Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: add script to start docker dependencies #233

Merged
merged 5 commits into from
Sep 7, 2024
Merged

chore: add script to start docker dependencies #233

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
58a2b70
chore: add script to start docker dependencies
Nictheboy Jun 23, 2024
0196158
docs: add cheese-start.sh
Nictheboy Aug 27, 2024
6783e40
docs: update README and scripts
Nictheboy Sep 6, 2024
a0bf3cf
docs: update README
Nictheboy Sep 6, 2024
192342b
docs: update README
Nictheboy Sep 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions docs/scripts/cheese-start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
#!/bin/sh
sudo systemctl start docker.service

sudo docker network create cheese_network
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check if the Docker network already exists.

The command to create the Docker network is correct, but it assumes the network does not already exist. Consider adding a check to avoid errors.

+if ! sudo docker network ls | grep -q cheese_network; then
+  sudo docker network create cheese_network
+fi
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
sudo docker network create cheese_network
if ! sudo docker network ls | grep -q cheese_network; then
sudo docker network create cheese_network
fi


sudo docker run -d \
--name elasticsearch \
--network cheese_network \
-e discovery.type=single-node \
-e xpack.security.enabled=true \
-e ELASTIC_USERNAME=elastic \
-e ELASTIC_PASSWORD=elastic \
--health-cmd="curl http://localhost:9200/_cluster/health" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=10 \
-p 9200:9200 \
docker.elastic.co/elasticsearch/elasticsearch:8.12.1
Comment on lines +6 to +18
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid using sudo for Docker commands and handle sensitive information securely.

  • If the user is part of the Docker group, sudo can be avoided for Docker commands.
  • Sensitive information like ELASTIC_PASSWORD should be handled securely, possibly using environment files or secrets management.
-sudo docker run -d \
+docker run -d \
    --name elasticsearch \
    --network cheese_network \
    -e discovery.type=single-node \
    -e xpack.security.enabled=true \
    -e ELASTIC_USERNAME=elastic \
    -e ELASTIC_PASSWORD=elastic \
    --health-cmd="curl http://localhost:9200/_cluster/health" \
    --health-interval=10s \
    --health-timeout=5s \
    --health-retries=10 \
    -p 9200:9200 \
    docker.elastic.co/elasticsearch/elasticsearch:8.12.1

Committable suggestion was skipped due to low confidence.


sudo docker run -d \
--name postgres \
--network cheese_network \
-e POSTGRES_PASSWORD=postgres \
--health-cmd="pg_isready" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=5 \
-p 5432:5432 \
postgres
Comment on lines +20 to +29
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid using sudo for Docker commands and handle sensitive information securely.

  • If the user is part of the Docker group, sudo can be avoided for Docker commands.
  • Sensitive information like POSTGRES_PASSWORD should be handled securely, possibly using environment files or secrets management.
-sudo docker run -d \
+docker run -d \
    --name postgres \
    --network cheese_network \
    -e POSTGRES_PASSWORD=postgres \
    --health-cmd="pg_isready" \
    --health-interval=10s \
    --health-timeout=5s \
    --health-retries=5 \
    -p 5432:5432 \
    postgres

Committable suggestion was skipped due to low confidence.

echo "Wait for 5 seconds please..."
sleep 5
sudo docker exec -i postgres bash << EOF
sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
sudo docker restart --time 0 postgres
Comment on lines +30 to +36
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid using sudo for Docker commands.

If the user is part of the Docker group, sudo can be avoided for Docker commands.

-sudo docker exec -i postgres bash << EOF
+docker exec -i postgres bash << EOF
    sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
    sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
-sudo docker restart --time 0 postgres
+docker restart --time 0 postgres
Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
echo "Wait for 5 seconds please..."
sleep 5
sudo docker exec -i postgres bash << EOF
sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
sudo docker restart --time 0 postgres
echo "Wait for 5 seconds please..."
sleep 5
docker exec -i postgres bash << EOF
sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
docker restart --time 0 postgres


sudo docker run -d \
--name cheese_legacy \
--network cheese_network \
-p 3000:3000 \
-e PORT=3000 \
-e JWT_SECRET="test-secret" \
-e PRISMA_DATABASE_URL="postgresql://postgres:postgres@postgres:5432/postgres?schema=public&connection_limit=16" \
-e ELASTICSEARCH_NODE=http://elasticsearch:9200/ \
-e ELASTICSEARCH_AUTH_USERNAME=elastic \
-e ELASTICSEARCH_AUTH_PASSWORD=elastic \
-e FILE_UPLOAD_PATH=/app/uploads \
-e DEFAULT_AVATAR_NAME=default.jpg \
-e EMAIL_SMTP_HOST=smtp.example.com \
-e EMAIL_SMTP_PORT=587 \
-e EMAIL_SMTP_SSL_ENABLE=true \
-e EMAIL_SMTP_USERNAME=user@example.com \
-e EMAIL_SMTP_PASSWORD=a_super_strong_password \
-e EMAIL_DEFAULT_FROM="No Reply <noreply@example.com>" \
ghcr.io/sageseekersociety/cheese-backend-dev:dev \
bash -c '
if [ ! -f "FLAG_INIT" ]; then
touch FLAG_INIT
pnpm prisma db push
fi
pnpm start
'
Comment on lines +38 to +63
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid using sudo for Docker commands and handle sensitive information securely.

  • If the user is part of the Docker group, sudo can be avoided for Docker commands.
  • Sensitive information like JWT_SECRET, PRISMA_DATABASE_URL, and email credentials should be handled securely, possibly using environment files or secrets management.
-sudo docker run -d \
+docker run -d \
    --name cheese_legacy \
    --network cheese_network \
    -p 3000:3000 \
    -e PORT=3000 \
    -e JWT_SECRET="test-secret" \
    -e PRISMA_DATABASE_URL="postgresql://postgres:postgres@postgres:5432/postgres?schema=public&connection_limit=16" \
    -e ELASTICSEARCH_NODE=http://elasticsearch:9200/ \
    -e ELASTICSEARCH_AUTH_USERNAME=elastic \
    -e ELASTICSEARCH_AUTH_PASSWORD=elastic \
    -e FILE_UPLOAD_PATH=/app/uploads \
    -e DEFAULT_AVATAR_NAME=default.jpg \
    -e EMAIL_SMTP_HOST=smtp.example.com \
    -e EMAIL_SMTP_PORT=587 \
    -e EMAIL_SMTP_SSL_ENABLE=true \
    -e EMAIL_SMTP_USERNAME=user@example.com \
    -e EMAIL_SMTP_PASSWORD=a_super_strong_password \
    -e EMAIL_DEFAULT_FROM="No Reply <noreply@example.com>" \
    ghcr.io/sageseekersociety/cheese-backend-dev:dev \
    bash -c '
    if [ ! -f "FLAG_INIT" ]; then
        touch FLAG_INIT
        pnpm prisma db push
    fi
    pnpm start
    '

Committable suggestion was skipped due to low confidence.

63 changes: 63 additions & 0 deletions docs/scripts/cheese.env
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# The port that the app will listen to
PORT=3000

# The secret used to sign the JWT token
# You MUST change this secret to your own secret!
# Otherwise, your app will be as insecure as with an empty admin password!
JWT_SECRET="test-secret"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure JWT secrets are secure.

The JWT_SECRET is hardcoded with a placeholder value. Ensure this is changed in production environments to a strong, unique secret.

# Example of setting JWT_SECRET securely
JWT_SECRET=$(openssl rand -base64 32)


DB_HOST=localhost # set DB_HOST to database to use with docker
DB_USERNAME=postgres
DB_PASSWORD=postgres # your passowrd
DB_PASSWORD_URL_FORMAT=postgres # password in url-format, see https://github.com/prisma/prisma/discussions/15679
DB_PORT=5432
DB_NAME=postgres

# The connection URL of the database for Prisma
# See https://www.prisma.io/docs/orm/reference/connection-urls for more information
# Keep align with the TypeORM configuration
PRISMA_DATABASE_URL="postgresql://${DB_USERNAME}:${DB_PASSWORD_URL_FORMAT}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public&connection_limit=16"

# The maximum amount of time the interactive transaction can run before being canceled and rolled back.
# See: https://github.com/prisma/prisma/releases/tag/5.10.0
# See: https://github.com/prisma/prisma/issues/15028
PRISMA_TRANSACTION_TIMEOUT=60000 # 60s

# The configuration for Elasticsearch
ELASTICSEARCH_NODE=http://localhost:9200/
ELASTICSEARCH_MAX_RETRIES=10
ELASTICSEARCH_REQUEST_TIMEOUT=60000
ELASTICSEARCH_PING_TIMEOUT=60000
ELASTICSEARCH_SNIFF_ON_START=true
ELASTICSEARCH_AUTH_USERNAME=elastic
ELASTICSEARCH_AUTH_PASSWORD=elastic
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure Elasticsearch credentials are secure.

The Elasticsearch credentials (ELASTICSEARCH_AUTH_USERNAME and ELASTICSEARCH_AUTH_PASSWORD) are hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
ELASTICSEARCH_AUTH_USERNAME=$ELASTICSEARCH_AUTH_USERNAME
ELASTICSEARCH_AUTH_PASSWORD=$ELASTICSEARCH_AUTH_PASSWORD


# The configuration for uploaded files
FILE_UPLOAD_PATH=/tmp/app/uploads
DEFAULT_AVATAR_NAME=default.jpg


# The configuration for CORS
CORS_ORIGINS=http://localhost:3000 # use `,` to separate multiple origins
CORS_METHODS=GET,POST,PUT,PATCH,DELETE
CORS_HEADERS=Content-Type,Authorization
CORS_CREDENTIALS=true

# additionally setup the following if you want to use docker-compose
# to setup environment
POSTGRES_DB=${DB_NAME}
POSTGRES_USER=${DB_USERNAME}
POSTGRES_PASSWORD=${DB_PASSWORD}

# Email configuration:
EMAIL_SMTP_HOST=smtp.example.com
EMAIL_SMTP_PORT=587
EMAIL_SMTP_SSL_ENABLE=true
EMAIL_SMTP_USERNAME=user@example.com
EMAIL_SMTP_PASSWORD=a_super_strong_password
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure email credentials are secure.

The email password is hardcoded with a placeholder value. Ensure this is changed in production environments to a strong, unique password.

# Example of setting EMAIL_SMTP_PASSWORD securely
EMAIL_SMTP_PASSWORD=$(openssl rand -base64 32)

EMAIL_DEFAULT_FROM='"No Reply" <noreply@example.com>'

# Email test configuration:
# Enabling email test means when you run test, emails will be sent.
EMAILTEST_ENABLE=false
EMAILTEST_RECEIVER=developer@example.com
3 changes: 3 additions & 0 deletions docs/scripts/dependency-restart.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh
sudo systemctl start docker
sudo docker restart elasticsearch postgres
32 changes: 32 additions & 0 deletions docs/scripts/dependency-start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/sh
sudo systemctl start docker.service
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider removing sudo for Docker commands.

Using sudo with Docker commands is generally not recommended as it can lead to security risks and is unnecessary if the user is part of the docker group. Consider adding the user to the docker group instead.

# Add the user to the docker group to avoid using sudo
sudo usermod -aG docker $USER


sudo docker run -d \
--name elasticsearch \
-e discovery.type=single-node \
-e xpack.security.enabled=true \
-e ELASTIC_USERNAME=elastic \
-e ELASTIC_PASSWORD=elastic \
--health-cmd="curl http://localhost:9200/_cluster/health" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=10 \
-p 9200:9200 \
docker.elastic.co/elasticsearch/elasticsearch:8.12.1
Comment on lines +4 to +15
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure Elasticsearch credentials are secure.

The Elasticsearch credentials (ELASTIC_USERNAME and ELASTIC_PASSWORD) are hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
-e ELASTIC_USERNAME=$ELASTIC_USERNAME \
-e ELASTIC_PASSWORD=$ELASTIC_PASSWORD \


sudo docker run -d \
--name postgres \
-e POSTGRES_PASSWORD=postgres \
--health-cmd="pg_isready" \
--health-interval=10s \
--health-timeout=5s \
--health-retries=5 \
-p 5432:5432 \
postgres
Comment on lines +17 to +25
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ensure PostgreSQL credentials are secure.

The PostgreSQL password is hardcoded. Consider using environment variables or a secure vault to manage sensitive information.

# Example of using environment variables
-e POSTGRES_PASSWORD=$POSTGRES_PASSWORD \

echo "Wait for 5 seconds please..."
sleep 5
sudo docker exec -i postgres bash << EOF
sed -i -e 's/max_connections = 100/max_connections = 1000/' /var/lib/postgresql/data/postgresql.conf
sed -i -e 's/shared_buffers = 128MB/shared_buffers = 2GB/' /var/lib/postgresql/data/postgresql.conf
EOF
Comment on lines +28 to +31
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Avoid inline configuration changes for PostgreSQL.

Modifying PostgreSQL configuration files directly within the container can lead to issues with container immutability and reproducibility. Consider using a custom Docker image or a volume to manage configuration changes.

# Consider creating a custom Docker image with the necessary configurations
# or mounting a configuration file using a volume.

sudo docker restart --time 0 postgres
Loading