72d16929ca
Major refactoring to hexagonal (ports & adapters) architecture: - Add service layer (apikey_service, project_service) for business logic - Add webhook system with dispatcher and delivery tracking - Add command queue with priority-based processing - Add rate limiting with sliding window algorithm - Add audit logging for command execution - Add OpenTelemetry integration (traces, metrics, spans) - Add circuit breaker for fault tolerance - Add cached repository wrapper for performance - Add comprehensive validation package - Add Kubernetes client integration for pod management - Add database migrations (allowed_ips, audit_log, rate_limiting, queue, webhooks) - Add network policy and PodDisruptionBudget for k8s - Remove legacy executor and projects/registry packages - Untrack secrets.yaml (now managed via envault) - Add coverage.out to .gitignore - Add e2e test infrastructure with docker-compose - Add comprehensive documentation (API, architecture, operations, plans) - Add golangci-lint config and pre-commit hook Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
51 lines
1.1 KiB
Docker
51 lines
1.1 KiB
Docker
# rdev-api - Go API server for controlling claudebox pods
|
|
# v0.4 - API Server
|
|
|
|
# Build stage
|
|
FROM golang:1.25-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Install git for go mod download
|
|
RUN apk add --no-cache git
|
|
|
|
# Copy go mod files first for layer caching
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the binary (platform determined by Docker --platform flag)
|
|
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o rdev-api ./cmd/rdev-api
|
|
|
|
# Runtime stage
|
|
FROM alpine:3.19
|
|
|
|
# Install kubectl for exec into pods
|
|
RUN apk add --no-cache ca-certificates curl \
|
|
&& curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
|
|
&& chmod +x kubectl \
|
|
&& mv kubectl /usr/local/bin/
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -g '' appuser
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /app/rdev-api .
|
|
|
|
# Use non-root user
|
|
USER appuser
|
|
|
|
# Expose port
|
|
EXPOSE 8080
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
|
|
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
|
|
|
|
# Run the server
|
|
ENTRYPOINT ["./rdev-api"]
|