jamey/berrypod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

add sqlcipher support to docker build

Browse Source 
- Install sqlcipher-dev in builder stage
- Configure exqlite to use system SQLCipher
- Add sqlcipher-libs to runtime image
- Exclude mockups/ from live reload patterns

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jamey 2026-03-13 13:34:28 +00:00
parent a6e5db73c0
commit a2d6bf8a02
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Dockerfile
View File

@ -6,6 +6,7 @@
# Build: docker build -t berrypod . # Build: docker build -t berrypod .
# Run: docker run --rm -p 4000:4000 \ # Run: docker run --rm -p 4000:4000 \
# -e SECRET_KEY_BASE=$(mix phx.gen.secret) \ # -e SECRET_KEY_BASE=$(mix phx.gen.secret) \
# -e SECRET_KEY_DB=$(mix phx.gen.secret) \
# -e DATABASE_PATH=/data/berrypod.db \ # -e DATABASE_PATH=/data/berrypod.db \
# -e PHX_HOST=localhost \ # -e PHX_HOST=localhost \
# -v berrypod_data:/data \ # -v berrypod_data:/data \
@ -26,8 +27,9 @@ ARG RUNNER_IMAGE="alpine:${ALPINE_VERSION}"
FROM ${BUILDER_IMAGE} AS builder FROM ${BUILDER_IMAGE} AS builder
# Build deps: C compiler for NIFs, git for hex deps, vips-dev for image processing # Build deps: C compiler for NIFs, git for hex deps, vips-dev for image processing,
RUN apk add --no-cache build-base git vips-dev # sqlcipher-dev for encrypted SQLite
RUN apk add --no-cache build-base git vips-dev sqlcipher-dev
WORKDIR /app WORKDIR /app
@ -38,6 +40,11 @@ ENV MIX_ENV="prod"
# Use Alpine's system libvips instead of the glibc-linked precompiled binary # Use Alpine's system libvips instead of the glibc-linked precompiled binary
ENV VIX_COMPILATION_MODE="PLATFORM_PROVIDED_LIBVIPS" ENV VIX_COMPILATION_MODE="PLATFORM_PROVIDED_LIBVIPS"
# Use system SQLCipher instead of bundled SQLite for database encryption
ENV EXQLITE_USE_SYSTEM=1
ENV EXQLITE_SYSTEM_CFLAGS="-I/usr/include/sqlcipher"
ENV EXQLITE_SYSTEM_LDFLAGS="-lsqlcipher"
# Install mix dependencies # Install mix dependencies
COPY mix.exs mix.lock ./ COPY mix.exs mix.lock ./
RUN mix deps.get --only $MIX_ENV RUN mix deps.get --only $MIX_ENV
@ -87,7 +94,7 @@ RUN mix release
FROM ${RUNNER_IMAGE} AS runner FROM ${RUNNER_IMAGE} AS runner
# Runtime deps only — no compilers, no -dev packages # Runtime deps only — no compilers, no -dev packages
RUN apk add --no-cache libstdc++ openssl ncurses-libs vips vips-heif RUN apk add --no-cache libstdc++ openssl ncurses-libs vips vips-heif sqlcipher-libs
WORKDIR /app WORKDIR /app

4
config/dev.exs
View File

@ -1,6 +1,7 @@
import Config import Config
# Configure your database # Configure your database
# Optional: set SECRET_KEY_DB to test SQLCipher encryption locally
config :berrypod, Berrypod.Repo, config :berrypod, Berrypod.Repo,
database: Path.expand("../berrypod_dev.db", __DIR__), database: Path.expand("../berrypod_dev.db", __DIR__),
pool_size: 5, pool_size: 5,
@ -12,6 +13,7 @@ config :berrypod, Berrypod.Repo,
stacktrace: true, stacktrace: true,
show_sensitive_data_on_connection_error: true show_sensitive_data_on_connection_error: true
# For development, we disable any cache and enable # For development, we disable any cache and enable
# debugging and code reloading. # debugging and code reloading.
# #
@ -68,7 +70,7 @@ config :berrypod, BerrypodWeb.Endpoint,
live_reload: [ live_reload: [
web_console_logger: true, web_console_logger: true,
patterns: [ patterns: [
~r"priv/static/(?!uploads/).*(js|css|png|jpeg|jpg|gif|svg)$", ~r"priv/static/(?!uploads/|mockups/).*(js|css|png|jpeg|jpg|gif|svg)$",
~r"priv/gettext/.*(po)$", ~r"priv/gettext/.*(po)$",
~r"lib/berrypod_web/(?:controllers|live|components|router)/?.*\.(ex|heex)$" ~r"lib/berrypod_web/(?:controllers|live|components|router)/?.*\.(ex|heex)$"
] ]