-
Notifications
You must be signed in to change notification settings - Fork 42
Add comprehensive Docker support for containerized Wassette deployments #369
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
8d8dc56
Add Docker support with Dockerfile and comprehensive documentation
Copilot a4a4cfa
Add Docker deployment section to README
Copilot b2c5142
Fix wording in README Docker section
Copilot 1451c88
Address review feedback: use Rust 1.90, streamable-http default, merg…
Copilot a3e3208
Update Docker documentation to reflect streamable-http as default tra…
Copilot f0d0730
Merge branch 'main' into copilot/add-docker-documentation-2
Mossaka File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
# Git files | ||
.git | ||
.gitignore | ||
.gitattributes | ||
|
||
# GitHub workflows and documentation | ||
.github | ||
docs/book | ||
docs/TODO.md | ||
|
||
# Target and build artifacts | ||
target/** | ||
!target/release/wassette | ||
bin | ||
*.wasm | ||
|
||
# Examples and tests | ||
examples/*/target | ||
tests | ||
|
||
# Documentation | ||
*.md | ||
!README.md | ||
LICENSE | ||
NOTICE | ||
SECURITY.md | ||
CODE_OF_CONDUCT.md | ||
CONTRIBUTING.md | ||
|
||
# Development files | ||
.vscode | ||
.idea | ||
*.swp | ||
*.swo | ||
*~ | ||
|
||
# Rust artifacts | ||
**/*.rs.bk | ||
Cargo.lock.bak | ||
|
||
# OS files | ||
.DS_Store | ||
Thumbs.db | ||
|
||
# CI/Docker files | ||
Dockerfile.ci | ||
docker-compose.yml | ||
|
||
# Scripts | ||
scripts | ||
|
||
# Package manager files | ||
Formula | ||
flake.nix | ||
flake.lock | ||
winget | ||
|
||
# Other | ||
assets | ||
audit.toml | ||
deny.toml | ||
_typos.toml | ||
rustfmt.toml | ||
component-registry.json | ||
policy.yaml | ||
install.sh |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Wassette Docker Image | ||
# This Dockerfile provides a containerized runtime for Wassette with additional security isolation | ||
|
||
# Stage 1: Build the Wassette binary | ||
FROM rust:1.90-bookworm AS builder | ||
|
||
# Install ca-certificates for HTTPS support during build | ||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends ca-certificates && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
WORKDIR /build | ||
|
||
# Copy the project files | ||
COPY Cargo.toml Cargo.lock ./ | ||
COPY src ./src | ||
COPY crates ./crates | ||
COPY build.rs ./ | ||
|
||
# Build the release binary | ||
RUN cargo build --release --bin wassette | ||
|
||
# Stage 2: Create the runtime image | ||
FROM debian:bookworm-slim | ||
|
||
# Install runtime dependencies | ||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends \ | ||
ca-certificates \ | ||
libssl3 && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Create a non-root user for running Wassette | ||
RUN useradd -m -u 1000 -s /bin/bash wassette | ||
|
||
# Create necessary directories with proper permissions | ||
RUN mkdir -p /home/wassette/.local/share/wassette/components && \ | ||
mkdir -p /home/wassette/.config/wassette/secrets && \ | ||
chown -R wassette:wassette /home/wassette | ||
|
||
# Copy the binary from the builder stage | ||
COPY --from=builder /build/target/release/wassette /usr/local/bin/wassette | ||
|
||
# Set up environment | ||
ENV HOME=/home/wassette | ||
ENV XDG_DATA_HOME=/home/wassette/.local/share | ||
ENV XDG_CONFIG_HOME=/home/wassette/.config | ||
|
||
# Switch to the non-root user | ||
USER wassette | ||
WORKDIR /home/wassette | ||
|
||
# Expose the default HTTP port (when using --http or --sse) | ||
EXPOSE 9001 | ||
|
||
# Default command: start Wassette with streamable-http transport | ||
# Override this in docker run or docker-compose for different transports | ||
CMD ["wassette", "serve", "--streamable-http"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Wassette Docker Image (Pre-built Binary) | ||
# This Dockerfile uses a pre-built Wassette binary for faster builds | ||
# Useful when you already have the binary compiled on your host system | ||
|
||
FROM debian:bookworm-slim | ||
|
||
# Install runtime dependencies | ||
RUN apt-get update && \ | ||
apt-get install -y --no-install-recommends \ | ||
ca-certificates \ | ||
libssl3 && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Create a non-root user for running Wassette | ||
RUN useradd -m -u 1000 -s /bin/bash wassette | ||
|
||
# Create necessary directories with proper permissions | ||
RUN mkdir -p /home/wassette/.local/share/wassette/components && \ | ||
mkdir -p /home/wassette/.config/wassette/secrets && \ | ||
chown -R wassette:wassette /home/wassette | ||
|
||
# Copy the pre-built binary from the host (build context) | ||
# Build the binary first with: cargo build --release --bin wassette | ||
# Then copy it: COPY target/release/wassette /usr/local/bin/wassette | ||
COPY target/release/wassette /usr/local/bin/wassette | ||
RUN chmod +x /usr/local/bin/wassette | ||
|
||
# Set up environment | ||
ENV HOME=/home/wassette | ||
ENV XDG_DATA_HOME=/home/wassette/.local/share | ||
ENV XDG_CONFIG_HOME=/home/wassette/.config | ||
|
||
# Switch to the non-root user | ||
USER wassette | ||
WORKDIR /home/wassette | ||
|
||
# Expose the default HTTP port (when using --http or --sse) | ||
EXPOSE 9001 | ||
|
||
# Default command: start Wassette with streamable-http transport | ||
# Override this in docker run or docker-compose for different transports | ||
CMD ["wassette", "serve", "--streamable-http"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
# Example Docker Compose configuration for Wassette | ||
# Copy this file to docker-compose.yml and customize for your needs | ||
|
||
version: '3.8' | ||
|
||
services: | ||
wassette: | ||
build: . | ||
image: wassette:latest | ||
|
||
# Expose port 9001 for streamable-http transport (default) | ||
ports: | ||
- "9001:9001" | ||
|
||
# Mount volumes for components, secrets, and configuration | ||
volumes: | ||
# Component directory (read-only for security) | ||
- ./components:/home/wassette/.local/share/wassette/components:ro | ||
|
||
# Secrets directory (read-only) | ||
# Store API keys and credentials here | ||
- ./secrets:/home/wassette/.config/wassette/secrets:ro | ||
|
||
# Optional: Custom configuration file | ||
# - ./config.toml:/home/wassette/.config/wassette/config.toml:ro | ||
|
||
# Optional: Persistent component storage | ||
# Use this if you want to load components via the MCP interface | ||
# and persist them across container restarts | ||
# - wassette-components:/home/wassette/.local/share/wassette/components | ||
|
||
# Environment variables | ||
environment: | ||
# Set log level (trace, debug, info, warn, error) | ||
- RUST_LOG=info | ||
|
||
# Add any additional environment variables your components need | ||
# - OPENWEATHER_API_KEY=your_api_key_here | ||
|
||
# Command to run (override the default CMD from Dockerfile) | ||
# Note: Default is streamable-http, but you can override it | ||
|
||
# Default: Streamable HTTP transport (uses port 9001) | ||
# Uses the default CMD from Dockerfile - no need to specify | ||
|
||
# Option 1: Override with stdio transport | ||
# command: ["wassette", "serve", "--stdio"] | ||
|
||
# Option 2: Override with SSE transport | ||
# command: ["wassette", "serve", "--sse"] | ||
|
||
# Security: Limit container resources | ||
deploy: | ||
resources: | ||
limits: | ||
cpus: '1.0' | ||
memory: 512M | ||
reservations: | ||
cpus: '0.5' | ||
memory: 256M | ||
|
||
# Security: Drop unnecessary capabilities | ||
cap_drop: | ||
- ALL | ||
|
||
# Security: Prevent privilege escalation | ||
security_opt: | ||
- no-new-privileges:true | ||
|
||
# Optional: Health check for SSE/HTTP transports | ||
healthcheck: | ||
test: ["CMD-SHELL", "curl -f http://localhost:9001/health || exit 1"] | ||
interval: 30s | ||
timeout: 10s | ||
retries: 3 | ||
start_period: 40s | ||
|
||
# Restart policy | ||
restart: unless-stopped | ||
|
||
# Optional: Named volumes for persistent storage | ||
# volumes: | ||
# wassette-components: | ||
# driver: local |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Inconsistent health check format between the Docker Compose example and documentation. The documentation uses
CMD
format while this usesCMD-SHELL
. Also, the/health
endpoint should be verified to exist.Copilot uses AI. Check for mistakes.