feat(docker): Add DEV_MODE flag for exposing service ports #5499
+51
−3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add single DEV_MODE environment variable to control port exposure - When DEV_MODE=true, exposes ports for api_server, postgres, vespa, redis, and minio - Update external dependency unit test workflow to use DEV_MODE=true - Simplifies switching between production (no exposed ports) and dev/test configurations 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
justin-tahara
approved these changes
Sep 25, 2025
| # use different ports to avoid conflicts with model servers | ||
| ports: | ||
| - "9004:9000" | ||
| - "9005:9001" No newline at end of file |
There was a problem hiding this comment.
Maybe we add a newline here
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Summary
This PR introduces a Docker Compose override pattern to selectively expose service ports for development and testing while keeping them secure by default in production. The implementation creates a new docker-compose.dev.yml override file that exposes ports for API server (8080), PostgreSQL (5432), Vespa (19071, 8081), Redis (6379), and MinIO (9004, 9005).
Key Changes:
- Added
docker-compose.dev.ymloverride file with port mappings for all core services - Updated external dependency unit test workflow to use the dev override
- Added comprehensive documentation in the main compose file explaining both usage methods
Benefits:
- Security by default: Production deployments have no exposed ports unless explicitly configured
- Developer convenience: Simple command to enable port access for local development
- CI/CD compatibility: External dependency tests can now access services on exposed ports
Architecture: Uses Docker Compose's file composition feature rather than environment variables, providing a cleaner separation between production and development configurations.
Confidence Score: 4/5
- This PR is safe to merge with minimal risk as it only adds optional development configuration
- Score reflects well-implemented Docker Compose override pattern with good documentation, though the PR description inaccurately mentions DEV_MODE environment variable usage
- No files require special attention - changes are straightforward and well-documented
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| .github/workflows/pr-external-dependency-unit-tests.yml | 4/5 | Updated CI workflow to use docker-compose.dev.yml for exposing service ports during testing, though PR description is misleading about DEV_MODE variable usage |
| deployment/docker_compose/docker-compose.dev.yml | 5/5 | New override file for development/testing that exposes service ports, with clear documentation and proper port mappings |
| deployment/docker_compose/docker-compose.yml | 5/5 | Added clear documentation comments explaining how to expose ports for development while keeping them secure by default |
Sequence Diagram
sequenceDiagram
participant Dev as Developer/CI
participant DC as Docker Compose
participant DCD as docker-compose.dev.yml
participant Services as Onyx Services
participant Host as Host Machine
Note over Dev: Development/Testing Mode
Dev->>DC: docker compose -f docker-compose.yml -f docker-compose.dev.yml up -d
DC->>DCD: Load port overrides from dev file
DCD-->>DC: Port mappings: 8080, 5432, 19071, 8081, 6379, 9004, 9005
DC->>Services: Start services with exposed ports
Services->>Host: Bind to host ports for external access
Note over Dev: Production Mode
Dev->>DC: docker compose -f docker-compose.yml up -d
DC->>Services: Start services without exposed ports
Note over Services,Host: No external port access (secure)
3 files reviewed, 2 comments
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🤖 Generated with Claude Code
Description
[Provide a brief description of the changes in this PR]
How Has This Been Tested?
[Describe the tests you ran to verify your changes]
Additional Options
Summary by cubic
Add a DEV_MODE flag to docker-compose to expose service ports for local dev/tests while keeping them closed by default. CI external dependency tests now run with DEV_MODE=true.