alexsun/compose-anything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add phoenix & trigger.dev

Browse Source
This commit is contained in:
Sun-ZhenXing
2025-12-09 15:19:11 +08:00
parent 0b11022ef8
commit 8f30f94184
20 changed files with 1726 additions and 617 deletions
Download Patch File Download Diff File Expand all files Collapse all files

223
src/trigger-dev/.env.example Normal file
View File

@@ -0,0 +1,223 @@
# =============================================================================
# Trigger.dev Configuration
# =============================================================================
# Global settings
TZ=UTC
GLOBAL_REGISTRY=
# =============================================================================
# Image Versions
# =============================================================================
# Trigger.dev version (webapp and supervisor)
TRIGGER_IMAGE_TAG=v4.2.0
# Infrastructure versions
POSTGRES_VERSION=17.2-alpine3.21
REDIS_VERSION=7.4.3-alpine3.21
CLICKHOUSE_VERSION=25.3
MINIO_VERSION=RELEASE.2025-04-22T22-12-26Z
MC_VERSION=RELEASE.2025-04-16T18-13-26Z
ELECTRIC_VERSION=1.0.0
REGISTRY_IMAGE_VERSION=3
DOCKER_SOCKET_PROXY_VERSION=0.3.0
# =============================================================================
# Port Configuration
# =============================================================================
# Webapp port
TRIGGER_PORT=8030
# MinIO ports
MINIO_API_PORT=9000
MINIO_CONSOLE_PORT=9001
# Registry port
REGISTRY_PORT=5000
# =============================================================================
# Required Secrets (MUST be set)
# =============================================================================
# Generate with: openssl rand -hex 16
SESSION_SECRET=
MAGIC_LINK_SECRET=
ENCRYPTION_KEY=
# Managed worker secret (must match between webapp and supervisor)
MANAGED_WORKER_SECRET=managed-secret
# PostgreSQL password
POSTGRES_PASSWORD=
# =============================================================================
# Domain Configuration
# =============================================================================
# Public URLs (change these for production)
APP_ORIGIN=http://localhost:8030
LOGIN_ORIGIN=http://localhost:8030
API_ORIGIN=http://localhost:8030
STREAM_ORIGIN=http://localhost:8030
# =============================================================================
# Database Configuration
# =============================================================================
# PostgreSQL
POSTGRES_USER=trigger
POSTGRES_DB=trigger
DATABASE_CONNECTION_LIMIT=10
# =============================================================================
# ClickHouse Configuration
# =============================================================================
CLICKHOUSE_DATABASE=default
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=password
# =============================================================================
# Object Storage Configuration (MinIO)
# =============================================================================
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=very-safe-password
PACKET_BUCKET_NAME=packets
# =============================================================================
# Registry Configuration
# =============================================================================
# Registry host (internal)
REGISTRY_HOST=trigger-registry:5000
# Registry credentials (generate htpasswd file)
REGISTRY_USER=registry-user
REGISTRY_PASSWORD=very-secure-indeed
# =============================================================================
# Authentication Configuration
# =============================================================================
# Restrict login to specific email addresses (regex pattern)
# Example: ^(user1@example\.com|user2@example\.com)$
WHITELISTED_EMAILS=
# GitHub OAuth (optional)
AUTH_GITHUB_CLIENT_ID=
AUTH_GITHUB_CLIENT_SECRET=
# =============================================================================
# Email Configuration (optional)
# =============================================================================
# Transport: resend, smtp, or aws-ses
EMAIL_TRANSPORT=
# Email addresses
FROM_EMAIL=
REPLY_TO_EMAIL=
# Resend configuration
RESEND_API_KEY=
# SMTP configuration
SMTP_HOST=
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=
SMTP_PASSWORD=
# AWS SES (uses AWS_REGION, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
# =============================================================================
# Telemetry
# =============================================================================
# Set to any non-empty value to disable telemetry
TRIGGER_TELEMETRY_DISABLED=
# =============================================================================
# Bootstrap Configuration
# =============================================================================
# Enable automatic worker group creation
TRIGGER_BOOTSTRAP_ENABLED=true
TRIGGER_BOOTSTRAP_WORKER_GROUP_NAME=bootstrap
# Worker token (auto-generated on first run, or set manually for remote workers)
# Format: tr_wgt_... (obtained from webapp logs on first run)
TRIGGER_WORKER_TOKEN=file:///home/node/shared/worker_token
# =============================================================================
# Supervisor Configuration
# =============================================================================
# Worker instance name (unique per supervisor)
TRIGGER_WORKER_INSTANCE_NAME=supervisor-1
TRIGGER_WORKER_HEARTBEAT_INTERVAL_SECONDS=30
# Docker settings
DOCKER_ENFORCE_MACHINE_PRESETS=true
DOCKER_AUTOREMOVE_EXITED_CONTAINERS=true
# =============================================================================
# Resource Limits
# =============================================================================
# Webapp
WEBAPP_CPU_LIMIT=3.0
WEBAPP_MEMORY_LIMIT=6G
WEBAPP_CPU_RESERVATION=1.0
WEBAPP_MEMORY_RESERVATION=2G
# PostgreSQL
POSTGRES_CPU_LIMIT=2.0
POSTGRES_MEMORY_LIMIT=4G
POSTGRES_CPU_RESERVATION=0.5
POSTGRES_MEMORY_RESERVATION=1G
# Redis
REDIS_CPU_LIMIT=1.0
REDIS_MEMORY_LIMIT=2G
REDIS_CPU_RESERVATION=0.25
REDIS_MEMORY_RESERVATION=512M
# ClickHouse
CLICKHOUSE_CPU_LIMIT=2.0
CLICKHOUSE_MEMORY_LIMIT=4G
CLICKHOUSE_CPU_RESERVATION=0.5
CLICKHOUSE_MEMORY_RESERVATION=1G
# MinIO
MINIO_CPU_LIMIT=1.0
MINIO_MEMORY_LIMIT=2G
MINIO_CPU_RESERVATION=0.25
MINIO_MEMORY_RESERVATION=512M
# Electric
ELECTRIC_CPU_LIMIT=1.0
ELECTRIC_MEMORY_LIMIT=1G
ELECTRIC_CPU_RESERVATION=0.25
ELECTRIC_MEMORY_RESERVATION=256M
# Registry
REGISTRY_CPU_LIMIT=0.5
REGISTRY_MEMORY_LIMIT=512M
REGISTRY_CPU_RESERVATION=0.1
REGISTRY_MEMORY_RESERVATION=128M
# Supervisor
SUPERVISOR_CPU_LIMIT=2.0
SUPERVISOR_MEMORY_LIMIT=4G
SUPERVISOR_CPU_RESERVATION=0.5
SUPERVISOR_MEMORY_RESERVATION=1G
# Docker Socket Proxy
DOCKER_PROXY_CPU_LIMIT=0.5
DOCKER_PROXY_MEMORY_LIMIT=256M
DOCKER_PROXY_CPU_RESERVATION=0.1
DOCKER_PROXY_MEMORY_RESERVATION=64M

247
src/trigger-dev/README.md Normal file
View File

@@ -0,0 +1,247 @@
# Trigger.dev
[English](./README.md) | [中文](./README.zh.md)
Trigger.dev is an open-source platform for building AI workflows and background jobs in TypeScript. It provides long-running tasks with retries, queues, observability, and elastic scaling.
## Services
### Core Services (Webapp Stack)
| Service | Description |
| ----------------------- | --------------------------------------------------- |
| `webapp` | Main Trigger.dev application with dashboard and API |
| `trigger-postgres` | PostgreSQL database with logical replication |
| `trigger-redis` | Redis for cache and job queue |
| `trigger-clickhouse` | ClickHouse for analytics database |
| `trigger-minio` | S3-compatible object storage |
| `trigger-minio-init` | MinIO bucket initialization |
| `electric` | ElectricSQL for real-time sync |
| `trigger-registry` | Private Docker registry for deployed code |
| `trigger-registry-init` | Registry htpasswd initialization |
### Worker Services (Supervisor Stack)
| Service | Description |
| --------------------- | ----------------------------------------- |
| `supervisor` | Worker orchestrator that executes tasks |
| `docker-socket-proxy` | Secure Docker socket proxy for supervisor |
## Prerequisites
- Docker 20.10.0+
- Docker Compose 2.20.0+
- Minimum 6 vCPU and 12 GB RAM for the complete stack
## Quick Start
1. Create a `.env` file with required secrets:
```bash
cp .env.example .env
```
2. Generate required secrets:
```bash
# Generate secrets
echo "SESSION_SECRET=$(openssl rand -hex 16)" >> .env
echo "MAGIC_LINK_SECRET=$(openssl rand -hex 16)" >> .env
echo "ENCRYPTION_KEY=$(openssl rand -hex 16)" >> .env
echo "POSTGRES_PASSWORD=$(openssl rand -hex 16)" >> .env
```
3. Start all services:
```bash
docker compose up -d
```
4. Wait for services to be healthy:
```bash
docker compose ps
```
5. Access the webapp at `http://localhost:8030`
6. Get the magic link from webapp logs for first login:
```bash
docker compose logs -f webapp
```
## Environment Variables
### Required Secrets
| Variable | Description |
| ------------------- | ---------------------------------------------------------- |
| `SESSION_SECRET` | Session encryption secret (run: `openssl rand -hex 16`) |
| `MAGIC_LINK_SECRET` | Magic link encryption secret (run: `openssl rand -hex 16`) |
| `ENCRYPTION_KEY` | Secret store encryption key (run: `openssl rand -hex 16`) |
| `POSTGRES_PASSWORD` | PostgreSQL password |
### Domain Configuration
| Variable | Default | Description |
| -------------- | ----------------------- | -------------------------------------- |
| `APP_ORIGIN` | `http://localhost:8030` | Public webapp URL |
| `LOGIN_ORIGIN` | `http://localhost:8030` | Login URL (usually same as APP_ORIGIN) |
| `API_ORIGIN` | `http://localhost:8030` | API URL |
### Image Versions
| Variable | Default | Description |
| -------------------- | ------------------------------ | ----------------------------------------- |
| `TRIGGER_IMAGE_TAG` | `v4.2.0` | Trigger.dev webapp and supervisor version |
| `POSTGRES_VERSION` | `17.2-alpine3.21` | PostgreSQL version |
| `REDIS_VERSION` | `7.4.3-alpine3.21` | Redis version |
| `CLICKHOUSE_VERSION` | `25.3` | ClickHouse version |
| `MINIO_VERSION` | `RELEASE.2025-04-22T22-12-26Z` | MinIO version |
### Port Configuration
| Variable | Default | Description |
| -------------------- | ------- | -------------------- |
| `TRIGGER_PORT` | `8030` | Webapp port |
| `MINIO_API_PORT` | `9000` | MinIO API port |
| `MINIO_CONSOLE_PORT` | `9001` | MinIO console port |
| `REGISTRY_PORT` | `5000` | Docker registry port |
### Authentication
| Variable | Description |
| --------------------------- | ------------------------------------------------------------- |
| `WHITELISTED_EMAILS` | Regex pattern to restrict login (e.g., `^user@example\.com$`) |
| `AUTH_GITHUB_CLIENT_ID` | GitHub OAuth client ID |
| `AUTH_GITHUB_CLIENT_SECRET` | GitHub OAuth client secret |
### Email Configuration
| Variable | Default | Description |
| ----------------- | ------- | ---------------------------------------------- |
| `EMAIL_TRANSPORT` | — | Transport type: `resend`, `smtp`, or `aws-ses` |
| `FROM_EMAIL` | — | From email address |
| `RESEND_API_KEY` | — | Resend API key (if using Resend) |
| `SMTP_HOST` | — | SMTP server host |
| `SMTP_PORT` | `587` | SMTP server port |
## Volumes
| Volume | Description |
| ------------------------- | -------------------------------- |
| `trigger_shared` | Shared volume for worker token |
| `trigger_postgres_data` | PostgreSQL data |
| `trigger_redis_data` | Redis data |
| `trigger_clickhouse_data` | ClickHouse data |
| `trigger_clickhouse_logs` | ClickHouse logs |
| `trigger_minio_data` | MinIO object storage |
| `trigger_registry_data` | Docker registry data |
| `trigger_registry_auth` | Registry htpasswd authentication |
## Worker Token
On first startup, the webapp generates a worker token and saves it to the shared volume. If you need to run workers on separate machines:
1. Check webapp logs for the token:
```bash
docker compose logs webapp | grep -A15 "Worker Token"
```
2. Set the token in the remote worker's `.env`:
```bash
TRIGGER_WORKER_TOKEN=tr_wgt_xxxxx
```
## Registry Setup
The built-in registry uses htpasswd authentication. The htpasswd file is **automatically generated** on first startup using the credentials from environment variables.
Default credentials:
- Username: `registry-user` (set via `REGISTRY_USER`)
- Password: `very-secure-indeed` (set via `REGISTRY_PASSWORD`)
To use custom credentials, set them in your `.env` file before first run:
```bash
REGISTRY_USER=my-user
REGISTRY_PASSWORD=my-secure-password
```
Before deploying tasks, login to the registry:
```bash
docker login -u registry-user localhost:5000
```
## CLI Usage
To initialize a project with self-hosted Trigger.dev:
```bash
npx trigger.dev@latest login -a http://localhost:8030
npx trigger.dev@latest init -p <project-ref> -a http://localhost:8030
```
To deploy tasks:
```bash
npx trigger.dev@latest deploy --self-hosted
```
## GitHub OAuth Setup
1. Create a GitHub OAuth App at `https://github.com/settings/developers`
2. Set callback URL: `http://localhost:8030/auth/github/callback`
3. Configure environment variables:
```env
AUTH_GITHUB_CLIENT_ID=your_client_id
AUTH_GITHUB_CLIENT_SECRET=your_client_secret
```
## Production Considerations
- Use strong, unique passwords for all secrets
- Set up proper TLS/SSL with a reverse proxy
- Configure email transport for magic links
- Use external managed databases for high availability
- Set appropriate resource limits based on your workload
- Enable `WHITELISTED_EMAILS` to restrict access
- Consider disabling telemetry: `TRIGGER_TELEMETRY_DISABLED=1`
## Scaling Workers
To add more worker capacity:
1. Set up additional supervisor instances on different machines
2. Configure each with the same `TRIGGER_WORKER_TOKEN`
3. Use unique `TRIGGER_WORKER_INSTANCE_NAME` for each
## Troubleshooting
### Magic links not arriving
- Check webapp logs: `docker compose logs -f webapp`
- Magic links are logged if no email transport is configured
- Set up email transport for production use
### Deployment fails at push step
- Ensure you're logged into the registry: `docker login localhost:5000`
- Check registry is healthy: `docker compose ps trigger-registry`
### Services not starting
- Ensure all required secrets are set in `.env`
- Check logs: `docker compose logs -f`
## References
- [Trigger.dev Documentation](https://trigger.dev/docs)
- [Self-hosting Guide](https://trigger.dev/docs/self-hosting/docker)
- [GitHub Repository](https://github.com/triggerdotdev/trigger.dev)

247
src/trigger-dev/README.zh.md Normal file
View File

@@ -0,0 +1,247 @@
# Trigger.dev
[English](./README.md) | [中文](./README.zh.md)
Trigger.dev 是一个开源平台,用于在 TypeScript 中构建 AI 工作流和后台任务。它提供长时间运行的任务、重试机制、队列、可观测性和弹性扩展功能。
## 服务组件
### 核心服务Webapp 栈)
| 服务 | 描述 |
| ----------------------- | ----------------------------------------- |
| `webapp` | 主 Trigger.dev 应用程序,包含仪表板和 API |
| `trigger-postgres` | 带有逻辑复制的 PostgreSQL 数据库 |
| `trigger-redis` | 用于缓存和任务队列的 Redis |
| `trigger-clickhouse` | 用于分析的 ClickHouse 数据库 |
| `trigger-minio` | S3 兼容的对象存储 |
| `trigger-minio-init` | MinIO 存储桶初始化 |
| `electric` | 用于实时同步的 ElectricSQL |
| `trigger-registry` | 用于部署代码的私有 Docker 镜像仓库 |
| `trigger-registry-init` | 镜像仓库 htpasswd 初始化 |
### Worker 服务Supervisor 栈)
| 服务 | 描述 |
| --------------------- | ------------------------------------------- |
| `supervisor` | 执行任务的 Worker 编排器 |
| `docker-socket-proxy` | 为 supervisor 提供安全的 Docker socket 代理 |
## 前置要求
- Docker 20.10.0+
- Docker Compose 2.20.0+
- 完整栈至少需要 6 vCPU 和 12 GB RAM
## 快速开始
1. 创建包含必要密钥的 `.env` 文件:
```bash
cp .env.example .env
```
2. 生成必要的密钥:
```bash
# 生成密钥
echo "SESSION_SECRET=$(openssl rand -hex 16)" >> .env
echo "MAGIC_LINK_SECRET=$(openssl rand -hex 16)" >> .env
echo "ENCRYPTION_KEY=$(openssl rand -hex 16)" >> .env
echo "POSTGRES_PASSWORD=$(openssl rand -hex 16)" >> .env
```
3. 启动所有服务:
```bash
docker compose up -d
```
4. 等待服务健康运行:
```bash
docker compose ps
```
5. 访问 `http://localhost:8030` 打开 webapp
6. 从 webapp 日志中获取首次登录的 magic link
```bash
docker compose logs -f webapp
```
## 环境变量
### 必需的密钥
| 变量 | 描述 |
| ------------------- | --------------------------------------------------- |
| `SESSION_SECRET` | 会话加密密钥(运行:`openssl rand -hex 16` |
| `MAGIC_LINK_SECRET` | Magic link 加密密钥(运行:`openssl rand -hex 16` |
| `ENCRYPTION_KEY` | 密钥存储加密密钥(运行:`openssl rand -hex 16` |
| `POSTGRES_PASSWORD` | PostgreSQL 密码 |
### 域名配置
| 变量 | 默认值 | 描述 |
| -------------- | ----------------------- | ---------------------------------- |
| `APP_ORIGIN` | `http://localhost:8030` | 公开的 webapp URL |
| `LOGIN_ORIGIN` | `http://localhost:8030` | 登录 URL通常与 APP_ORIGIN 相同) |
| `API_ORIGIN` | `http://localhost:8030` | API URL |
### 镜像版本
| 变量 | 默认值 | 描述 |
| -------------------- | ------------------------------ | ------------------------------------- |
| `TRIGGER_IMAGE_TAG` | `v4.2.0` | Trigger.dev webapp 和 supervisor 版本 |
| `POSTGRES_VERSION` | `17.2-alpine3.21` | PostgreSQL 版本 |
| `REDIS_VERSION` | `7.4.3-alpine3.21` | Redis 版本 |
| `CLICKHOUSE_VERSION` | `25.3` | ClickHouse 版本 |
| `MINIO_VERSION` | `RELEASE.2025-04-22T22-12-26Z` | MinIO 版本 |
### 端口配置
| 变量 | 默认值 | 描述 |
| -------------------- | ------ | ------------------- |
| `TRIGGER_PORT` | `8030` | Webapp 端口 |
| `MINIO_API_PORT` | `9000` | MinIO API 端口 |
| `MINIO_CONSOLE_PORT` | `9001` | MinIO 控制台端口 |
| `REGISTRY_PORT` | `5000` | Docker 镜像仓库端口 |
### 身份认证
| 变量 | 描述 |
| --------------------------- | --------------------------------------------------- |
| `WHITELISTED_EMAILS` | 限制登录的正则表达式(例如:`^user@example\.com$` |
| `AUTH_GITHUB_CLIENT_ID` | GitHub OAuth 客户端 ID |
| `AUTH_GITHUB_CLIENT_SECRET` | GitHub OAuth 客户端密钥 |
### 邮件配置
| 变量 | 默认值 | 描述 |
| ----------------- | ------ | --------------------------------------- |
| `EMAIL_TRANSPORT` | — | 传输类型:`resend`、`smtp` 或 `aws-ses` |
| `FROM_EMAIL` | — | 发件人邮箱地址 |
| `RESEND_API_KEY` | — | Resend API 密钥(如果使用 Resend |
| `SMTP_HOST` | — | SMTP 服务器主机 |
| `SMTP_PORT` | `587` | SMTP 服务器端口 |
## 数据卷
| 卷 | 描述 |
| ------------------------- | ---------------------- |
| `trigger_shared` | Worker token 共享卷 |
| `trigger_postgres_data` | PostgreSQL 数据 |
| `trigger_redis_data` | Redis 数据 |
| `trigger_clickhouse_data` | ClickHouse 数据 |
| `trigger_clickhouse_logs` | ClickHouse 日志 |
| `trigger_minio_data` | MinIO 对象存储 |
| `trigger_registry_data` | Docker 镜像仓库数据 |
| `trigger_registry_auth` | 镜像仓库 htpasswd 认证 |
## Worker Token
首次启动时webapp 会生成 worker token 并保存到共享卷中。如果需要在单独的机器上运行 worker
1. 从 webapp 日志中获取 token
```bash
docker compose logs webapp | grep -A15 "Worker Token"
```
2. 在远程 worker 的 `.env` 中设置 token
```bash
TRIGGER_WORKER_TOKEN=tr_wgt_xxxxx
```
## 镜像仓库设置
内置镜像仓库使用 htpasswd 认证。htpasswd 文件在首次启动时会根据环境变量中的凭据**自动生成**。
默认凭据:
- 用户名:`registry-user`(通过 `REGISTRY_USER` 设置)
- 密码:`very-secure-indeed`(通过 `REGISTRY_PASSWORD` 设置)
要使用自定义凭据,请在首次运行前在 `.env` 文件中设置:
```bash
REGISTRY_USER=my-user
REGISTRY_PASSWORD=my-secure-password
```
部署任务前,登录到镜像仓库:
```bash
docker login -u registry-user localhost:5000
```
## CLI 使用
使用自托管的 Trigger.dev 初始化项目:
```bash
npx trigger.dev@latest login -a http://localhost:8030
npx trigger.dev@latest init -p <project-ref> -a http://localhost:8030
```
部署任务:
```bash
npx trigger.dev@latest deploy --self-hosted
```
## GitHub OAuth 设置
1. 在 `https://github.com/settings/developers` 创建 GitHub OAuth 应用
2. 设置回调 URL`http://localhost:8030/auth/github/callback`
3. 配置环境变量:
```env
AUTH_GITHUB_CLIENT_ID=your_client_id
AUTH_GITHUB_CLIENT_SECRET=your_client_secret
```
## 生产环境注意事项
- 为所有密钥使用强且唯一的密码
- 使用反向代理设置正确的 TLS/SSL
- 配置邮件传输以发送 magic link
- 使用外部托管数据库以实现高可用性
- 根据工作负载设置适当的资源限制
- 启用 `WHITELISTED_EMAILS` 限制访问
- 考虑禁用遥测:`TRIGGER_TELEMETRY_DISABLED=1`
## 扩展 Worker
添加更多 worker 容量:
1. 在不同机器上设置额外的 supervisor 实例
2. 为每个实例配置相同的 `TRIGGER_WORKER_TOKEN`
3. 为每个实例使用唯一的 `TRIGGER_WORKER_INSTANCE_NAME`
## 故障排除
### Magic link 未收到
- 检查 webapp 日志:`docker compose logs -f webapp`
- 如果未配置邮件传输magic link 会记录在日志中
- 生产环境请设置邮件传输
### 部署在 push 步骤失败
- 确保已登录镜像仓库:`docker login localhost:5000`
- 检查镜像仓库健康状态:`docker compose ps trigger-registry`
### 服务无法启动
- 确保 `.env` 中设置了所有必需的密钥
- 检查日志:`docker compose logs -f`
## 参考链接
- [Trigger.dev 文档](https://trigger.dev/docs)
- [自托管指南](https://trigger.dev/docs/self-hosting/docker)
- [GitHub 仓库](https://github.com/triggerdotdev/trigger.dev)

400
src/trigger-dev/docker-compose.yaml Normal file
View File

@@ -0,0 +1,400 @@
# Trigger.dev - Build and deploy fully-managed AI agents and workflows
# https://trigger.dev/
# Repository: https://github.com/triggerdotdev/trigger.dev
x-defaults: &defaults
restart: unless-stopped
logging:
driver: json-file
options:
max-size: 100m
max-file: "3"
services:
# =============================================================================
# Core Services (Webapp Stack)
# =============================================================================
webapp:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}ghcr.io/triggerdotdev/trigger.dev:${TRIGGER_IMAGE_TAG:-v4.2.0}
ports:
- "${TRIGGER_PORT:-8030}:3030"
environment:
- TZ=${TZ:-UTC}
# Secrets (required)
- SESSION_SECRET=${SESSION_SECRET}
- MAGIC_LINK_SECRET=${MAGIC_LINK_SECRET}
- ENCRYPTION_KEY=${ENCRYPTION_KEY}
- MANAGED_WORKER_SECRET=${MANAGED_WORKER_SECRET:-managed-secret}
# Domains & ports
- REMIX_APP_PORT=3030
- APP_ORIGIN=${APP_ORIGIN:-http://localhost:8030}
- LOGIN_ORIGIN=${LOGIN_ORIGIN:-http://localhost:8030}
- API_ORIGIN=${API_ORIGIN:-http://localhost:8030}
- STREAM_ORIGIN=${STREAM_ORIGIN:-http://localhost:8030}
- ELECTRIC_ORIGIN=http://electric:3000
# Database
- DATABASE_URL=postgresql://${POSTGRES_USER:-trigger}:${POSTGRES_PASSWORD}@trigger-postgres:5432/${POSTGRES_DB:-trigger}?schema=public
- DIRECT_URL=postgresql://${POSTGRES_USER:-trigger}:${POSTGRES_PASSWORD}@trigger-postgres:5432/${POSTGRES_DB:-trigger}?schema=public
- DATABASE_CONNECTION_LIMIT=${DATABASE_CONNECTION_LIMIT:-10}
# Redis
- REDIS_HOST=trigger-redis
- REDIS_PORT=6379
- REDIS_TLS_DISABLED=true
# ClickHouse
- CLICKHOUSE_URL=http://trigger-clickhouse:8123
- CLICKHOUSE_USER=${CLICKHOUSE_USER:-default}
- CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password}
- CLICKHOUSE_DATABASE=${CLICKHOUSE_DATABASE:-default}
# Object storage (MinIO)
- OBJECT_STORE_BASE_URL=http://trigger-minio:9000
- OBJECT_STORE_ACCESS_KEY_ID=${MINIO_ROOT_USER:-admin}
- OBJECT_STORE_SECRET_ACCESS_KEY=${MINIO_ROOT_PASSWORD:-very-safe-password}
- PACKET_BUCKET_NAME=${PACKET_BUCKET_NAME:-packets}
# Registry
- DEPLOY_REGISTRY_HOST=${REGISTRY_HOST:-trigger-registry:5000}
- DEPLOY_REGISTRY_NAMESPACE=trigger
# Authentication
- WHITELISTED_EMAILS=${WHITELISTED_EMAILS:-}
- AUTH_GITHUB_CLIENT_ID=${AUTH_GITHUB_CLIENT_ID:-}
- AUTH_GITHUB_CLIENT_SECRET=${AUTH_GITHUB_CLIENT_SECRET:-}
# Email (optional)
- EMAIL_TRANSPORT=${EMAIL_TRANSPORT:-}
- FROM_EMAIL=${FROM_EMAIL:-}
- REPLY_TO_EMAIL=${REPLY_TO_EMAIL:-}
- RESEND_API_KEY=${RESEND_API_KEY:-}
- SMTP_HOST=${SMTP_HOST:-}
- SMTP_PORT=${SMTP_PORT:-587}
- SMTP_SECURE=${SMTP_SECURE:-false}
- SMTP_USER=${SMTP_USER:-}
- SMTP_PASSWORD=${SMTP_PASSWORD:-}
# Telemetry
- TRIGGER_TELEMETRY_DISABLED=${TRIGGER_TELEMETRY_DISABLED:-}
# Bootstrap
- TRIGGER_BOOTSTRAP_ENABLED=${TRIGGER_BOOTSTRAP_ENABLED:-true}
- TRIGGER_BOOTSTRAP_WORKER_GROUP_NAME=${TRIGGER_BOOTSTRAP_WORKER_GROUP_NAME:-bootstrap}
- TRIGGER_BOOTSTRAP_WORKER_TOKEN_PATH=/home/node/shared/worker_token
volumes:
- trigger_shared:/home/node/shared
depends_on:
trigger-postgres:
condition: service_healthy
trigger-redis:
condition: service_healthy
trigger-clickhouse:
condition: service_healthy
trigger-minio:
condition: service_healthy
electric:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3030/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
deploy:
resources:
limits:
cpus: ${WEBAPP_CPU_LIMIT:-3.0}
memory: ${WEBAPP_MEMORY_LIMIT:-6G}
reservations:
cpus: ${WEBAPP_CPU_RESERVATION:-1.0}
memory: ${WEBAPP_MEMORY_RESERVATION:-2G}
trigger-postgres:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}postgres:${POSTGRES_VERSION:-17.2-alpine3.21}
command:
- postgres
- -c
- wal_level=logical
- -c
- max_replication_slots=10
- -c
- max_wal_senders=10
environment:
- TZ=${TZ:-UTC}
- POSTGRES_USER=${POSTGRES_USER:-trigger}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB:-trigger}
volumes:
- trigger_postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER:-trigger} -d ${POSTGRES_DB:-trigger}"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
deploy:
resources:
limits:
cpus: ${POSTGRES_CPU_LIMIT:-2.0}
memory: ${POSTGRES_MEMORY_LIMIT:-4G}
reservations:
cpus: ${POSTGRES_CPU_RESERVATION:-0.5}
memory: ${POSTGRES_MEMORY_RESERVATION:-1G}
trigger-redis:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}redis:${REDIS_VERSION:-7.4.3-alpine3.21}
command: redis-server --appendonly yes
volumes:
- trigger_redis_data:/data
healthcheck:
test: ["CMD", "redis-cli", "ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
deploy:
resources:
limits:
cpus: ${REDIS_CPU_LIMIT:-1.0}
memory: ${REDIS_MEMORY_LIMIT:-2G}
reservations:
cpus: ${REDIS_CPU_RESERVATION:-0.25}
memory: ${REDIS_MEMORY_RESERVATION:-512M}
trigger-clickhouse:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}clickhouse/clickhouse-server:${CLICKHOUSE_VERSION:-25.3}
environment:
- TZ=${TZ:-UTC}
- CLICKHOUSE_DB=${CLICKHOUSE_DATABASE:-default}
- CLICKHOUSE_USER=${CLICKHOUSE_USER:-default}
- CLICKHOUSE_PASSWORD=${CLICKHOUSE_PASSWORD:-password}
- CLICKHOUSE_DEFAULT_ACCESS_MANAGEMENT=1
volumes:
- trigger_clickhouse_data:/var/lib/clickhouse
- trigger_clickhouse_logs:/var/log/clickhouse-server
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "-O-", "http://localhost:8123/ping"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
deploy:
resources:
limits:
cpus: ${CLICKHOUSE_CPU_LIMIT:-2.0}
memory: ${CLICKHOUSE_MEMORY_LIMIT:-4G}
reservations:
cpus: ${CLICKHOUSE_CPU_RESERVATION:-0.5}
memory: ${CLICKHOUSE_MEMORY_RESERVATION:-1G}
trigger-minio:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}minio/minio:${MINIO_VERSION:-RELEASE.2025-04-22T22-12-26Z}
command: server /data --console-address ":9001"
ports:
- "${MINIO_API_PORT:-9000}:9000"
- "${MINIO_CONSOLE_PORT:-9001}:9001"
environment:
- TZ=${TZ:-UTC}
- MINIO_ROOT_USER=${MINIO_ROOT_USER:-admin}
- MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-very-safe-password}
volumes:
- trigger_minio_data:/data
healthcheck:
test: ["CMD", "mc", "ready", "local"]
interval: 10s
timeout: 5s
retries: 5
start_period: 10s
deploy:
resources:
limits:
cpus: ${MINIO_CPU_LIMIT:-1.0}
memory: ${MINIO_MEMORY_LIMIT:-2G}
reservations:
cpus: ${MINIO_CPU_RESERVATION:-0.25}
memory: ${MINIO_MEMORY_RESERVATION:-512M}
# MinIO bucket initialization
trigger-minio-init:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}minio/mc:${MC_VERSION:-RELEASE.2025-04-16T18-13-26Z}
entrypoint: |
/bin/sh -c '
sleep 5
mc alias set myminio http://trigger-minio:9000 ${MINIO_ROOT_USER:-admin} ${MINIO_ROOT_PASSWORD:-very-safe-password}
mc mb myminio/${PACKET_BUCKET_NAME:-packets} --ignore-existing
echo "MinIO bucket initialized"
exit 0
'
depends_on:
trigger-minio:
condition: service_healthy
restart: "no"
electric:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}electricsql/electric:${ELECTRIC_VERSION:-1.0.0}
environment:
- TZ=${TZ:-UTC}
- DATABASE_URL=postgresql://${POSTGRES_USER:-trigger}:${POSTGRES_PASSWORD}@trigger-postgres:5432/${POSTGRES_DB:-trigger}
depends_on:
trigger-postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/v1/health"]
interval: 10s
timeout: 5s
retries: 5
start_period: 30s
deploy:
resources:
limits:
cpus: ${ELECTRIC_CPU_LIMIT:-1.0}
memory: ${ELECTRIC_MEMORY_LIMIT:-1G}
reservations:
cpus: ${ELECTRIC_CPU_RESERVATION:-0.25}
memory: ${ELECTRIC_MEMORY_RESERVATION:-256M}
# Initialize registry htpasswd file on first run
trigger-registry-init:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}httpd:2-alpine
entrypoint: |
/bin/sh -c '
if [ ! -f /auth/htpasswd ]; then
echo "Generating htpasswd file..."
htpasswd -nbB "${REGISTRY_USER:-registry-user}" "${REGISTRY_PASSWORD:-very-secure-indeed}" > /auth/htpasswd
echo "htpasswd file created successfully"
else
echo "htpasswd file already exists, skipping..."
fi
'
environment:
- REGISTRY_USER=${REGISTRY_USER:-registry-user}
- REGISTRY_PASSWORD=${REGISTRY_PASSWORD:-very-secure-indeed}
volumes:
- trigger_registry_auth:/auth
restart: "no"
trigger-registry:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}registry:${REGISTRY_IMAGE_VERSION:-3}
ports:
- "${REGISTRY_PORT:-5000}:5000"
environment:
- TZ=${TZ:-UTC}
- REGISTRY_AUTH=htpasswd
- REGISTRY_AUTH_HTPASSWD_REALM=Registry
- REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
- REGISTRY_STORAGE_DELETE_ENABLED=true
volumes:
- trigger_registry_data:/var/lib/registry
- trigger_registry_auth:/auth:ro
depends_on:
trigger-registry-init:
condition: service_completed_successfully
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:5000/v2/"]
interval: 30s
timeout: 10s
retries: 3
start_period: 10s
deploy:
resources:
limits:
cpus: ${REGISTRY_CPU_LIMIT:-0.5}
memory: ${REGISTRY_MEMORY_LIMIT:-512M}
reservations:
cpus: ${REGISTRY_CPU_RESERVATION:-0.1}
memory: ${REGISTRY_MEMORY_RESERVATION:-128M}
# =============================================================================
# Worker Services (Supervisor Stack)
# =============================================================================
supervisor:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}ghcr.io/triggerdotdev/supervisor:${TRIGGER_IMAGE_TAG:-v4.2.0}
environment:
- TZ=${TZ:-UTC}
# Required settings
- TRIGGER_API_URL=http://webapp:3030
- TRIGGER_WORKER_TOKEN=${TRIGGER_WORKER_TOKEN:-file:///home/node/shared/worker_token}
- MANAGED_WORKER_SECRET=${MANAGED_WORKER_SECRET:-managed-secret}
- OTEL_EXPORTER_OTLP_ENDPOINT=http://webapp:3030/otel
# Worker instance
- TRIGGER_WORKER_INSTANCE_NAME=${TRIGGER_WORKER_INSTANCE_NAME:-supervisor-1}
- TRIGGER_WORKER_HEARTBEAT_INTERVAL_SECONDS=${TRIGGER_WORKER_HEARTBEAT_INTERVAL_SECONDS:-30}
# Workload API settings
- TRIGGER_WORKLOAD_API_ENABLED=true
- TRIGGER_WORKLOAD_API_PROTOCOL=http
- TRIGGER_WORKLOAD_API_PORT_INTERNAL=8020
- TRIGGER_WORKLOAD_API_PORT_EXTERNAL=8020
# Docker settings
- DOCKER_RUNNER_NETWORKS=trigger-dev_default
- DOCKER_ENFORCE_MACHINE_PRESETS=${DOCKER_ENFORCE_MACHINE_PRESETS:-true}
- DOCKER_AUTOREMOVE_EXITED_CONTAINERS=${DOCKER_AUTOREMOVE_EXITED_CONTAINERS:-true}
volumes:
- trigger_shared:/home/node/shared:ro
depends_on:
webapp:
condition: service_healthy
docker-socket-proxy:
condition: service_started
deploy:
resources:
limits:
cpus: ${SUPERVISOR_CPU_LIMIT:-2.0}
memory: ${SUPERVISOR_MEMORY_LIMIT:-4G}
reservations:
cpus: ${SUPERVISOR_CPU_RESERVATION:-0.5}
memory: ${SUPERVISOR_MEMORY_RESERVATION:-1G}
docker-socket-proxy:
<<: *defaults
image: ${GLOBAL_REGISTRY:-}tecnativa/docker-socket-proxy:${DOCKER_SOCKET_PROXY_VERSION:-0.3.0}
privileged: true
environment:
- TZ=${TZ:-UTC}
# Allowed API endpoints
- CONTAINERS=1
- IMAGES=1
- NETWORKS=1
- VOLUMES=1
- AUTH=1
- POST=1
- BUILD=0
- COMMIT=0
- CONFIGS=0
- DISTRIBUTION=1
- EXEC=0
- GRPC=0
- INFO=1
- NODES=0
- PING=1
- PLUGINS=0
- SECRETS=0
- SERVICES=0
- SESSION=0
- SWARM=0
- SYSTEM=0
- TASKS=0
- VERSION=1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
resources:
limits:
cpus: ${DOCKER_PROXY_CPU_LIMIT:-0.5}
memory: ${DOCKER_PROXY_MEMORY_LIMIT:-256M}
reservations:
cpus: ${DOCKER_PROXY_CPU_RESERVATION:-0.1}
memory: ${DOCKER_PROXY_MEMORY_RESERVATION:-64M}
volumes:
trigger_shared:
trigger_postgres_data:
trigger_redis_data:
trigger_clickhouse_data:
trigger_clickhouse_logs:
trigger_minio_data:
trigger_registry_data:
trigger_registry_auth: