From 46440c2720c0428a1c47a4b7d171f7e774158c4c Mon Sep 17 00:00:00 2001 From: binarybeach Date: Wed, 29 Apr 2026 16:56:48 -1000 Subject: [PATCH] binarybeachio: add local-test compose and .env example --- .env.bb-local.example | 13 +++ .gitignore | 3 + docker-compose.bb-local.yml | 212 ++++++++++++++++++++++++++++++++++++ 3 files changed, 228 insertions(+) create mode 100644 .env.bb-local.example create mode 100644 docker-compose.bb-local.yml diff --git a/.env.bb-local.example b/.env.bb-local.example new file mode 100644 index 000000000..75b764580 --- /dev/null +++ b/.env.bb-local.example @@ -0,0 +1,13 @@ +# bb-plane-fork local-test env — copy to `.env.bb-local` and fill in. +# Gitignored. Used by docker-compose.bb-local.yml. + +# Zitadel OIDC client created at https://auth.binarybeach.io/ui/console/ +# (Project → Add Application → Web → Code flow). Redirect URIs to register: +# http://localhost:8888/auth/github/callback/ +# https://pm.binarybeach.io/auth/github/callback/ +GITHUB_CLIENT_ID=__paste-from-zitadel__ +GITHUB_CLIENT_SECRET=__paste-from-zitadel__ + +# Zitadel host. Setting this activates the OIDC code path in our patched +# GitHubOAuthProvider. Override here if testing against a different Zitadel. +ZITADEL_DOMAIN=auth.binarybeach.io diff --git a/.gitignore b/.gitignore index e2e6441ba..1514af2a7 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,9 @@ pnpm-debug.log* .env.test.local .env.production.local +# binarybeachio fork-local test env (Zitadel OIDC client creds) +.env.bb-local + # Vercel .vercel diff --git a/docker-compose.bb-local.yml b/docker-compose.bb-local.yml new file mode 100644 index 000000000..9a0f183d0 --- /dev/null +++ b/docker-compose.bb-local.yml @@ -0,0 +1,212 @@ +# bb-plane-fork local-test compose — binarybeachio +# --------------------------------------------------------------------------- +# Spins up a Plane stack on the laptop using: +# - OUR PATCHED images (plane-backend, plane-frontend) built from this fork +# - Upstream-vanilla images for the other 4 services (per architecture +# doc §7.4 — only build what we touched) +# - Ephemeral local Postgres + Redis + RabbitMQ + MinIO (NOT shared-postgres; +# this is a destructible dev stack — `docker compose down -v` wipes everything) +# - Hosted Zitadel (auth.binarybeach.io) for the OIDC flow +# +# Build first, then run: +# +# # Build patched images locally +# docker build -t plane-backend:bb-local -f apps/api/Dockerfile.api apps/api/ +# docker build -t plane-frontend:bb-local -f apps/web/Dockerfile.web . +# +# # Bring up +# docker compose -f docker-compose.bb-local.yml --env-file .env.bb-local up -d +# +# # Watch logs +# docker compose -f docker-compose.bb-local.yml logs -f api worker +# +# # Visit http://localhost:8888 — log in with break-glass admin or click +# # "Continue with binarybeach.io" to test the Zitadel OIDC flow +# +# Required env (.env.bb-local — gitignored): +# GITHUB_CLIENT_ID= +# GITHUB_CLIENT_SECRET= +# ZITADEL_DOMAIN=auth.binarybeach.io # already defaulted in compose +# --------------------------------------------------------------------------- + +x-db-env: &db-env + PGHOST: plane-db + PGDATABASE: plane + POSTGRES_USER: plane + POSTGRES_PASSWORD: plane + POSTGRES_DB: plane + POSTGRES_PORT: 5432 + PGDATA: /var/lib/postgresql/data + +x-redis-env: &redis-env + REDIS_HOST: plane-redis + REDIS_PORT: 6379 + REDIS_URL: redis://plane-redis:6379/ + +x-mq-env: &mq-env + RABBITMQ_HOST: plane-mq + RABBITMQ_PORT: 5672 + RABBITMQ_DEFAULT_USER: plane + RABBITMQ_DEFAULT_PASS: plane + RABBITMQ_DEFAULT_VHOST: plane + RABBITMQ_USER: plane + RABBITMQ_PASSWORD: plane + RABBITMQ_VHOST: plane + +x-minio-env: &minio-env + MINIO_ROOT_USER: access-key + MINIO_ROOT_PASSWORD: secret-key + +x-aws-s3-env: &aws-s3-env + AWS_REGION: "" + AWS_ACCESS_KEY_ID: access-key + AWS_SECRET_ACCESS_KEY: secret-key + AWS_S3_ENDPOINT_URL: http://plane-minio:9000 + AWS_S3_BUCKET_NAME: uploads + +x-proxy-env: &proxy-env + APP_DOMAIN: localhost:8888 + FILE_SIZE_LIMIT: 5242880 + CERT_EMAIL: "" + # Plane proxy's Caddy parser requires a syntactically valid CA URL even + # when not actually using ACME (we serve plain HTTP locally). + CERT_ACME_CA: https://acme-v02.api.letsencrypt.org/directory + CERT_ACME_DNS: "" + LISTEN_HTTP_PORT: 80 + LISTEN_HTTPS_PORT: 443 + BUCKET_NAME: uploads + SITE_ADDRESS: ":80" + +x-live-env: &live-env + API_BASE_URL: http://api:8000 + LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse + +x-app-env: &app-env + WEB_URL: http://localhost:8888 + CORS_ALLOWED_ORIGINS: http://localhost:8888 + DEBUG: 1 + GUNICORN_WORKERS: 1 + USE_MINIO: 1 + DATABASE_URL: postgresql://plane:plane@plane-db/plane + SECRET_KEY: bb-local-test-django-secret-do-not-reuse-anywhere-real + AMQP_URL: amqp://plane:plane@plane-mq:5672/plane + API_KEY_RATE_LIMIT: 60/minute + MINIO_ENDPOINT_SSL: 0 + LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse + # === binarybeachio fork: OIDC via Zitadel === + # ZITADEL_DOMAIN being set activates the OIDC code path in our patched + # GitHubOAuthProvider. URLs default to https://${ZITADEL_DOMAIN}/oauth/v2/... + ZITADEL_DOMAIN: ${ZITADEL_DOMAIN:-auth.binarybeach.io} + GITHUB_CLIENT_ID: ${GITHUB_CLIENT_ID} + GITHUB_CLIENT_SECRET: ${GITHUB_CLIENT_SECRET} + +services: + api: + image: plane-backend:bb-local + command: ./bin/docker-entrypoint-api.sh + environment: + <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] + depends_on: + - plane-db + - plane-redis + - plane-mq + + worker: + image: plane-backend:bb-local + command: ./bin/docker-entrypoint-worker.sh + environment: + <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] + depends_on: + - api + + beat-worker: + image: plane-backend:bb-local + command: ./bin/docker-entrypoint-beat.sh + environment: + <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] + depends_on: + - api + + migrator: + image: plane-backend:bb-local + command: ./bin/docker-entrypoint-migrator.sh + restart: "no" + environment: + <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] + depends_on: + - plane-db + - plane-redis + + web: + image: plane-frontend:bb-local + depends_on: + - api + - worker + + space: + image: makeplane/plane-space:v1.3.0 + depends_on: + - api + - worker + - web + + admin: + image: makeplane/plane-admin:v1.3.0 + depends_on: + - api + - web + + live: + image: makeplane/plane-live:v1.3.0 + environment: + <<: [*live-env, *redis-env] + depends_on: + - api + - web + + plane-db: + image: postgres:15.7-alpine + command: postgres -c 'max_connections=1000' + environment: + <<: *db-env + volumes: + - bb-local-pgdata:/var/lib/postgresql/data + + plane-redis: + image: valkey/valkey:7.2.11-alpine + volumes: + - bb-local-redisdata:/data + + plane-mq: + image: rabbitmq:3.13.6-management-alpine + environment: + <<: *mq-env + volumes: + - bb-local-rmqdata:/var/lib/rabbitmq + + plane-minio: + image: minio/minio:latest + command: server /export --console-address ":9090" + environment: + <<: *minio-env + volumes: + - bb-local-minio:/export + + proxy: + image: makeplane/plane-proxy:v1.3.0 + environment: + <<: *proxy-env + ports: + - "8888:80" + depends_on: + - web + - api + - space + - admin + - live + +volumes: + bb-local-pgdata: + bb-local-redisdata: + bb-local-rmqdata: + bb-local-minio: