all the new shiny things

2026-01-11 02:02:33 -08:00
parent 9815eb3686
commit 4e22213cd1
37 changed files with 5636 additions and 375 deletions
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -7,7 +7,7 @@
 #
 # Base: Ubuntu 22.04 (LTS) - matches production server
 # Node: v20.x (LTS) - matches production
-# Includes: PostgreSQL client, Redis CLI, build tools
+# Includes: PostgreSQL client, Redis CLI, build tools, Bugsink, Logstash
 # ============================================================================

 FROM ubuntu:22.04
@@ -21,16 +21,23 @@ ENV DEBIAN_FRONTEND=noninteractive
 # - curl: for downloading Node.js setup script and health checks
 # - git: for version control operations
 # - build-essential: for compiling native Node.js modules (node-gyp)
-# - python3: required by some Node.js build tools
+# - python3, python3-pip, python3-venv: for Bugsink
 # - postgresql-client: for psql CLI (database initialization)
 # - redis-tools: for redis-cli (health checks)
+# - gnupg, apt-transport-https: for Elastic APT repository (Logstash)
+# - openjdk-17-jre-headless: required by Logstash
 RUN apt-get update && apt-get install -y \
    curl \
    git \
    build-essential \
    python3 \
+    python3-pip \
+    python3-venv \
    postgresql-client \
    redis-tools \
+    gnupg \
+    apt-transport-https \
+    openjdk-17-jre-headless \
    && rm -rf /var/lib/apt/lists/*

 # ============================================================================
@@ -39,6 +46,128 @@ RUN apt-get update && apt-get install -y \
 RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
    && apt-get install -y nodejs

+# ============================================================================
+# Install Logstash (Elastic APT Repository)
+# ============================================================================
+# ADR-015: Log aggregation for Pino and Redis logs → Bugsink
+RUN curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-8.x.list \
+    && apt-get update \
+    && apt-get install -y logstash \
+    && rm -rf /var/lib/apt/lists/*
+
+# ============================================================================
+# Install Bugsink (Python Package)
+# ============================================================================
+# ADR-015: Self-hosted Sentry-compatible error tracking
+# Create a virtual environment for Bugsink to avoid conflicts
+RUN python3 -m venv /opt/bugsink \
+    && /opt/bugsink/bin/pip install --upgrade pip \
+    && /opt/bugsink/bin/pip install bugsink gunicorn psycopg2-binary
+
+# Create Bugsink directories
+RUN mkdir -p /var/log/bugsink /var/lib/bugsink
+
+# Create Bugsink startup script
+# Uses DATABASE_URL environment variable (standard Docker approach per docs)
+RUN echo '#!/bin/bash\n\
+set -e\n\
+\n\
+# Build DATABASE_URL from individual env vars for flexibility\n\
+export DATABASE_URL="postgresql://${BUGSINK_DB_USER:-bugsink}:${BUGSINK_DB_PASSWORD:-bugsink_dev_password}@${BUGSINK_DB_HOST:-postgres}:${BUGSINK_DB_PORT:-5432}/${BUGSINK_DB_NAME:-bugsink}"\n\
+# SECRET_KEY is required by Bugsink/Django\n\
+export SECRET_KEY="${BUGSINK_SECRET_KEY:-dev-bugsink-secret-key-minimum-50-characters-for-security}"\n\
+\n\
+# Wait for PostgreSQL to be ready\n\
+until pg_isready -h ${BUGSINK_DB_HOST:-postgres} -p ${BUGSINK_DB_PORT:-5432} -U ${BUGSINK_DB_USER:-bugsink}; do\n\
+    echo "Waiting for PostgreSQL..."\n\
+    sleep 2\n\
+done\n\
+\n\
+echo "PostgreSQL is ready. Starting Bugsink..."\n\
+echo "DATABASE_URL: postgresql://${BUGSINK_DB_USER}:***@${BUGSINK_DB_HOST}:${BUGSINK_DB_PORT}/${BUGSINK_DB_NAME}"\n\
+\n\
+# Run migrations\n\
+/opt/bugsink/bin/bugsink-manage migrate --noinput\n\
+\n\
+# Create superuser if not exists (for dev convenience)\n\
+if [ -n "$BUGSINK_ADMIN_EMAIL" ] && [ -n "$BUGSINK_ADMIN_PASSWORD" ]; then\n\
+    export CREATE_SUPERUSER="${BUGSINK_ADMIN_EMAIL}:${BUGSINK_ADMIN_PASSWORD}"\n\
+    echo "Superuser configured: ${BUGSINK_ADMIN_EMAIL}"\n\
+fi\n\
+\n\
+# Start Bugsink with Gunicorn\n\
+echo "Starting Gunicorn on port ${BUGSINK_PORT:-8000}..."\n\
+exec /opt/bugsink/bin/gunicorn \\\n\
+    --bind 0.0.0.0:${BUGSINK_PORT:-8000} \\\n\
+    --workers ${BUGSINK_WORKERS:-2} \\\n\
+    --access-logfile - \\\n\
+    --error-logfile - \\\n\
+    bugsink.wsgi:application\n\
+' > /usr/local/bin/start-bugsink.sh \
+    && chmod +x /usr/local/bin/start-bugsink.sh
+
+# ============================================================================
+# Create Logstash Pipeline Configuration
+# ============================================================================
+# ADR-015: Pino and Redis logs → Bugsink
+RUN mkdir -p /etc/logstash/conf.d /app/logs
+
+RUN echo 'input {\n\
+  # Pino application logs\n\
+  file {\n\
+    path => "/app/logs/*.log"\n\
+    codec => json\n\
+    type => "pino"\n\
+    tags => ["app"]\n\
+    start_position => "beginning"\n\
+    sincedb_path => "/var/lib/logstash/sincedb_pino"\n\
+  }\n\
+\n\
+  # Redis logs\n\
+  file {\n\
+    path => "/var/log/redis/*.log"\n\
+    type => "redis"\n\
+    tags => ["redis"]\n\
+    start_position => "beginning"\n\
+    sincedb_path => "/var/lib/logstash/sincedb_redis"\n\
+  }\n\
+}\n\
+\n\
+filter {\n\
+  # Pino error detection (level 50 = error, 60 = fatal)\n\
+  if [type] == "pino" and [level] >= 50 {\n\
+    mutate { add_tag => ["error"] }\n\
+  }\n\
+\n\
+  # Redis error detection\n\
+  if [type] == "redis" {\n\
+    grok {\n\
+      match => { "message" => "%%{POSINT:pid}:%%{WORD:role} %%{MONTHDAY} %%{MONTH} %%{TIME} %%{WORD:loglevel} %%{GREEDYDATA:redis_message}" }\n\
+    }\n\
+    if [loglevel] in ["WARNING", "ERROR"] {\n\
+      mutate { add_tag => ["error"] }\n\
+    }\n\
+  }\n\
+}\n\
+\n\
+output {\n\
+  if "error" in [tags] {\n\
+    http {\n\
+      url => "http://localhost:8000/api/store/"\n\
+      http_method => "post"\n\
+      format => "json"\n\
+    }\n\
+  }\n\
+  \n\
+  # Debug output (comment out in production)\n\
+  stdout { codec => rubydebug }\n\
+}\n\
+' > /etc/logstash/conf.d/bugsink.conf
+
+# Create Logstash sincedb directory
+RUN mkdir -p /var/lib/logstash && chown -R logstash:logstash /var/lib/logstash
+
 # ============================================================================
 # Set Working Directory
 # ============================================================================
@@ -52,6 +181,25 @@ ENV NODE_ENV=development
 # Increase Node.js memory limit for large builds
 ENV NODE_OPTIONS='--max-old-space-size=8192'

+# Bugsink defaults (ADR-015)
+ENV BUGSINK_DB_HOST=postgres
+ENV BUGSINK_DB_PORT=5432
+ENV BUGSINK_DB_NAME=bugsink
+ENV BUGSINK_DB_USER=bugsink
+ENV BUGSINK_DB_PASSWORD=bugsink_dev_password
+ENV BUGSINK_PORT=8000
+ENV BUGSINK_BASE_URL=http://localhost:8000
+ENV BUGSINK_ADMIN_EMAIL=admin@localhost
+ENV BUGSINK_ADMIN_PASSWORD=admin
+
+# ============================================================================
+# Expose Ports
+# ============================================================================
+# 3000 - Vite frontend
+# 3001 - Express backend
+# 8000 - Bugsink error tracking
+EXPOSE 3000 3001 8000
+
 # ============================================================================
 # Default Command
 # ============================================================================