tony/CHORUS
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef4bf1efe09a0788dea77a5046f8b0791a3a1d2d
CHORUS/Dockerfile.simple
anthonyrawlins 2578876eeb feat: Add Docker secrets support for ResetData API key 
This commit introduces secure Docker secrets integration for the ResetData
API key, enabling CHORUS to read sensitive configuration from mounted secret
files instead of environment variables.

## Key Changes:

**Security Enhancement:**
- Modified `pkg/config/config.go` to support reading ResetData API key from
  Docker secret files using `getEnvOrFileContent()` pattern
- Enables secure deployment with `RESETDATA_API_KEY_FILE` pointing to
  mounted secret file instead of plain text environment variables

**Container Deployment:**
- Added `Dockerfile.simple` for optimized Alpine-based deployment using
  pre-built static binaries (chorus-agent)
- Updated `docker-compose.yml` with proper secret mounting configuration
- Fixed container binary path to use new `chorus-agent` instead of deprecated
  `chorus` wrapper

**WHOOSH Integration:**
- Critical for WHOOSH wave-based auto-scaling system integration
- Enables secure credential management in Docker Swarm deployments
- Supports dynamic scaling operations while maintaining security standards

## Technical Details:

The ResetData configuration now supports both environment variable fallback
and Docker secrets:
```go
APIKey: getEnvOrFileContent("RESETDATA_API_KEY", "RESETDATA_API_KEY_FILE")
```

This change enables CHORUS to participate in WHOOSH's wave-based scaling
architecture while maintaining production-grade security for API credentials.

## Testing:

- Verified successful deployment in Docker Swarm environment
- Confirmed CHORUS agent initialization with secret-based configuration
- Validated integration with BACKBEAT and P2P networking components

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-22 15:00:50 +10:00

42 lines
1004 B
Docker
Raw Blame History

# CHORUS - Simple Docker image using pre-built binary
FROM alpine:3.18
# Install runtime dependencies
RUN apk --no-cache add \
ca-certificates \
tzdata \
curl
# Create non-root user for security
RUN addgroup -g 1000 chorus && \
adduser -u 1000 -G chorus -s /bin/sh -D chorus
# Create application directories
RUN mkdir -p /app/data && \
chown -R chorus:chorus /app
# Copy pre-built binary
COPY chorus-agent /app/chorus-agent
RUN chmod +x /app/chorus-agent && chown chorus:chorus /app/chorus-agent
# Switch to non-root user
USER chorus
WORKDIR /app
# Expose ports
EXPOSE 8080 8081 9000
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8081/health || exit 1
# Set default environment variables
ENV LOG_LEVEL=info \
LOG_FORMAT=structured \
CHORUS_BIND_ADDRESS=0.0.0.0 \
CHORUS_API_PORT=8080 \
CHORUS_HEALTH_PORT=8081 \
CHORUS_P2P_PORT=9000
# Start CHORUS
ENTRYPOINT ["/app/chorus-agent"]
Reference in New Issue View Git Blame Copy Permalink