Hugging Face's logo

Spaces:
Legal-i
/
orgstate
Running

App Files Community
orgstate
File size: 2,352 Bytes
d2d1903
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# OrgState β€” Render Blueprint template.
#
# Two services off ONE Dockerfile sharing one persistent disk
# (mirrors docker-compose.yml topology). Provisions:
#   - orgstate-api          web service, public, port 8080
#   - orgstate-scheduler    background worker, no port
#   - orgstate-shared       env group carrying ORGSTATE_* vars
#
# Usage:
#   cp deploy/render.yaml render.yaml
#   git add render.yaml && git commit -m "deploy to Render"
#   # Render dashboard β†’ New β†’ Blueprint β†’ connect repo β†’ Apply
#
# After first deploy: set ORGSTATE_ADMIN_KEY in the env group (random
# 32-char hex); restart; run `infra onboard` against the live URL.
# Drop ORGSTATE_ADMIN_KEY env once a DB-backed admin key exists.

services:
  - type: web
    name: orgstate-api
    runtime: docker
    plan: starter           # 512MB / 0.5 CPU β€” bump to "standard" past first paying customer
    dockerfilePath: ./Dockerfile
    healthCheckPath: /health
    envVarGroups:
      - orgstate-shared
    disk:
      name: orgstate-data
      mountPath: /data
      sizeGB: 10            # SQLite + room for growth; bump for high-tenant deployments
    autoDeploy: true

  - type: worker
    name: orgstate-scheduler
    runtime: docker
    plan: starter
    dockerfilePath: ./Dockerfile
    dockerCommand: bash infra/deployment/scripts/start_scheduler.sh
    envVarGroups:
      - orgstate-shared
    disk:
      name: orgstate-data        # SAME disk as api β€” scheduler reads/writes the same DB
      mountPath: /data
      sizeGB: 10
    autoDeploy: true

envVarGroups:
  - name: orgstate-shared
    envVars:
      - key: ORGSTATE_DB_PATH
        value: /data/orgstate.sqlite3
      - key: ORGSTATE_LOG_FORMAT
        value: json
      - key: ORGSTATE_LOG_LEVEL
        value: INFO
      - key: ORGSTATE_RATE_LIMIT_PER_KEY
        value: "600"
      - key: ORGSTATE_RATE_LIMIT_PER_IP
        value: "60"
      # Set HSTS only AFTER you've verified your TLS terminator works β€”
      # turning this on with broken TLS bricks browsers for max-age (1 year default).
      - key: ORGSTATE_HSTS_ENABLED
        value: "false"
      # Set the admin key in the dashboard, NOT in this file. Render's
      # Blueprint commits to git; secrets must stay out of the repo.
      # - key: ORGSTATE_ADMIN_KEY
      #   sync: false       # mark as secret, set in dashboard