- Go 1.24+
- Node.js 22+ and pnpm
git clone <repo-url>
cd dev-share
./setup.shThe script will:
- Check prerequisites (Go, pnpm, curl)
- Install backend and frontend dependencies
- Build the frontend
- Create
.envwith a generated JWT secret (if not present) - Run database migrations
- Start backend and frontend servers
- Open the setup wizard in your browser
Once running, complete the onboarding flow to create your admin account and first workspace.
| Script | Description |
|---|---|
./setup.sh |
First-time setup — installs deps, builds, migrates, and starts everything |
./restart.sh [target] |
Restart servers (backend, frontend, or all — default: all) |
./clean_db.sh |
Delete all SQLite database files (.db, .db-wal, .db-shm) |
| Variable | Default | Description |
|---|---|---|
| JWT_SECRET | (auto-generated) | JWT signing secret |
| PORT | 8080 | Backend API port |
| DB_FILE_PATH | ./backend/devshare.db | SQLite database file location |
| ADMIN_INIT_TOKEN | (empty) | Optional token to protect /admin/init |
| VITE_API_BASE_URL | http://localhost:8080 | Frontend API base URL |
# Backend only
./restart.sh backend
# Frontend only
./restart.sh frontend
# Both
./restart.shOr run manually:
# Backend
cd backend && make run
# Frontend (separate terminal)
cd frontend && pnpm devTo wipe the database and start fresh:
./clean_db.sh
./setup.shdev-share does not manage cloud credentials directly. It delegates authentication entirely to the underlying IaC platform (e.g., Terraform), which uses the cloud SDK's built-in credential chain.
Since the backend runs inside a Docker container, cloud credentials must be explicitly passed in. The recommended approach is to create a docker-compose.override.yml (auto-merged by Docker Compose, gitignored).
cp docker-compose.override.example.yml docker-compose.override.yml
# Edit the file — uncomment the sections for your provider and method| Scenario | Method | What to configure |
|---|---|---|
Local dev with aws configure / gcloud auth / az login |
Volume mount | Mount ~/.aws, ~/.config/gcloud, or ~/.azure read-only |
| Explicit access keys or service principal | Env vars | Set in .env, pass through in override |
| CI/CD pipeline | Env vars | Pipeline injects vars, listed in override |
| EC2 / GCE / Azure VM with instance role | Metadata | network_mode: host in override |
| GCP service account JSON | Volume mount + env var | Mount JSON file, set GOOGLE_APPLICATION_CREDENTIALS |
Mount host credential directories read-only into the container. This works if you authenticate via CLI tools (aws configure, gcloud auth application-default login, az login).
# docker-compose.override.yml
services:
backend:
volumes:
# AWS
- ${HOME}/.aws:/root/.aws:ro
# GCP
- ${HOME}/.config/gcloud:/root/.config/gcloud:ro
# Azure
- ${HOME}/.azure:/root/.azure:roAll mounts use
:ro(read-only) — the container cannot modify host credentials.
Pass cloud credentials as environment variables. Set them on the host or in .env, then list them (without =value) in the override so Docker Compose passes the host values through.
# docker-compose.override.yml
services:
backend:
environment:
# AWS
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_SESSION_TOKEN
- AWS_DEFAULT_REGION
# GCP
- GOOGLE_APPLICATION_CREDENTIALS
- GOOGLE_PROJECT
# Azure (Terraform AzureRM provider uses ARM_ prefix)
- ARM_CLIENT_ID
- ARM_CLIENT_SECRET
- ARM_TENANT_ID
- ARM_SUBSCRIPTION_IDOn EC2 (IAM role), GCE (attached service account), or Azure VM (managed identity), Terraform gets credentials automatically from the metadata endpoint. Enable host networking so the container can reach it:
# docker-compose.override.yml
services:
backend:
network_mode: hostWarning:
network_mode: hostremoves container network isolation. Only use this in trusted environments.
- Never bake credentials into the Docker image. Use mounts or env vars at runtime.
docker-compose.override.ymlis gitignored to prevent accidental credential commits.- Prefer short-lived credentials — AWS STS / SSO sessions, GCP OIDC workload identity, Azure federated credentials — over long-lived access keys.
- Principle of least privilege — grant only the IAM permissions Terraform needs, not admin access.
Press Ctrl+C in the terminal running setup.sh or restart.sh, or:
kill $(lsof -t -i:8080)