Phase 5: Alembic baseline, per-site deploy, ADRs to docs/adr

Migration runner ready and a sister site can deploy from a clean checkout with one .env file. ADRs relocated (migrations/adr/ -> docs/adr/): - migrations/ is now Alembic territory, not docs. - All cross-references updated: CLAUDE.md, docs/PLUGIN-HOOKS.md, docs/PLUGIN-QUICKSTART.md. Alembic initialized (migrations/): - env.py, script.py.mako, alembic.ini copied from Flask-Migrate templates so `flask db migrate` and `flask db upgrade` work without a one-time `flask db init` (which would clash with the existing migrations/ directory). - Baseline migration generated via autogenerate, captures all 47 tables (core models + 6 plugins) as the upgrade target. Ready for per-site `flask db upgrade` from an empty schema. Deploy artifacts: - Dockerfile: python:3.12-slim base, gunicorn server, non-root user, healthcheck against /api/auth/login. Single image bundles all six plugins; sites enable via `flask plugin install <name>`. - docker-compose.yml: MySQL 8 + API container, healthcheck-gated startup, env-driven secrets that fail loud on missing values (`${SECRET_KEY:?}` form). - .env.example: full env-var inventory with comments. Calls out required vs optional. Matches what ProductionConfig.validate enforces. docs/DEPLOY.md: - Step-by-step per-site runbook: clone, configure .env, bring up stack, run migrations, seed reference data, install plugins, create admin, front with TLS, backups, updates. - Common-issues table. - Cross-links to ADR-004 (per-site rationale), ADR-003 (plugin distribution), and the config source. Skills: - migrating-asset-schema: Alembic + one-shot data migration policy. Rules: additive first, renames are three steps, destructive ops need rollback, equipment migration filter per ADR-001 + ADR-005. - hardening-flask-config: production validation, CORS allowlist policy, JWT cookie hardening, per-site deploy isolation per ADR-004. CLAUDE.md updated to reflect the post-Phase-5 state. No tests added this commit; the Alembic baseline is exercised by the existing db.create_all-based test suite (tests do not touch the migration runner; that's by design until per-plugin migrations land). Test count unchanged: 101 passing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-08 17:56:19 -04:00
parent 8eb9362452
commit d4e3ac9fc8
19 changed files with 1503 additions and 41 deletions
--- a/57
+++ b/57
@@ -0,0 +1,57 @@
+# shopdb-flask single-site container.
+#
+# One image, one site. Per ADR-004, each adopting facility runs its own
+# stack with its own DB, secrets, and enabled-plugin list. This image
+# bundles all six core plugins; install them at runtime with
+# `flask plugin install <name>`.
+#
+# Build:
+#   docker build -t shopdb-flask .
+# Run (with .env):
+#   docker run --env-file .env -p 5001:5001 shopdb-flask
+
+FROM python:3.12-slim AS base
+
+ENV PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONUNBUFFERED=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+WORKDIR /app
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        build-essential \
+        default-libmysqlclient-dev \
+        pkg-config \
+        curl \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY requirements.txt ./
+RUN pip install --no-cache-dir -r requirements.txt \
+    && pip install --no-cache-dir gunicorn
+
+COPY shopdb/ ./shopdb/
+COPY plugins/ ./plugins/
+COPY migrations/ ./migrations/
+COPY scripts/ ./scripts/
+COPY wsgi.py ./
+
+RUN useradd --create-home --shell /bin/bash shopdb \
+    && chown -R shopdb:shopdb /app
+USER shopdb
+
+EXPOSE 5001
+
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+    CMD curl --fail --silent http://localhost:5001/api/auth/login -X POST \
+        -H "Content-Type: application/json" -d '{}' \
+        | grep -q "VALIDATION_ERROR" || exit 1
+
+CMD ["gunicorn", \
+     "--bind", "0.0.0.0:5001", \
+     "--workers", "4", \
+     "--timeout", "60", \
+     "--access-logfile", "-", \
+     "--error-logfile", "-", \
+     "wsgi:app"]