feat: Docker image + compose + GHCR build/publish#12
Merged
Conversation
Containerize knowbase: a slim runtime image (no torch) for the kb CLI / MCP stdio server, an optional -embed image with CPU-torch for `kb embed` + search, a docker-compose for local dev/eval, and a CI workflow that build-validates on PRs and publishes to GHCR on master (edge) and tags (semver + latest). - Dockerfile: multi-stage uv build, ARG EXTRAS (slim vs --extra embed), non-root, OCI labels (AGPL). Keeps the source tree at /app with an editable install so kb.store.migrate's parents[3] resolution of migrations/ + db/*.sql works. - .dockerignore, docker-compose.yml (pgvector db + kb; documented migrate/index/ serve flow; host pytest can use the compose Postgres via KB_TEST_DB_URL). - .github/workflows/docker.yml: hadolint + [slim, embed] matrix, buildx/QEMU, metadata-action tags, push only off-PR, multi-arch amd64+arm64 for slim (embed amd64-only), gha cache. - feat(cli): `kb migrate` — apply the Alembic schema to head (--db-url / KB_DB_URL). - docs: README "Run with Docker" + GHCR badge; CHANGELOG. kb migrate verified end-to-end on an ephemeral Postgres; ruff + mypy --strict clean; 52 eval tests pass (+1 skipped). Docker build is validated by the PR's docker workflow (no local daemon here).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Containerizes knowbase: a slim runtime image (no torch) for the
kbCLI / MCP stdio server, an optional-embedimage (CPU-torch forkb embed+ search), a docker-compose for local dev/eval, and a CI workflow that build-validates on PRs and publishes to GHCR on master (edge) and tags (semver +latest).What
Dockerfile— multi-stage uv build,ARG EXTRAS(slim vs--extra embed), non-root user, OCI labels (incl.licenses=AGPL-3.0-or-later),ENTRYPOINT ["kb"]. Keeps the source tree at/appwith an editable install becausekb.store.migrateresolvesmigrations/+db/*.sqlviaPath(__file__).parents[3](the repo layout) — a bare wheel would breakkb migrate. The embed variant addslibgomp1(torch OpenMP); slim installs no apt packages..dockerignore,docker-compose.yml—pgvector/pgvector:pg17db+ akbservice; documentedmigrate→index→serveflow; hostpytestcan reuse the compose Postgres viaKB_TEST_DB_URL..github/workflows/docker.yml—hadolint+[slim, embed]matrix,setup-qemu/buildx,metadata-actiontagging, push only off-PR, multi-arch amd64+arm64 for slim (embed amd64-only), gha cache.kb migrate— applies the Alembic schema to head (--db-url/KB_DB_URL).Verification
kb migrateverified end-to-end against an ephemeral Postgres (schema applied); ruff +mypy --strictclean; 52 eval tests pass (+1 skipped); both new YAML files parse.docker.yml(no local Docker daemon in my env) — hadolint + building slim & embed (amd64, no push).Post-merge (manual, one-time)
GHCR creates the package private on first push. After the first master build publishes
:edge, set the package visibility to Public in GitHub → Packages → knowbase → settings (can't be done from the workflow). Releases (v*tags) then publish:X.Y.Z/:latest.