vanduc1102/apps-permify-Dockerfile

## apps-permify-configs-config.yaml
server:
  rate_limit: 100
  http:
    enabled: true
    port: 3476
    tls:
      enabled: false
  grpc:
    enabled: true
    port: 3478
    tls:
      enabled: false
logger:
  level: debug
service:
  circuit_breaker: false
  watch:
    enabled: false
  schema:
    cache:
      number_of_counters: 1_000
      max_cost: 10MiB
  permission:
    bulk_limit: 100
    concurrency_limit: 100
    cache:
      number_of_counters: 10_000
      max_cost: 10MiB
database:
  engine: postgres
  auto_migrate: true
  max_open_connections: 20
  max_idle_connections: 1
  max_connection_lifetime: 300s
  max_connection_idle_time: 60s
  garbage_collection:
    enabled: true
    interval: 200h
    window: 200h
    timeout: 5m

## apps-permify-Dockerfile
FROM cgr.dev/chainguard/bash:latest as permify-runner

WORKDIR /app

COPY --from=ghcr.io/grpc-ecosystem/grpc-health-probe:v0.4.25 /ko-app/grpc-health-probe /usr/local/bin/grpc_health_probe
COPY --from=ghcr.io/permify/permify:v0.9.0 /usr/local/bin/permify /usr/local/bin/permify
COPY --from=cgr.dev/chainguard/curl /usr/bin/curl /usr/bin/curl

COPY apps/permify/configs configs
COPY apps/permify/scripts scripts

RUN chmod +x scripts/startup.sh

ENTRYPOINT ["sh", "-c", "scripts/startup.sh"]

## apps-permify-README.md

      
    Raw
  

              apps-permify-README.md
            
          
    Docker build


Build

docker build . --target permify-runner -t permify-api -f permify/Dockerfile
... hidden bigger context .....

  
## apps-permify-scripts-startup.sh
#! /bin/bash

# Exit immediately if a command exits with a non-zero status
set -e

if [ -z "$PERMIFY_DATABASE_URI" ]; then
  printf "\n[APP_NAME=$APP_NAME][APP_ENV=$APP_ENV] PERMIFY_DATABASE_URI - Creating the value: postgresql://xxxxxx:xxxxxxx@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public"
  PERMIFY_DATABASE_URI="postgresql://${DB_ADMIN_USERNAME}:${DB_ADMIN_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public"
  export PERMIFY_DATABASE_URI
else
  printf "\n[APP_NAME=$APP_NAME][APP_ENV=$APP_ENV] PERMIFY_DATABASE_URI - Is ready"
fi

permify serve --config /app/configs/config.yaml

## docker-compose.yaml
services:
  db:
    container_name: db
    image: postgres:15.4-bookworm
    restart: "always"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 30s
      timeout: 60s
      retries: 5
      start_period: 80s
    ports:
      - 5432:5432
    networks:
      - quest_network
    environment:
      POSTGRES_PASSWORD: Password
      POSTGRES_DB: permify_1

  adminer:
    container_name: adminer
    image: adminer:4.8.1
    restart: "always"
    ports:
      - 8080:8080
    networks:
      - quest_network

  permify-api:
    container_name: permify-api
    depends_on:
      db:
        condition: service_healthy
    build:
      target: permify-runner
      context: .
      dockerfile: ./apps/permify/Dockerfile
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:3478/healthz"]
      interval: 1m
      retries: 10
      start_period: 60s
    restart: "always"
    ports:
      - 3476:3476
      - 3478:3478
    networks:
      - quest_network
    environment:
      PERMIFY_DATABASE_URI: postgresql://postgres:Password@db:5432/permify_1

volumes:

networks:
  quest_network:
    external: true
	server:
	rate_limit: 100
	http:
	enabled: true
	port: 3476
	tls:
	enabled: false
	grpc:
	enabled: true
	port: 3478
	tls:
	enabled: false
	logger:
	level: debug
	service:
	circuit_breaker: false
	watch:
	enabled: false
	schema:
	cache:
	number_of_counters: 1_000
	max_cost: 10MiB
	permission:
	bulk_limit: 100
	concurrency_limit: 100
	cache:
	number_of_counters: 10_000
	max_cost: 10MiB
	database:
	engine: postgres
	auto_migrate: true
	max_open_connections: 20
	max_idle_connections: 1
	max_connection_lifetime: 300s
	max_connection_idle_time: 60s
	garbage_collection:
	enabled: true
	interval: 200h
	window: 200h
	timeout: 5m
	FROM cgr.dev/chainguard/bash:latest as permify-runner

	WORKDIR /app

	COPY --from=ghcr.io/grpc-ecosystem/grpc-health-probe:v0.4.25 /ko-app/grpc-health-probe /usr/local/bin/grpc_health_probe
	COPY --from=ghcr.io/permify/permify:v0.9.0 /usr/local/bin/permify /usr/local/bin/permify
	COPY --from=cgr.dev/chainguard/curl /usr/bin/curl /usr/bin/curl

	COPY apps/permify/configs configs
	COPY apps/permify/scripts scripts

	RUN chmod +x scripts/startup.sh

	ENTRYPOINT ["sh", "-c", "scripts/startup.sh"]
	#! /bin/bash

	# Exit immediately if a command exits with a non-zero status
	set -e

	if [ -z "$PERMIFY_DATABASE_URI" ]; then
	printf "\n[APP_NAME=$APP_NAME][APP_ENV=$APP_ENV] PERMIFY_DATABASE_URI - Creating the value: postgresql://xxxxxx:xxxxxxx@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public"
	PERMIFY_DATABASE_URI="postgresql://${DB_ADMIN_USERNAME}:${DB_ADMIN_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}?schema=public"
	export PERMIFY_DATABASE_URI
	else
	printf "\n[APP_NAME=$APP_NAME][APP_ENV=$APP_ENV] PERMIFY_DATABASE_URI - Is ready"
	fi

	permify serve --config /app/configs/config.yaml
	services:
	db:
	container_name: db
	image: postgres:15.4-bookworm
	restart: "always"
	healthcheck:
	test: ["CMD-SHELL", "pg_isready -U postgres"]
	interval: 30s
	timeout: 60s
	retries: 5
	start_period: 80s
	ports:
	- 5432:5432
	networks:
	- quest_network
	environment:
	POSTGRES_PASSWORD: Password
	POSTGRES_DB: permify_1

	adminer:
	container_name: adminer
	image: adminer:4.8.1
	restart: "always"
	ports:
	- 8080:8080
	networks:
	- quest_network

	permify-api:
	container_name: permify-api
	depends_on:
	db:
	condition: service_healthy
	build:
	target: permify-runner
	context: .
	dockerfile: ./apps/permify/Dockerfile
	healthcheck:
	test: ["CMD", "curl", "-f", "http://localhost:3478/healthz"]
	interval: 1m
	retries: 10
	start_period: 60s
	restart: "always"
	ports:
	- 3476:3476
	- 3478:3478
	networks:
	- quest_network
	environment:
	PERMIFY_DATABASE_URI: postgresql://postgres:Password@db:5432/permify_1

	volumes:

	networks:
	quest_network:
	external: true