forked from molecule-ai/molecule-core
e906f49ec0
Security: - Replace hardcoded Cloudflare account/zone/KV IDs in wrangler.toml with placeholders; add wrangler.toml to .gitignore, ship .example - Replace real EC2 IPs in docs with <EC2_IP> placeholders - Redact partial CF API token prefix in retrospective - Parameterize Langfuse dev credentials in docker-compose.infra.yml - Replace Neon project ID in runbook with <neon-project-id> Community: - Add CONTRIBUTING.md (build, test, branch conventions, CI info) - Add CODE_OF_CONDUCT.md (Contributor Covenant 2.1) Cleanup: - Replace personal runner username/machine name in CI + PLAN.md - Replace personal tenant URL in MCP setup guide - Replace personal author field in bundle-system doc - Replace personal login in webhook test fixture - Rewrite cryptominer incident reference as generic security remediation - Remove private repo commit hashes from PLAN.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
128 lines
3.6 KiB
YAML
128 lines
3.6 KiB
YAML
version: "3.9"
|
|
|
|
services:
|
|
postgres:
|
|
image: postgres:16-alpine
|
|
environment:
|
|
POSTGRES_USER: ${POSTGRES_USER:-dev}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-dev}
|
|
POSTGRES_DB: ${POSTGRES_DB:-molecule}
|
|
command: ["postgres", "-c", "wal_level=logical"]
|
|
ports:
|
|
- "5432:5432"
|
|
volumes:
|
|
- pgdata:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-dev}"]
|
|
interval: 2s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
langfuse-db-init:
|
|
image: postgres:16-alpine
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
environment:
|
|
POSTGRES_USER: ${POSTGRES_USER:-dev}
|
|
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-dev}
|
|
command:
|
|
- /bin/sh
|
|
- -c
|
|
- |
|
|
export PGPASSWORD="$${POSTGRES_PASSWORD}"
|
|
until pg_isready -h postgres -U "$${POSTGRES_USER}" -d postgres >/dev/null 2>&1; do
|
|
sleep 1
|
|
done
|
|
if ! psql -h postgres -U "$${POSTGRES_USER}" -d postgres -tAc "SELECT 1 FROM pg_database WHERE datname = 'langfuse'" | grep -q 1; then
|
|
psql -h postgres -U "$${POSTGRES_USER}" -d postgres -c "CREATE DATABASE langfuse"
|
|
fi
|
|
|
|
redis:
|
|
image: redis:7-alpine
|
|
command: ["redis-server", "--notify-keyspace-events", "KEA"]
|
|
ports:
|
|
- "6379:6379"
|
|
volumes:
|
|
- redisdata:/data
|
|
healthcheck:
|
|
test: ["CMD", "redis-cli", "ping"]
|
|
interval: 2s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
clickhouse:
|
|
image: clickhouse/clickhouse-server:24-alpine
|
|
environment:
|
|
CLICKHOUSE_DB: langfuse
|
|
CLICKHOUSE_USER: langfuse
|
|
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-langfuse-dev}
|
|
volumes:
|
|
- clickhousedata:/var/lib/clickhouse
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://127.0.0.1:8123/ping || exit 1"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
# dev-only: no-auth on 0.0.0.0:7233; production must gate via mTLS or API key
|
|
temporal:
|
|
image: temporalio/auto-setup:1.25
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
environment:
|
|
DB: postgres12
|
|
DB_PORT: 5432
|
|
POSTGRES_USER: ${POSTGRES_USER:-dev}
|
|
POSTGRES_PWD: ${POSTGRES_PASSWORD:-dev}
|
|
POSTGRES_SEEDS: postgres
|
|
DBNAME: temporal
|
|
VISIBILITY_DBNAME: temporal_visibility
|
|
ports:
|
|
- "7233:7233"
|
|
healthcheck:
|
|
test: ["CMD", "tctl", "--address", "temporal:7233", "cluster", "health"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 10
|
|
|
|
temporal-ui:
|
|
image: temporalio/ui:2.31.2
|
|
depends_on:
|
|
- temporal
|
|
environment:
|
|
TEMPORAL_ADDRESS: temporal:7233
|
|
TEMPORAL_CORS_ORIGINS: http://localhost:8233
|
|
ports:
|
|
- "8233:8080"
|
|
|
|
langfuse-web:
|
|
image: langfuse/langfuse:2
|
|
depends_on:
|
|
clickhouse:
|
|
condition: service_healthy
|
|
langfuse-db-init:
|
|
condition: service_completed_successfully
|
|
environment:
|
|
DATABASE_URL: postgres://${POSTGRES_USER:-dev}:${POSTGRES_PASSWORD:-dev}@postgres:5432/langfuse
|
|
CLICKHOUSE_URL: clickhouse://langfuse:${CLICKHOUSE_PASSWORD:-langfuse-dev}@clickhouse:9000/langfuse
|
|
CLICKHOUSE_USER: langfuse
|
|
CLICKHOUSE_PASSWORD: ${CLICKHOUSE_PASSWORD:-langfuse-dev}
|
|
LANGFUSE_AUTO_CLICKHOUSE_MIGRATION_DISABLED: "true"
|
|
NEXTAUTH_SECRET: ${LANGFUSE_SECRET:-changeme-langfuse-secret}
|
|
NEXTAUTH_URL: http://localhost:3001
|
|
SALT: ${LANGFUSE_SALT:-changeme-langfuse-salt}
|
|
ports:
|
|
- "3001:3000"
|
|
|
|
networks:
|
|
default:
|
|
name: molecule-monorepo-net
|
|
external: true
|
|
|
|
volumes:
|
|
pgdata:
|
|
redisdata:
|
|
clickhousedata:
|