exist
  • Ensure clean container shutdown

Need help implementing these changes? Just scratch my head! 😺

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
docker compose -f docker-compose.yaml -f docker-compose.prod.yaml up --build
#!/bin/bash
set -e
# Verify compose files exist
for file in docker-compose.yaml docker-compose.prod.yaml; do
if [ ! -f "$file" ]; then
echo "Missing required file: $file" >&2
exit 1
fi
done
docker compose -f docker-compose.yaml -f docker-compose.prod.yaml up --build
# Add graceful shutdown
trap 'docker compose -f docker-compose.yaml -f docker-compose.prod.yaml down' EXIT
🧰 Tools
🪛 Shellcheck (0.10.0)

[error] 1-1: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.

(SC2148)

Loading