feat: add compose.coolify.yml for PaaS deployment#69
Conversation
|
Reviews (1): Last reviewed commit: "feat: add Coolify compose configuration" | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| bangs: | ||
| container_name: bangs | ||
| image: joseluisq/static-web-server:2-alpine | ||
| init: true | ||
| restart: unless-stopped |
There was a problem hiding this comment.
bangs service is missing read_only: true, which both ubo_proxy and ext_proxy set for security hardening. Since the container only serves a static file, there's no reason it needs a writable root filesystem.
| bangs: | |
| container_name: bangs | |
| image: joseluisq/static-web-server:2-alpine | |
| init: true | |
| restart: unless-stopped | |
| bangs: | |
| container_name: bangs | |
| image: joseluisq/static-web-server:2-alpine | |
| read_only: true | |
| init: true | |
| restart: unless-stopped |
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
|
|
||
| bangs: | ||
| container_name: bangs | ||
| image: joseluisq/static-web-server:2-alpine |
There was a problem hiding this comment.
bangs image uses a floating tag (2-alpine), meaning a minor-version bump on Docker Hub can silently change the running binary. The main compose.yml pins acme.sh to a full SHA256 digest. Consider pinning to a specific digest or immutable tag to make deployments reproducible and avoid unexpected breakage.
| image: joseluisq/static-web-server:2-alpine | |
| image: joseluisq/static-web-server:2.34.0-alpine |
|
this is not something we would like to maintain, sorry! if it's useful for you, please feel free to keep a fork with it |
2 participants
Adds a stripped-down
compose.coolify.ymltailored for deploying to Coolify.nginxandacme.sh).bangs.jsonvia a lightweight alpine static web server.