Fix/evault access guard permission issue

docker-compose.core.yml

@@ -0,0 +1,147 @@
+version: '3.8'
+
+x-common-host-access: &common-host-access
+  extra_hosts:
+    - "host.docker.internal:host-gateway"
+  dns:
+    - 8.8.8.8
+    - 8.8.4.4
+    - 1.1.1.1
+
+services:
+  # PostgreSQL database for registry and evault-core
+  postgres:
+    image: postgres:15-alpine
+    container_name: metastate-postgres
+    ports:
+      - "5433:5432"
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_MULTIPLE_DATABASES=registry
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+      - ./db/init-multiple-databases.sh:/docker-entrypoint-initdb.d/init-multiple-databases.sh
+    networks:
+      - metastate-core-network
+    <<: *common-host-access
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging:
+      driver: "none"
+
+  # Neo4j for evault-core graph data
+  neo4j:
+    image: neo4j:5.15
+    container_name: metastate-neo4j
+    ports:
+      - "7474:7474" # HTTP
+      - "7687:7687" # Bolt
+    environment:
+      - NEO4J_AUTH=${NEO4J_USER:-neo4j}/${NEO4J_PASSWORD:-neo4j}
+      - NEO4J_USER=${NEO4J_USER:-neo4j}
+      - NEO4J_PASSWORD=${NEO4J_PASSWORD:-neo4j}
+      - NEO4J_dbms_connector_bolt_listen__address=0.0.0.0:7687
+      - NEO4J_dbms_connector_http_listen__address=0.0.0.0:7474
+      - NEO4J_dbms_connector_bolt_advertised__address=neo4j:7687
+    volumes:
+      - neo4j_data:/var/lib/neo4j/data
+    networks:
+      - metastate-core-network
+    <<: *common-host-access
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        # Remove any stale PID files before starting Neo4j
+        rm -f /var/lib/neo4j/run/neo4j.pid 2>/dev/null || true
+        rm -f /var/lib/neo4j/data/run/neo4j.pid 2>/dev/null || true
+        rm -f /var/lib/neo4j/data/neo4j.pid 2>/dev/null || true
+        find /var/lib/neo4j -name "*.pid" -type f -delete 2>/dev/null || true
+        find /var/lib/neo4j/data -name "*.pid" -type f -delete 2>/dev/null || true
+        exec /startup/docker-entrypoint.sh neo4j
+    healthcheck:
+      test: ["CMD-SHELL", "cypher-shell -u neo4j -p ${NEO4J_PASSWORD:-neo4j} 'RETURN 1' || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 10
+      start_period: 30s
+
+  # Registry service
+  registry:
+    profiles:
+      - core
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.registry
+      network: host
+    container_name: metastate-registry
+    ports:
+      - "4321:4321"
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - DATABASE_URL=${REGISTRY_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/registry}
+      - REGISTRY_SHARED_SECRET=${REGISTRY_SHARED_SECRET:-dev-secret-change-me}
+      - PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://localhost:4321}
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - metastate-core-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+  # eVault Core service
+  evault-core:
+    profiles:
+      - core
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.evault-core
+      network: host
+    container_name: metastate-evault-core
+    ports:
+      - "3001:3001" # Express (provisioning API)
+      - "4000:4000" # Fastify (GraphQL/HTTP)
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - EXPRESS_PORT=3001
+      - FASTIFY_PORT=4000
+      - PORT=4000
+      - REGISTRY_DATABASE_URL=${REGISTRY_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/registry}
+      - PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://registry:4321}
+      - REGISTRY_SHARED_SECRET=${REGISTRY_SHARED_SECRET:-dev-secret-change-me}
+      - NEO4J_URI=${NEO4J_URI:-bolt://neo4j:7687}
+      - NEO4J_USER=${NEO4J_USER:-neo4j}
+      - NEO4J_PASSWORD=${NEO4J_PASSWORD:-neo4j}
+      - EVAULT_PUBLIC_KEY=${EVAULT_PUBLIC_KEY:-}
+      - W3ID=${W3ID:-}
+    depends_on:
+      postgres:
+        condition: service_healthy
+      registry:
+        condition: service_started
+      neo4j:
+        condition: service_healthy
+    networks:
+      - metastate-core-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+volumes:
+  postgres_data:
+    driver: local
+  neo4j_data:
+    driver: local
+
+networks:
+  metastate-core-network:
+    driver: bridge
+    driver_opts:
+      com.docker.network.bridge.enable_icc: "true"
+      com.docker.network.bridge.enable_ip_masquerade: "true"
+    ipam:
+      config:
+        - subnet: 172.28.0.0/16

docker-compose.socials.yml

@@ -0,0 +1,140 @@
+version: '3.8'
+
+x-common-host-access: &common-host-access
+  extra_hosts:
+    - "host.docker.internal:host-gateway"
+
+services:
+  # PostgreSQL database for social platforms
+  postgres:
+    image: postgres:15-alpine
+    container_name: metastate-postgres-socials
+    ports:
+      - "5434:5432"
+    environment:
+      - POSTGRES_USER=postgres
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_MULTIPLE_DATABASES=blabsy_auth,pictique
+    volumes:
+      - postgres_socials_data:/var/lib/postgresql/data
+      - ./db/init-multiple-databases.sh:/docker-entrypoint-initdb.d/init-multiple-databases.sh
+    networks:
+      - metastate-socials-network
+    <<: *common-host-access
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    logging:
+      driver: "none"
+
+  # Blabsy W3DS Auth API
+  blabsy-w3ds-auth-api:
+    profiles:
+      - socials
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.blabsy-w3ds-auth-api
+    container_name: metastate-blabsy-api
+    ports:
+      - "3000:3000"
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - PORT=3000
+      - DATABASE_URL=${BLABSY_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/blabsy_auth}
+      - PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://localhost:4321}
+      - REGISTRY_SHARED_SECRET=${REGISTRY_SHARED_SECRET:-dev-secret-change-me}
+      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS:-}
+      - FIREBASE_CREDENTIALS_PATH=${FIREBASE_CREDENTIALS_PATH:-}
+      - BLABSY_MAPPING_DB_PATH=${BLABSY_MAPPING_DB_PATH:-/app/data/mapping-dbs/blabsy}
+    volumes:
+      - mapping_db_data:/app/data/mapping-dbs
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - metastate-socials-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+  # Blabsy Frontend
+  blabsy:
+    profiles:
+      - socials
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.blabsy
+    container_name: metastate-blabsy
+    ports:
+      - "8080:8080"
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - NEXT_PUBLIC_BASE_URL=${PUBLIC_BLABSY_BASE_URL:-http://localhost:3000}
+      - NEXT_PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://localhost:4321}
+    depends_on:
+      blabsy-w3ds-auth-api:
+        condition: service_started
+    networks:
+      - metastate-socials-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+  # Pictique API
+  pictique-api:
+    profiles:
+      - socials
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.pictique-api
+    container_name: metastate-pictique-api
+    ports:
+      - "1111:1111"
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - PORT=1111
+      - DATABASE_URL=${PICTIQUE_DATABASE_URL:-postgresql://postgres:postgres@postgres:5432/pictique}
+      - PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://localhost:4321}
+      - REGISTRY_SHARED_SECRET=${REGISTRY_SHARED_SECRET:-dev-secret-change-me}
+      - PICTIQUE_MAPPING_DB_PATH=${PICTIQUE_MAPPING_DB_PATH:-/app/data/mapping-dbs/pictique}
+    volumes:
+      - mapping_db_data:/app/data/mapping-dbs
+    depends_on:
+      postgres:
+        condition: service_healthy
+    networks:
+      - metastate-socials-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+  # Pictique Frontend
+  pictique:
+    profiles:
+      - socials
+    build:
+      context: .
+      dockerfile: ./docker/Dockerfile.pictique
+    container_name: metastate-pictique
+    ports:
+      - "5173:5173"
+    environment:
+      - NODE_ENV=${NODE_ENV:-production}
+      - PUBLIC_PICTIQUE_BASE_URL=${PUBLIC_PICTIQUE_BASE_URL:-http://localhost:1111}
+      - PUBLIC_REGISTRY_URL=${PUBLIC_REGISTRY_URL:-http://localhost:4321}
+    depends_on:
+      pictique-api:
+        condition: service_started
+    networks:
+      - metastate-socials-network
+    <<: *common-host-access
+    restart: unless-stopped
+
+volumes:
+  postgres_socials_data:
+    driver: local
+  mapping_db_data:
+    driver: local
+
+networks:
+  metastate-socials-network:
+    driver: bridge

docker/Dockerfile.blabsy

@@ -1,27 +1,43 @@
-FROM node:18-alpine AS base
-RUN apk update && apk add --no-cache libc6-compat
+FROM node:20-alpine AS base
+RUN apk add --no-cache libc6-compat python3 make g++
 WORKDIR /app
 
+# Set CI environment for non-interactive pnpm operations
+ENV CI=true
+ENV PYTHON=/usr/bin/python3
+RUN ln -sf python3 /usr/bin/python
+
 # ---
 FROM base AS prepare
-RUN corepack enable && corepack prepare pnpm@10.13.1 --activate
-RUN npm install -g turbo@^2
+RUN npm install -g pnpm@10.25.0 turbo@^2
 COPY . .
 RUN turbo prune blabsy --docker
 
 # ---
-FROM base AS runner
-RUN corepack enable && corepack prepare pnpm@10.13.1 --activate
-# Copy workspace config
-COPY --from=prepare /app/pnpm-workspace.yaml ./
-COPY --from=prepare /app/package.json ./
-# Copy pruned workspace
+FROM base AS builder
+RUN npm install -g pnpm@10.25.0
+# First install the dependencies (as they change less often)
 COPY --from=prepare /app/out/json/ .
-# Install dependencies (build will happen at runtime with volumes)
 RUN pnpm install --frozen-lockfile
+# Build the project
 COPY --from=prepare /app/out/full/ .
+RUN pnpm turbo build --filter=blabsy
+
+# ---
+FROM base AS runner
+# Copy built application
+COPY --from=builder /app/platforms/blabsy/package.json ./
+COPY --from=builder /app/platforms/blabsy/.next ./.next
+COPY --from=builder /app/platforms/blabsy/public ./public
+COPY --from=builder /app/platforms/blabsy/next.config.ts ./
+COPY --from=builder /app/platforms/blabsy/node_modules ./node_modules
 
-WORKDIR /app/platforms/blabsy
 EXPOSE 8080
-CMD ["pnpm", "dev"]
+ENV NODE_ENV=production
+ENV PORT=8080
+ENV HOSTNAME=0.0.0.0
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
+  CMD node -e "require('http').get('http://localhost:8080', (r) => {process.exit(r.statusCode === 200 ? 0 : 1)})"
 
+CMD ["node_modules/.bin/next", "start"]