Prepare recipe release #14

Merged
stevensting merged 19 commits from recipe-release into main 2026-07-08 10:12:54 +00:00
Owner
No description provided.
Author
Owner

Fixes #13

Fixes #13
stevensting added 1 commit 2026-06-25 09:36:56 +00:00
stevensting added 1 commit 2026-06-25 09:40:52 +00:00
stevensting added 1 commit 2026-06-25 09:41:39 +00:00
stevensting added 1 commit 2026-06-25 09:51:40 +00:00
stevensting added 1 commit 2026-06-25 10:49:09 +00:00
stevensting added 1 commit 2026-06-25 11:23:13 +00:00
stevensting added 1 commit 2026-06-26 08:57:11 +00:00
stevensting added 1 commit 2026-06-26 10:35:33 +00:00
stevensting added 1 commit 2026-06-29 11:03:02 +00:00
stevensting added 1 commit 2026-06-29 12:30:37 +00:00
stevensting added 1 commit 2026-06-29 12:31:48 +00:00
stevensting added 1 commit 2026-06-29 13:20:34 +00:00
stevensting added 1 commit 2026-06-29 17:10:12 +00:00
mayel reviewed 2026-06-30 07:42:39 +00:00
.env.sample Outdated
@@ -38,1 +4,4 @@
# choose what flavour of Bonfire to run. default: social
#APP_FLAVOUR=social
# uncomment to run specific version e.g. v1.0.4 or latest release branch. available: latest, latest-beta, latest-alpha
Owner

also latest-rc

also latest-rc
Owner

and version without the v, eg: 1.0.4

and version without the v, eg: 1.0.4
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 07:50:17 +00:00
.env.sample Outdated
@@ -69,2 +53,2 @@
# and do not check your env file into any public git repo
# change ALL the values:
# recommended search backend sonic
COMPOSE_FILE="$COMPOSE_FILE:compose.sonic.yml"
Owner

should this be uncommented by default, given they make skip giving sonic a PW, so could be one step in docs: uncomment these two lines and set a PW to enable search

should this be uncommented by default, given they make skip giving sonic a PW, so could be one step in docs: uncomment these two lines and set a PW to enable search
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 07:51:24 +00:00
.env.sample Outdated
@@ -71,0 +62,4 @@
# ====================================
# MAIL
# Enable `compose.mail.yml` to set secrets for sending emails (remember to also include your chosen search backend's compose file):
Owner

is the reminder unnecessary since doing COMPOSE_FILE="$COMPOSE_FILE: ?

is the reminder unnecessary since doing ` COMPOSE_FILE="$COMPOSE_FILE:` ?
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 07:52:06 +00:00
.env.sample Outdated
@@ -78,4 +75,2 @@
# signup to an email service and edit with relevant info, see: https://docs.bonfirenetworks.org/Bonfire.Mailer.html
# MAIL_DOMAIN=mgo.example.com
# MAIL_KEY=xyz
# NOTE: please add `compose.mail.yml` to COMPOSE_FILE above and use the abra secret instead of env for secrets ^
Owner

seems like an invalid char here?

seems like an invalid char here?
mayel marked this conversation as resolved
mayel reviewed 2026-06-30 07:53:01 +00:00
.env.sample Outdated
@@ -116,3 +113,3 @@
# Enable using Bonfire as an SSO provider for external apps to sign in with?
# ENABLE_SSO_PROVIDER=false
OAUTH_ISSUER=https://${DOMAIN}
#OAUTH_ISSUER=https://${DOMAIN}
Owner

can uncomment by default?

can uncomment by default?
Author
Owner

Is it necessary to uncomment by default? what for?

Is it necessary to uncomment by default? what for?
Owner

for the OAuth & OpenID provider (different from the clients that are in seperate compose files)

for the OAuth & OpenID provider (different from the clients that are in seperate compose files)
Author
Owner

ok, but does every instance need this?

ok, but does every instance need this?
Owner

I guess we can instead do it in code from the domain, and leave it commented for people who want to override

I guess we can instead do it in code from the domain, and leave it commented for people who want to override
Author
Owner

I guess I'm fine uncommenting it. I was just wondering if the oauth issuer is always active on every instance and this env var works as the switch to activate it.

I guess I'm fine uncommenting it. I was just wondering if the oauth issuer is always active on every instance and this env var works as the switch to activate it.
mayel reviewed 2026-06-30 07:55:47 +00:00
.env.sample Outdated
@@ -127,4 +125,4 @@
# OPENID_1_ENABLE_SIGNUP=false
# ^ can be code, token or id_token
# orcid.org SSO: connect as a client to the orcid.org OpenID Connect provider with callback url https://yourinstance.tld/oauth/client/orcid
Owner
url changed to https://yourinstance.tld/openid/client/orcid
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 07:55:59 +00:00
.env.sample Outdated
@@ -118,3 +115,3 @@
OAUTH_ISSUER=https://${DOMAIN}
#OAUTH_ISSUER=https://${DOMAIN}
# OpenID Connect: connect as a client to the OpenID Connect provider with callback url https://yourinstance.tld/oauth/client/openid_1
Owner
url changed to https://yourinstance.tld/openid/client/openid_1
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:01:36 +00:00
.env.sample Outdated
@@ -144,3 +145,3 @@
# SECRET_GITHUB_CLIENT_SECRET_VERSION=v1
# GITHUB_APP_CLIENT_ID=
# GITHUB_CLIENT_SECRET=
Owner

can add one more

# Zenodo SSO: connect as a client to the Zenodo OAuth2 provider with callback url https://yourinstance.tld/oauth/client/zenodo
# ZENODO_CLIENT_ID=
# ZENODO_CLIENT_SECRET=
# ZENODO_GRANT_TYPE=
# ZENODO_SCOPE=
# ZENODO_ENV=
can add one more ``` # Zenodo SSO: connect as a client to the Zenodo OAuth2 provider with callback url https://yourinstance.tld/oauth/client/zenodo # ZENODO_CLIENT_ID= # ZENODO_CLIENT_SECRET= # ZENODO_GRANT_TYPE= # ZENODO_SCOPE= # ZENODO_ENV=
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:02:52 +00:00
.env.sample Outdated
@@ -148,0 +152,4 @@
#SECRET_GHOST_CONTENT_API_KEY_VERSION=v1
#SECRET_GHOST_ADMIN_API_KEY_VERSION=v1
#GHOST_URL=https://example.ghost.io
#IFRAME_ALLOWED_ORIGINS=https://example.com
Owner

IFRAME_ALLOWED_ORIGINS is not specific to just ghost, but in general what websites you want to allow embeding a bonfire widget in iframe

IFRAME_ALLOWED_ORIGINS is not specific to just ghost, but in general what websites you want to allow embeding a bonfire widget in iframe
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:06:45 +00:00
@@ -0,0 +1,68 @@
version: '3.8'
x-postgres-env: &postgres-env
Owner

curious what this does?

curious what this does?
mayel marked this conversation as resolved
mayel reviewed 2026-06-30 08:07:06 +00:00
@@ -0,0 +8,4 @@
services:
app:
environment:
<<: *postgres-env
Owner

ah I see!

ah I see!
mayel marked this conversation as resolved
mayel reviewed 2026-06-30 08:07:42 +00:00
@@ -0,0 +18,4 @@
command: >
postgres
-c max_connections=200
-c shared_buffers=${DB_MEMORY_LIMIT}MB
Owner

should we put a default for DB_MEMORY_LIMIT as fallback?

should we put a default for DB_MEMORY_LIMIT as fallback?
Owner

also good to add PG_STORAGE_TYPE, DISK_STORAGE_TYPE and PG_RAM_PERCENT, and in general may be useful to rebase as quite a few changes were made (including default tuning on this compose for anyone not using the autotune one)

also good to add PG_STORAGE_TYPE, DISK_STORAGE_TYPE and PG_RAM_PERCENT, and in general may be useful to rebase as quite a few changes were made (including default tuning on this compose for anyone not using the autotune one)
mayel reviewed 2026-06-30 08:07:54 +00:00
@@ -0,0 +17,4 @@
image: ${DB_DOCKER_IMAGE:-ghcr.io/baosystems/postgis}:${DB_DOCKER_VERSION:-17-3.5}
command: >
postgres
-c max_connections=200
Owner

maybe max_connections can be changed in ENV?

maybe max_connections can be changed in ENV?
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:08:10 +00:00
@@ -0,0 +28,4 @@
- type: tmpfs
target: /dev/shm
tmpfs:
size: 1000000000
Owner

maybe size can be changed in ENV?

maybe size can be changed in ENV?
mayel reviewed 2026-06-30 08:08:27 +00:00
@@ -0,0 +31,4 @@
size: 1000000000
# about 1 GB in bytes
tmpfs:
- /tmp:size=${DB_MEMORY_LIMIT}M^
Owner

ditto

ditto
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:09:00 +00:00
@@ -0,0 +13,4 @@
- UPLOADS_S3_DEFAULT_URL
- UPLOADS_S3_URL_EXPIRATION_TTL
- AWS_ROLE_ARN
- AWS_WEB_IDENTITY_TOKEN_FILE=/run/secrets/aws_web_identity_token
Owner

the token file is optional though

the token file is optional though
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:10:04 +00:00
compose.yml Outdated
@@ -4,3 +4,3 @@
services:
app:
image: ${APP_DOCKER_IMAGE}
image: bonfirenetworks/bonfire:${APP_VERSION:-1.0.4}-${APP_FLAVOUR:-social}-${APP_PLATFORM:-amd64}
Owner

I'd like to keep the bonfirenetworks/bonfire part in ENV too, so people can use a fork / custom flavour

I'd like to keep the `bonfirenetworks/bonfire` part in ENV too, so people can use a fork / custom flavour
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:16:47 +00:00
@@ -31,1 +23,3 @@
- APP_NAME
- LANG=${LANG:-en_US.UTF-8}
- SEEDS_USER=${SEEDS_USER:-root}
- ERLANG_COOKIE=${ERLANG_COOKIE:-bonfire_cookie}
Owner

can we change this to set RELEASE_COOKIE_FILE with a secret? and add RELEASE_DISTRIBUTION, RELEASE_NODE, RELEASE_MODE in env (these are for running multi-node deployments)

can we change this to set RELEASE_COOKIE_FILE with a secret? and add RELEASE_DISTRIBUTION, RELEASE_NODE, RELEASE_MODE in env (these are for running multi-node deployments)
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 08:18:20 +00:00
compose.yml Outdated
@@ -67,4 +45,1 @@
- WEB_PUSH_PUBLIC_KEY
- WEB_PUSH_PRIVATE_KEY
- AKISMET_API_KEY
Owner

these four are secrets

these four are secrets
Author
Owner

you mean all the api keys? so I would put OTEL_HONEYCOMB_API_KEY and OTEL_LIGHTSTEP_API_KEY in one yml, AKISMET_API_KEY in one and MAPBOX_API_KEY in another.

you mean all the api keys? so I would put OTEL_HONEYCOMB_API_KEY and OTEL_LIGHTSTEP_API_KEY in one yml, AKISMET_API_KEY in one and MAPBOX_API_KEY in another.
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 11:02:04 +00:00
@@ -0,0 +11,4 @@
- ghost_content_api_key
- ghost_admin_api_key
secrets:
Owner

need an extra secret: GHOST_WEBHOOK_SECRET

need an extra secret: GHOST_WEBHOOK_SECRET
stevensting marked this conversation as resolved
mayel reviewed 2026-06-30 11:02:17 +00:00
@@ -0,0 +6,4 @@
- GHOST_URL
- GHOST_CONTENT_API_KEY_FILE=/run/secrets/ghost_content_api_key
- GHOST_ADMIN_API_KEY_FILE=/run/secrets/ghost_admin_api_key
- IFRAME_ALLOWED_ORIGINS
Owner

this should be on main compose

this should be on main compose
stevensting marked this conversation as resolved
stevensting added 1 commit 2026-07-07 08:09:16 +00:00
stevensting added 1 commit 2026-07-07 09:51:30 +00:00
stevensting added 1 commit 2026-07-07 10:17:00 +00:00
stevensting added 1 commit 2026-07-07 10:41:41 +00:00
stevensting added 1 commit 2026-07-07 11:22:53 +00:00
stevensting added 1 commit 2026-07-07 14:58:37 +00:00
stevensting merged commit d74f05c0d1 into main 2026-07-08 10:12:54 +00:00
stevensting deleted branch recipe-release 2026-07-08 10:12:55 +00:00
Sign in to join this conversation.