update with latest build versions, includes custom build for postgres and migrating from v16 to v18

build/bookwyrm/README.md

@@ -43,7 +43,7 @@ build/bookwyrm/
 
 ### **Prerequisites**
 - Docker with ARM64 support
-- Access to Harbor registry (`<YOUR_REGISTRY_URL>`)
+- Access to Harbor registry (`registry.keyboardvagabond.com`)
 - Active Harbor login session
 
 ### **Build All Containers**
@@ -76,12 +76,12 @@ cd ..
 
 # Build web container
 cd bookwyrm-web  
-docker build --platform linux/arm64 -t <YOUR_REGISTRY_URL>/library/bookwyrm-web:latest .
+docker build --platform linux/arm64 -t registry.keyboardvagabond.com/library/bookwyrm-web:latest .
 cd ..
 
 # Build worker container
 cd bookwyrm-worker
-docker build --platform linux/arm64 -t <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest .
+docker build --platform linux/arm64 -t registry.keyboardvagabond.com/library/bookwyrm-worker:latest .
 ```
 
 ## 🎯 **Container Specifications**
@@ -139,32 +139,32 @@ DB_HOST=postgresql-shared-rw.postgresql-system.svc.cluster.local
 DB_PORT=5432
 DB_NAME=bookwyrm
 DB_USER=bookwyrm_user
-DB_PASSWORD=<REPLACE_WITH_ACTUAL_PASSWORD>
+DB_PASSWORD=<password>
 
 # Redis Configuration  
-REDIS_BROKER_URL=redis://:<REPLACE_WITH_REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3
-REDIS_ACTIVITY_URL=redis://:<REPLACE_WITH_REDIS_PASSWORD>@redis-ha-haproxy.redis-system.svc.cluster.local:6379/4
+REDIS_BROKER_URL=redis://:password@redis-ha-haproxy.redis-system.svc.cluster.local:6379/3
+REDIS_ACTIVITY_URL=redis://:password@redis-ha-haproxy.redis-system.svc.cluster.local:6379/4
 
 # Application Settings
-SECRET_KEY=<REPLACE_WITH_DJANGO_SECRET_KEY>
+SECRET_KEY=<django-secret-key>
 DEBUG=false
 USE_HTTPS=true
 DOMAIN=bookwyrm.keyboardvagabond.com
 
 # S3 Storage
 USE_S3=true
-AWS_ACCESS_KEY_ID=<REPLACE_WITH_S3_ACCESS_KEY>
-AWS_SECRET_ACCESS_KEY=<REPLACE_WITH_S3_SECRET_KEY>
+AWS_ACCESS_KEY_ID=<key>
+AWS_SECRET_ACCESS_KEY=<secret>
 AWS_STORAGE_BUCKET_NAME=bookwyrm-bucket
 AWS_S3_REGION_NAME=eu-central-003
-AWS_S3_ENDPOINT_URL=<REPLACE_WITH_S3_ENDPOINT>
+AWS_S3_ENDPOINT_URL=https://s3.eu-central-003.backblazeb2.com
 AWS_S3_CUSTOM_DOMAIN=https://bm.keyboardvagabond.com
 
 # Email Configuration
-EMAIL_HOST=<YOUR_SMTP_SERVER>
+EMAIL_HOST=smtp.eu.mailgun.org
 EMAIL_PORT=587
 EMAIL_HOST_USER=bookwyrm@mail.keyboardvagabond.com
-EMAIL_HOST_PASSWORD=<REPLACE_WITH_EMAIL_PASSWORD>
+EMAIL_HOST_PASSWORD=<password>
 EMAIL_USE_TLS=true
 ```
 

build/bookwyrm/bookwyrm-base/Dockerfile

@@ -5,6 +5,11 @@
 # Build stage - Install dependencies and prepare optimized source
 FROM python:3.11-slim AS builder
 
+LABEL org.opencontainers.image.title="BookWyrm Base" \
+      org.opencontainers.image.description="Shared base image for BookWyrm social reading platform" \
+      org.opencontainers.image.source="https://github.com/bookwyrm-social/bookwyrm" \
+      org.opencontainers.image.vendor="Keyboard Vagabond"
+
 # Install build dependencies in a single layer
 RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
@@ -32,11 +37,11 @@ RUN python3 -m venv /opt/venv \
 
 # Remove unnecessary files from source to reduce image size
 # Note: .dockerignore will exclude __pycache__, *.pyc, etc. automatically
+# Note: Keep /app/locale for i18n support (translations)
 RUN rm -rf \
     /app/.github \
     /app/docker \
     /app/nginx \
-    /app/locale \
     /app/bw-dev \
     /app/bookwyrm/tests \
     /app/bookwyrm/test* \
@@ -60,9 +65,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     libpq5 \
     curl \
     gettext \
-    && rm -rf /var/lib/apt/lists/* \
+    && apt-get autoremove -y \
     && apt-get clean \
-    && apt-get autoremove -y
+    && rm -rf /var/lib/apt/lists/*
 
 # Create bookwyrm user for security
 RUN useradd --create-home --shell /bin/bash --uid 1000 bookwyrm

build/bookwyrm/bookwyrm-web/Dockerfile

@@ -3,6 +3,9 @@
 
 FROM bookwyrm-base AS bookwyrm-web
 
+LABEL org.opencontainers.image.title="BookWyrm Web" \
+      org.opencontainers.image.description="BookWyrm web server with Nginx and Gunicorn"
+
 # Switch to root for system package installation
 USER root
 
@@ -10,12 +13,12 @@ USER root
 RUN apt-get update && apt-get install -y --no-install-recommends \
     nginx-light \
     supervisor \
-    && rm -rf /var/lib/apt/lists/* \
+    && apt-get autoremove -y \
     && apt-get clean \
-    && apt-get autoremove -y
+    && rm -rf /var/lib/apt/lists/*
 
-# Install Gunicorn in virtual environment
-RUN /opt/venv/bin/pip install --no-cache-dir gunicorn
+# Install Gunicorn in virtual environment (pinned for reproducible builds)
+RUN /opt/venv/bin/pip install --no-cache-dir 'gunicorn>=23.0.0,<24.0.0'
 
 # Copy configuration files
 COPY nginx.conf /etc/nginx/nginx.conf
@@ -43,8 +46,5 @@ EXPOSE 80
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
     CMD curl -f http://localhost:80/health/ || curl -f http://localhost:80/ || exit 1
 
-# Run as root to manage nginx and gunicorn via supervisor
-USER root
-
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

build/bookwyrm/bookwyrm-web/nginx.conf

@@ -77,6 +77,12 @@ http {
             add_header Content-Type text/plain;
         }
 
+        # Static files served via S3/CDN (bm.keyboardvagabond.com)
+        # No local static file serving needed when USE_S3=true
+        
+        # Images also served via S3/CDN  
+        # No local image serving needed when USE_S3=true
+
         # ActivityPub and federation endpoints
         location ~ ^/(inbox|user/.*/inbox|api|\.well-known) {
             proxy_pass http://127.0.0.1:8000;

build/bookwyrm/bookwyrm-worker/Dockerfile

@@ -3,18 +3,21 @@
 
 FROM bookwyrm-base AS bookwyrm-worker
 
+LABEL org.opencontainers.image.title="BookWyrm Worker" \
+      org.opencontainers.image.description="BookWyrm Celery background task processor"
+
 # Switch to root for system package installation
 USER root
 
 # Install only supervisor for worker management
 RUN apt-get update && apt-get install -y --no-install-recommends \
     supervisor \
-    && rm -rf /var/lib/apt/lists/* \
+    && apt-get autoremove -y \
     && apt-get clean \
-    && apt-get autoremove -y
+    && rm -rf /var/lib/apt/lists/*
 
-# Install Celery in virtual environment
-RUN /opt/venv/bin/pip install --no-cache-dir celery[redis]
+# Install Celery in virtual environment (pinned for reproducible builds)
+RUN /opt/venv/bin/pip install --no-cache-dir 'celery[redis]>=5.6.0,<6.0.0'
 
 # Copy worker-specific configuration
 COPY supervisord-worker.conf /etc/supervisor/conf.d/supervisord.conf
@@ -22,16 +25,11 @@ COPY entrypoint-worker.sh /entrypoint.sh
 
 # Set permissions efficiently
 RUN chmod +x /entrypoint.sh \
-    && mkdir -p /var/log/supervisor /var/log/celery \
-    && chown -R bookwyrm:bookwyrm /var/log/celery \
     && chown -R bookwyrm:bookwyrm /app
 
 # Health check for worker
 HEALTHCHECK --interval=60s --timeout=10s --start-period=60s --retries=3 \
     CMD /opt/venv/bin/celery -A celerywyrm inspect ping -d celery@$HOSTNAME || exit 1
 
-# Run as root to manage celery via supervisor
-USER root
-
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]

build/bookwyrm/build.sh

@@ -54,7 +54,7 @@ cd ..
 echo ""
 echo "Step 2/3: Building optimized web container..."
 cd bookwyrm-web
-if docker build --platform linux/arm64 -t <YOUR_REGISTRY_URL>/library/bookwyrm-web:latest .; then
+if docker build --platform linux/arm64 -t registry.keyboardvagabond.com/library/bookwyrm-web:latest .; then
     print_status "Web container built successfully!"
 else
     print_error "Failed to build web container"
@@ -66,7 +66,7 @@ cd ..
 echo ""
 echo "Step 3/3: Building optimized worker container..."
 cd bookwyrm-worker
-if docker build --platform linux/arm64 -t <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest .; then
+if docker build --platform linux/arm64 -t registry.keyboardvagabond.com/library/bookwyrm-worker:latest .; then
     print_status "Worker container built successfully!"
 else
     print_error "Failed to build worker container"
@@ -84,8 +84,8 @@ docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" | grep -E "(
 
 echo ""
 echo "Built containers:"
-echo "  • <YOUR_REGISTRY_URL>/library/bookwyrm-web:latest"
-echo "  • <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest"
+echo "  • registry.keyboardvagabond.com/library/bookwyrm-web:latest"
+echo "  • registry.keyboardvagabond.com/library/bookwyrm-worker:latest"
 
 # Ask if user wants to push
 echo ""
@@ -96,13 +96,13 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     echo "🚀 Pushing containers to registry..."
     
     # Login check
-    if ! docker info 2>/dev/null | grep -q "<YOUR_REGISTRY_URL>"; then
+    if ! docker info 2>/dev/null | grep -q "registry.keyboardvagabond.com"; then
         print_warning "You may need to login to Harbor registry first:"
         echo ""
     fi
     
     echo "Pushing web container..."
-    if docker push <YOUR_REGISTRY_URL>/library/bookwyrm-web:latest; then
+    if docker push registry.keyboardvagabond.com/library/bookwyrm-web:latest; then
         print_status "Web container pushed successfully!"
     else
         print_error "Failed to push web container"
@@ -110,7 +110,7 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     
     echo ""
     echo "Pushing worker container..."
-    if docker push <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest; then
+    if docker push registry.keyboardvagabond.com/library/bookwyrm-worker:latest; then
         print_status "Worker container pushed successfully!"
     else
         print_error "Failed to push worker container"
@@ -120,6 +120,6 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then
     print_status "All containers pushed to Harbor registry!"
 else
     echo "Skipping push. You can push later with:"
-    echo "  docker push <YOUR_REGISTRY_URL>/library/bookwyrm-web:latest"
-    echo "  docker push <YOUR_REGISTRY_URL>/library/bookwyrm-worker:latest"
+    echo "  docker push registry.keyboardvagabond.com/library/bookwyrm-web:latest"
+    echo "  docker push registry.keyboardvagabond.com/library/bookwyrm-worker:latest"
 fi