39 lines
1.7 KiB
Markdown
39 lines
1.7 KiB
Markdown
# Containerization Runbook
|
|
|
|
## Image Build
|
|
|
|
If the repo consumes internal packages from Gitea, pass feed credentials as build args.
|
|
|
|
```bash
|
|
docker build --build-arg NUGET_FEED_USERNAME=<gitea-login> --build-arg NUGET_FEED_TOKEN=<gitea-token> -t agilewebs/thalos-bff:dev .
|
|
```
|
|
|
|
## Local Run
|
|
|
|
```bash
|
|
docker run --rm -p 8080:8080 \
|
|
-e ThalosService__GrpcAddress=http://thalos-service:8081 \
|
|
-e ThalosBff__Oidc__Google__ClientId=<google-client-id> \
|
|
-e ThalosBff__Oidc__Google__ClientSecret=<google-client-secret> \
|
|
-e ThalosBff__Oidc__Google__RedirectUri=https://auth.dream-views.com/api/identity/oidc/google/callback \
|
|
-e ThalosBff__Oidc__StateSigningSecret=<state-signing-secret> \
|
|
-e ThalosBff__SessionCookieSecure=true \
|
|
-e ThalosBff__SessionCookieDomain=.dream-views.com \
|
|
--name thalos-bff agilewebs/thalos-bff:dev
|
|
```
|
|
|
|
## Health Probe
|
|
|
|
- Path: `/health`
|
|
- Fallback path: `/healthz`
|
|
- Port: `8080`
|
|
|
|
## Runtime Notes
|
|
|
|
- Requires `ThalosService__GrpcAddress` to target thalos-service in distributed runs.
|
|
- gRPC client contract protobuf is vendored at `src/Thalos.Bff.Rest/Protos/identity_runtime.proto` to keep image builds repo-local.
|
|
- OIDC callback requires `ThalosBff__Oidc__Google__ClientId`, `ClientSecret`, `RedirectUri`, and `StateSigningSecret`.
|
|
- For cross-subdomain SPA auth, set `ThalosBff__SessionCookieDomain=.dream-views.com` and secure cookies in non-local environments.
|
|
- Callback failures should land back on the central auth host (or another allowlisted return host) with `authError` and `correlationId` query values for UX recovery and support diagnostics.
|
|
- The OIDC state cookie is transient and should be cleared after any callback attempt, successful or failed.
|