add sqlcipher support to docker build
- Install sqlcipher-dev in builder stage - Configure exqlite to use system SQLCipher - Add sqlcipher-libs to runtime image - Exclude mockups/ from live reload patterns Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
jamey
parent
a6e5db73c0
commit
a2d6bf8a02
13
Dockerfile
13
Dockerfile
@ -6,6 +6,7 @@
|
||||
# Build: docker build -t berrypod .
|
||||
# Run: docker run --rm -p 4000:4000 \
|
||||
# -e SECRET_KEY_BASE=$(mix phx.gen.secret) \
|
||||
# -e SECRET_KEY_DB=$(mix phx.gen.secret) \
|
||||
# -e DATABASE_PATH=/data/berrypod.db \
|
||||
# -e PHX_HOST=localhost \
|
||||
# -v berrypod_data:/data \
|
||||
@ -26,8 +27,9 @@ ARG RUNNER_IMAGE="alpine:${ALPINE_VERSION}"
|
||||
|
||||
FROM ${BUILDER_IMAGE} AS builder
|
||||
|
||||
# Build deps: C compiler for NIFs, git for hex deps, vips-dev for image processing
|
||||
RUN apk add --no-cache build-base git vips-dev
|
||||
# Build deps: C compiler for NIFs, git for hex deps, vips-dev for image processing,
|
||||
# sqlcipher-dev for encrypted SQLite
|
||||
RUN apk add --no-cache build-base git vips-dev sqlcipher-dev
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@ -38,6 +40,11 @@ ENV MIX_ENV="prod"
|
||||
# Use Alpine's system libvips instead of the glibc-linked precompiled binary
|
||||
ENV VIX_COMPILATION_MODE="PLATFORM_PROVIDED_LIBVIPS"
|
||||
|
||||
# Use system SQLCipher instead of bundled SQLite for database encryption
|
||||
ENV EXQLITE_USE_SYSTEM=1
|
||||
ENV EXQLITE_SYSTEM_CFLAGS="-I/usr/include/sqlcipher"
|
||||
ENV EXQLITE_SYSTEM_LDFLAGS="-lsqlcipher"
|
||||
|
||||
# Install mix dependencies
|
||||
COPY mix.exs mix.lock ./
|
||||
RUN mix deps.get --only $MIX_ENV
|
||||
@ -87,7 +94,7 @@ RUN mix release
|
||||
FROM ${RUNNER_IMAGE} AS runner
|
||||
|
||||
# Runtime deps only — no compilers, no -dev packages
|
||||
RUN apk add --no-cache libstdc++ openssl ncurses-libs vips vips-heif
|
||||
RUN apk add --no-cache libstdc++ openssl ncurses-libs vips vips-heif sqlcipher-libs
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
import Config
|
||||
|
||||
# Configure your database
|
||||
# Optional: set SECRET_KEY_DB to test SQLCipher encryption locally
|
||||
config :berrypod, Berrypod.Repo,
|
||||
database: Path.expand("../berrypod_dev.db", __DIR__),
|
||||
pool_size: 5,
|
||||
@ -12,6 +13,7 @@ config :berrypod, Berrypod.Repo,
|
||||
stacktrace: true,
|
||||
show_sensitive_data_on_connection_error: true
|
||||
|
||||
|
||||
# For development, we disable any cache and enable
|
||||
# debugging and code reloading.
|
||||
#
|
||||
@ -68,7 +70,7 @@ config :berrypod, BerrypodWeb.Endpoint,
|
||||
live_reload: [
|
||||
web_console_logger: true,
|
||||
patterns: [
|
||||
~r"priv/static/(?!uploads/).*(js|css|png|jpeg|jpg|gif|svg)$",
|
||||
~r"priv/static/(?!uploads/|mockups/).*(js|css|png|jpeg|jpg|gif|svg)$",
|
||||
~r"priv/gettext/.*(po)$",
|
||||
~r"lib/berrypod_web/(?:controllers|live|components|router)/?.*\.(ex|heex)$"
|
||||
]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user