# bb-plane-fork local-test compose — binarybeachio # --------------------------------------------------------------------------- # Spins up a Plane stack on the laptop using: # - OUR PATCHED images (plane-backend, plane-frontend) built from this fork # - Upstream-vanilla images for the other 4 services (per architecture # doc §7.4 — only build what we touched) # - Ephemeral local Postgres + Redis + RabbitMQ + MinIO (NOT shared-postgres; # this is a destructible dev stack — `docker compose down -v` wipes everything) # - Hosted Zitadel (auth.binarybeach.io) for the OIDC flow # # Build first, then run: # # # Build patched images locally # docker build -t plane-backend:bb-local -f apps/api/Dockerfile.api apps/api/ # docker build -t plane-frontend:bb-local -f apps/web/Dockerfile.web . # # # Bring up # docker compose -f docker-compose.bb-local.yml --env-file .env.bb-local up -d # # # Watch logs # docker compose -f docker-compose.bb-local.yml logs -f api worker # # # Visit http://localhost:8888 — log in with email+password (break-glass-style) # # or, with BB_BRIDGE_PUBLIC_KEY_URL set, exercise the trusted-JWT endpoint # # by hand: GET http://localhost:8888/auth/sign-in-trusted/?token= # # Required env (.env.bb-local — gitignored): # BB_BRIDGE_PUBLIC_KEY_URL= # leave unset for vanilla email+password testing # --------------------------------------------------------------------------- x-db-env: &db-env PGHOST: plane-db PGDATABASE: plane POSTGRES_USER: plane POSTGRES_PASSWORD: plane POSTGRES_DB: plane POSTGRES_PORT: 5432 PGDATA: /var/lib/postgresql/data x-redis-env: &redis-env REDIS_HOST: plane-redis REDIS_PORT: 6379 REDIS_URL: redis://plane-redis:6379/ x-mq-env: &mq-env RABBITMQ_HOST: plane-mq RABBITMQ_PORT: 5672 RABBITMQ_DEFAULT_USER: plane RABBITMQ_DEFAULT_PASS: plane RABBITMQ_DEFAULT_VHOST: plane RABBITMQ_USER: plane RABBITMQ_PASSWORD: plane RABBITMQ_VHOST: plane x-minio-env: &minio-env MINIO_ROOT_USER: access-key MINIO_ROOT_PASSWORD: secret-key x-aws-s3-env: &aws-s3-env AWS_REGION: "" AWS_ACCESS_KEY_ID: access-key AWS_SECRET_ACCESS_KEY: secret-key AWS_S3_ENDPOINT_URL: http://plane-minio:9000 AWS_S3_BUCKET_NAME: uploads x-proxy-env: &proxy-env APP_DOMAIN: localhost:8888 FILE_SIZE_LIMIT: 5242880 CERT_EMAIL: "" # Plane proxy's Caddy parser requires a syntactically valid CA URL even # when not actually using ACME (we serve plain HTTP locally). CERT_ACME_CA: https://acme-v02.api.letsencrypt.org/directory CERT_ACME_DNS: "" LISTEN_HTTP_PORT: 80 LISTEN_HTTPS_PORT: 443 BUCKET_NAME: uploads SITE_ADDRESS: ":80" x-live-env: &live-env API_BASE_URL: http://api:8000 LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse x-app-env: &app-env WEB_URL: http://localhost:8888 CORS_ALLOWED_ORIGINS: http://localhost:8888 DEBUG: 1 GUNICORN_WORKERS: 1 USE_MINIO: 1 DATABASE_URL: postgresql://plane:plane@plane-db/plane SECRET_KEY: bb-local-test-django-secret-do-not-reuse-anywhere-real AMQP_URL: amqp://plane:plane@plane-mq:5672/plane API_KEY_RATE_LIMIT: 60/minute MINIO_ENDPOINT_SSL: 0 LIVE_SERVER_SECRET_KEY: bb-local-test-live-secret-do-not-reuse # === binarybeachio fork: Bucket-4 trusted-JWT entry-point === # When BB_BRIDGE_PUBLIC_KEY_URL is set, /auth/sign-in-trusted/ is enabled # and verifies bridge-issued JWTs against the URL-served PEM. When unset, # the endpoint returns 404 and Plane behaves like upstream-vanilla. # See apps/api/plane/authentication/views/app/trusted.py. BB_BRIDGE_PUBLIC_KEY_URL: ${BB_BRIDGE_PUBLIC_KEY_URL:-} # === binarybeachio session-lifecycle convention (15 min idle, slide-on-activity) === # Canonical: binarybeachio/infrastructure/_shared/.env.session-convention SESSION_COOKIE_AGE: ${SESSION_COOKIE_AGE:-900} ADMIN_SESSION_COOKIE_AGE: ${ADMIN_SESSION_COOKIE_AGE:-900} SESSION_SAVE_EVERY_REQUEST: ${SESSION_SAVE_EVERY_REQUEST:-1} services: api: image: plane-backend:bb-local command: ./bin/docker-entrypoint-api.sh environment: <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] depends_on: - plane-db - plane-redis - plane-mq worker: image: plane-backend:bb-local command: ./bin/docker-entrypoint-worker.sh environment: <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] depends_on: - api beat-worker: image: plane-backend:bb-local command: ./bin/docker-entrypoint-beat.sh environment: <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] depends_on: - api migrator: image: plane-backend:bb-local command: ./bin/docker-entrypoint-migrator.sh restart: "no" environment: <<: [*app-env, *db-env, *redis-env, *minio-env, *aws-s3-env, *proxy-env] depends_on: - plane-db - plane-redis web: image: plane-frontend:bb-local depends_on: - api - worker space: image: makeplane/plane-space:v1.3.0 depends_on: - api - worker - web admin: image: makeplane/plane-admin:v1.3.0 depends_on: - api - web live: image: makeplane/plane-live:v1.3.0 environment: <<: [*live-env, *redis-env] depends_on: - api - web plane-db: image: postgres:15.7-alpine command: postgres -c 'max_connections=1000' environment: <<: *db-env volumes: - bb-local-pgdata:/var/lib/postgresql/data plane-redis: image: valkey/valkey:7.2.11-alpine volumes: - bb-local-redisdata:/data plane-mq: image: rabbitmq:3.13.6-management-alpine environment: <<: *mq-env volumes: - bb-local-rmqdata:/var/lib/rabbitmq plane-minio: image: minio/minio:latest command: server /export --console-address ":9090" environment: <<: *minio-env volumes: - bb-local-minio:/export proxy: image: makeplane/plane-proxy:v1.3.0 environment: <<: *proxy-env ports: - "8888:80" depends_on: - web - api - space - admin - live volumes: bb-local-pgdata: bb-local-redisdata: bb-local-rmqdata: bb-local-minio: