binarybeachio: add local-test compose and .env example

.env.bb-local.example

@@ -0,0 +1,13 @@
+# bb-plane-fork local-test env — copy to `.env.bb-local` and fill in.
+# Gitignored. Used by docker-compose.bb-local.yml.
+
+# Zitadel OIDC client created at https://auth.binarybeach.io/ui/console/
+# (Project → Add Application → Web → Code flow). Redirect URIs to register:
+#   http://localhost:8888/auth/github/callback/
+#   https://pm.binarybeach.io/auth/github/callback/
+GITHUB_CLIENT_ID=__paste-from-zitadel__
+GITHUB_CLIENT_SECRET=__paste-from-zitadel__
+
+# Zitadel host. Setting this activates the OIDC code path in our patched
+# GitHubOAuthProvider. Override here if testing against a different Zitadel.
+ZITADEL_DOMAIN=auth.binarybeach.io

.gitignore

@@ -41,6 +41,9 @@ pnpm-debug.log*
 .env.test.local
 .env.production.local
 
+# binarybeachio fork-local test env (Zitadel OIDC client creds)
+.env.bb-local
+
 # Vercel
 .vercel
 

docker-compose.bb-local.yml

@@ -0,0 +1,212 @@
+# bb-plane-fork local-test compose — binarybeachio
+# ---------------------------------------------------------------------------
+# Spins up a Plane stack on the laptop using:
+#   - OUR PATCHED images (plane-backend, plane-frontend) built from this fork
+#   - Upstream-vanilla images for the other 4 services (per architecture
+#     doc §7.4 — only build what we touched)
+#   - Ephemeral local Postgres + Redis + RabbitMQ + MinIO (NOT shared-postgres;
+#     this is a destructible dev stack — `docker compose down -v` wipes everything)
+#   - Hosted Zitadel (auth.binarybeach.io) for the OIDC flow
+#
+# Build first, then run:
+#
+#   # Build patched images locally
+#   docker build -t plane-backend:bb-local -f apps/api/Dockerfile.api apps/api/
+#   docker build -t plane-frontend:bb-local -f apps/web/Dockerfile.web .
+#
+#   # Bring up
+#   docker compose -f docker-compose.bb-local.yml --env-file .env.bb-local up -d
+#
+#   # Watch logs
+#   docker compose -f docker-compose.bb-local.yml logs -f api worker
+#
+#   # Visit http://localhost:8888 — log in with break-glass admin or click
+#   # "Continue with binarybeach.io" to test the Zitadel OIDC flow
+#
+# Required env (.env.bb-local — gitignored):
+#   GITHUB_CLIENT_ID=<zitadel-app-client-id>
+#   GITHUB_CLIENT_SECRET=<zitadel-app-client-secret>
+#   ZITADEL_DOMAIN=auth.binarybeach.io  # already defaulted in compose
+# ---------------------------------------------------------------------------
+
+x-db-env: &db-env
+  PGHOST: plane-db
+  PGDATABASE: plane
+  POSTGRES_USER: plane
+  POSTGRES_PASSWORD: plane
+  POSTGRES_DB: plane
+  POSTGRES_PORT: 5432
+  PGDATA: /var/lib/postgresql/data
+
+x-redis-env: &redis-env
+  REDIS_HOST: plane-redis
+  REDIS_PORT: 6379
+  REDIS_URL: redis://plane-redis:6379/
+
+x-mq-env: &mq-env
+  RABBITMQ_HOST: plane-mq
+  RABBITMQ_PORT: 5672
+  RABBITMQ_DEFAULT_USER: plane
+  RABBITMQ_DEFAULT_PASS: plane
+  RABBITMQ_DEFAULT_VHOST: plane
+  RABBITMQ_USER: plane
+  RABBITMQ_PASSWORD: plane
+  RABBITMQ_VHOST: plane
+
+x-minio-env: &minio-env
+  MINIO_ROOT_USER: access-key
+  MINIO_ROOT_PASSWORD: secret-key
+
+x-aws-s3-env: &aws-s3-env
+  AWS_REGION: ""
+  AWS_ACCESS_KEY_ID: access-key
+  AWS_SECRET_ACCESS_KEY: secret-key
+  AWS_S3_ENDPOINT_URL: http://plane-minio:9000
+  AWS_S3_BUCKET_NAME: uploads
+
+x-proxy-env: &proxy-env
+  APP_DOMAIN: localhost:8888
+  FILE_SIZE_LIMIT: 5242880
+  CERT_EMAIL: ""
+  # Plane proxy's Caddy parser requires a syntactically valid CA URL even
+  # when not actually using ACME (we serve plain HTTP locally).
+  CERT_ACME_CA: https://acme-v02.api.letsencrypt.org/directory
+  CERT_ACME_DNS: ""
+  LISTEN_HTTP_PORT: 80
+  LISTEN_HTTPS_PORT: 443
+  BUCKET_NAME: uploads
+  SITE_ADDRESS: ":80"
+
+x-live-env: &live-env
+  API_BASE_URL: http://api:8000
+  LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse
+
+x-app-env: &app-env
+  WEB_URL: http://localhost:8888
+  CORS_ALLOWED_ORIGINS: http://localhost:8888
+  DEBUG: 1
+  GUNICORN_WORKERS: 1
+  USE_MINIO: 1
+  DATABASE_URL: postgresql://plane:plane@plane-db/plane
+  SECRET_KEY: bb-local-test-django-secret-do-not-reuse-anywhere-real
+  AMQP_URL: amqp://plane:plane@plane-mq:5672/plane
+  API_KEY_RATE_LIMIT: 60/minute
+  MINIO_ENDPOINT_SSL: 0
+  LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse
+  # === binarybeachio fork: OIDC via Zitadel ===
+  # ZITADEL_DOMAIN being set activates the OIDC code path in our patched
+  # GitHubOAuthProvider. URLs default to https://${ZITADEL_DOMAIN}/oauth/v2/...
+  ZITADEL_DOMAIN: ${ZITADEL_DOMAIN:-auth.binarybeach.io}
+  GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID}
+  GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET}
+
+services:
+  api:
+    image: plane-backend:bb-local
+    command: ./bin/docker-entrypoint-api.sh
+    environment:
+      <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env]
+    depends_on:
+      - plane-db
+      - plane-redis
+      - plane-mq
+
+  worker:
+    image: plane-backend:bb-local
+    command: ./bin/docker-entrypoint-worker.sh
+    environment:
+      <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env]
+    depends_on:
+      - api
+
+  beat-worker:
+    image: plane-backend:bb-local
+    command: ./bin/docker-entrypoint-beat.sh
+    environment:
+      <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env]
+    depends_on:
+      - api
+
+  migrator:
+    image: plane-backend:bb-local
+    command: ./bin/docker-entrypoint-migrator.sh
+    restart: "no"
+    environment:
+      <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env]
+    depends_on:
+      - plane-db
+      - plane-redis
+
+  web:
+    image: plane-frontend:bb-local
+    depends_on:
+      - api
+      - worker
+
+  space:
+    image: makeplane/plane-space:v1.3.0
+    depends_on:
+      - api
+      - worker
+      - web
+
+  admin:
+    image: makeplane/plane-admin:v1.3.0
+    depends_on:
+      - api
+      - web
+
+  live:
+    image: makeplane/plane-live:v1.3.0
+    environment:
+      <<: [*live-env, *redis-env]
+    depends_on:
+      - api
+      - web
+
+  plane-db:
+    image: postgres:15.7-alpine
+    command: postgres -c 'max_connections=1000'
+    environment:
+      <<: *db-env
+    volumes:
+      - bb-local-pgdata:/var/lib/postgresql/data
+
+  plane-redis:
+    image: valkey/valkey:7.2.11-alpine
+    volumes:
+      - bb-local-redisdata:/data
+
+  plane-mq:
+    image: rabbitmq:3.13.6-management-alpine
+    environment:
+      <<: *mq-env
+    volumes:
+      - bb-local-rmqdata:/var/lib/rabbitmq
+
+  plane-minio:
+    image: minio/minio:latest
+    command: server /export --console-address ":9090"
+    environment:
+      <<: *minio-env
+    volumes:
+      - bb-local-minio:/export
+
+  proxy:
+    image: makeplane/plane-proxy:v1.3.0
+    environment:
+      <<: *proxy-env
+    ports:
+      - "8888:80"
+    depends_on:
+      - web
+      - api
+      - space
+      - admin
+      - live
+
+volumes:
+  bb-local-pgdata:
+  bb-local-redisdata:
+  bb-local-rmqdata:
+  bb-local-minio: