toolhive-cloud-ui/docker-compose.yaml at main · stacklok/toolhive-cloud-ui · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# ToolHive Cloud UI - Docker Compose Configuration
#
# Extends toolhive-registry-server docker-compose with the UI frontend.
#
# Prerequisites:
#   Clone the registry-server repo in the same parent directory:
#   git clone https://github.com/stacklok/toolhive-registry-server.git ../toolhive-registry-server
#
# Usage:
#   # Option 1: Create .env file with your config
#   # OIDC_ISSUER_URL=https://your-org.okta.com
#   # OIDC_CLIENT_ID=your-client-id
#   # OIDC_CLIENT_SECRET=your-client-secret
#   # OIDC_PROVIDER_ID=okta
#   # BETTER_AUTH_SECRET=your-secret
#   # API_BASE_URL=http://toolhive-registry-api:8080  (optional, default shown)
#   docker compose up --build
#
#   # Option 2: With mock OIDC (no .env needed):
#   docker compose --profile mock up --build
#
# Access:
#   - UI: http://localhost:3000
#   - API: http://localhost:8080 (from registry-server)
#   - OIDC Mock (if using --profile mock): http://localhost:4000

include:
  - path: ../toolhive-registry-server/docker-compose.yaml

services:
  # PostgreSQL for session storage (handles large OIDC tokens like Azure AD)
  # SECURITY NOTE: Credentials below are for LOCAL DEVELOPMENT ONLY.
  auth-db:
    image: postgres:18-alpine
    container_name: toolhive-auth-db
    ports:
      - "5433:5432"
    environment:
      - POSTGRES_DB=auth
      - POSTGRES_USER=auth
      - POSTGRES_PASSWORD=auth
    volumes:
      - auth-db-data:/var/lib/postgresql/data
      # Initialize Better Auth schema on first startup
      - ./db/init.sql:/docker-entrypoint-initdb.d/init.sql:ro
    networks:
      - registry-network
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U auth -d auth"]
      interval: 5s
      timeout: 5s
      retries: 5

  # Optional: OIDC mock for local development (use --profile mock)
  oidc-mock:
    profiles:
      - mock
    build:
      context: ./dev-auth
      dockerfile: Dockerfile
    container_name: toolhive-oidc-mock
    ports:
      - "4000:4000"
    extra_hosts:
      - "localhost:host-gateway"
    environment:
      - OIDC_ISSUER_URL=http://localhost:4000
    networks:
      - registry-network
    restart: unless-stopped

  cloud-ui:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: toolhive-cloud-ui
    depends_on:
      - registry-api
      - auth-db
    ports:
      - "3000:3000"
    extra_hosts:
      - "localhost:host-gateway"
    environment:
      # Backend API URL (internal Docker network)
      - API_BASE_URL=${API_BASE_URL:-http://toolhive-registry-api:8080}
      #
      # SECURITY NOTE: Default values below are for LOCAL DEVELOPMENT ONLY.
      # For production, always provide these via .env file with secure values.
      #
      # Better Auth configuration
      - BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET:-docker-compose-dev-secret-change-in-production}
      - BETTER_AUTH_URL=http://localhost:3000
      # OIDC configuration
      # For Okta: set OIDC_ISSUER_URL, OIDC_CLIENT_ID, OIDC_CLIENT_SECRET in .env
      # For mock: use --profile mock and defaults will work
      - OIDC_ISSUER_URL=${OIDC_ISSUER_URL:-http://localhost:4000}
      - OIDC_CLIENT_ID=${OIDC_CLIENT_ID:-better-auth-dev}
      - OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET:-dev-secret-change-in-production}
      - OIDC_PROVIDER_ID=${OIDC_PROVIDER_ID:-okta}
      # Database for session storage (handles large OIDC tokens like Azure AD)
      - DATABASE_URL=postgresql://auth:auth@toolhive-auth-db:5432/auth
    networks:
      - registry-network
    restart: unless-stopped

volumes:
  auth-db-data: