Emulates blossom deployment with docker-compose #130
Conversation
Anything in `docker/` is going to be mounted in a different spot, so things like "I'm unable to find this import you're referencing" mean nothing.
The docker approach helps with manual testing, but is not (currently) built for running automated tests. That would need more effort put into it, if it's even feasible.
docker-compose.yml
Outdated
| environment: | ||
| POSTGRES_DB: 'mydb' | ||
| POSTGRES_PASSWORD: 'hunter2' | ||
| POSTGRES_USER: 'roto_rooter' |
There was a problem hiding this comment.
Shouldn't we go for a bit more Blossom-like credentials?
There was a problem hiding this comment.
Probably, but that was to test that we're actually pulling in values from environment variables and showing you could make the creds anything. And that's important from a security standpoint if we need to quickly pivot.
Here's an example: If username/password get owned, rotating just the password is going to leave it open to brute force attack. They know the first factor (username) and they can repeatedly guess at the second (password). Eventually they'll guess right. Will we notice before that happens and lock down access? Hopefully. I'd rather not make that wager in the first place.
I suppose we could have them be different than the defaults in the code, but still blossom-inspired. 🤔
There was a problem hiding this comment.
That makes sense, my remark was indeed about the default values in code :)
Description:
For closer emulation to what is running on prod, here's a
docker-composemanifest and associated files for running blossom entirely locally using Docker anddocker-composeas an orchestrator.Checklist: