feat(deployment): Basic docker-compose file

[brendan-kellam]

Adds a basic docker-compose file to simplify the local deployment story of Sourcebot. Also updates the deployment docs to use the docker-compose file.

Summary by CodeRabbit

• New Features

  • Added a Docker Compose service for running the app locally with a single command.
  • Exposes the web UI on port 3000, supports persistent storage, auto-restart, and configuration via environment variables.

• Documentation

  • Rewrote the deployment guide to a Docker Compose–based workflow with a step-by-step walkthrough.
  • Added a curl command to fetch the compose file and updated requirements.
  • Replaced docker run instructions with docker compose up -d.
  • Improved onboarding link and added references to configuration docs and support.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Adds a docker-compose service for running Sourcebot with persistent volume, host-mounted config, ports, environment variables, and restart policy. Updates the deployment guide to use Docker Compose instead of docker run, including steps to fetch the compose file and launch the service, plus links to configuration docs.

Changes

Cohort / File(s)	Summary of Changes
Container orchestration docker-compose.yml	Introduces a sourcebot service using ghcr.io/sourcebot-dev/sourcebot:latest, pull_policy: always, port 3000:3000, host config bind ./config.json:/data/config.json, named volume sourcebot_data:/data, extensive env vars, and restart: unless-stopped. Declares sourcebot_data volume.
Documentation docs/docs/deployment-guide.mdx	Rewrites deployment to a Docker Compose workflow: adds step to obtain the compose file, replaces docker run with docker compose up -d, updates requirements wording, adjusts onboarding link, removes old accordion details, and references env-vars configuration docs.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Developer
  participant DC as Docker Compose
  participant C as Sourcebot Container
  participant V as Named Volume (sourcebot_data)
  participant CFG as Host Config (./config.json)

  Dev->>DC: docker compose up -d
  DC->>C: Create & start container (image: ghcr.io/.../sourcebot:latest)
  Note over C: Env vars injected<br/>Port 3000 exposed
  DC-->>V: Attach /data volume
  DC-->>C: Bind ./config.json -> /data/config.json
  C->>CFG: Read configuration
  C->>V: Persist runtime data under /data
  C-->>Dev: Service listening on http://localhost:3000

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I stacked my dreams in YAML rows,
A burrow of services, up it goes!
Compose hums softly, ports align—
Configs nibble, volumes dine.
With a twitch and docker’s cheer,
Sourcebot hops to life right here.
Bun-believable, the app is near! 🐇🚀

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch bkellam/docker-compose-single

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

@brendan-kellam your pull request is missing a changelog!

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (9)

docker-compose.yml (5)

3-4: Avoid the “latest” tag; pin to a version or digest

latest makes builds non-reproducible and can break users unexpectedly. Pin to a semver tag (e.g., 0.15.2) or a digest; keep pull_policy if you want freshness.

-    image: ghcr.io/sourcebot-dev/sourcebot:latest
+    image: ghcr.io/sourcebot-dev/sourcebot:0.15.2

Alternatively:

-    image: ghcr.io/sourcebot-dev/sourcebot:latest
+    image: ghcr.io/sourcebot-dev/sourcebot@sha256:<digest>

---

11-57: Use env_file to keep secrets out of the compose and simplify overrides

Listing dozens of envs inline encourages committing secrets. Compose supports env_file: .env, which plays well with your defaults. Recommend adding env_file and trimming the inline list to only required keys with sane defaults.

   sourcebot:
+    env_file:
+      - .env

Docs should include a sample .env and .gitignore guidance. I can add that if you want.

---

48-49: If GOOGLE_APPLICATION_CREDENTIALS is set, mount the credentials file

Users setting GOOGLE_APPLICATION_CREDENTIALS will need to bind-mount the referenced path. Provide a commented example to prevent 404 path errors.

     volumes:
       - sourcebot_data:/data
       - ./config.json:/config/config.json
+      # Example: mount GCP service account JSON if using Vertex/GenAI
+      # - ./gcp-sa.json:/gcp/sa.json

And in env:

-      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS:-}
+      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS:-/gcp/sa.json}

Also applies to: 8-10

---

5-5: container_name can hinder scaling and “docker compose up --scale”

Not a blocker here, but consider dropping container_name for more flexibility in multi-replica or side-by-side runs.

---

58-58: Optional: add a basic healthcheck for better UX and orchestration

A healthcheck enables “healthy” status and plays nicely with depends_on conditions. If your app exposes one, wire it in.

   sourcebot:
@@
     restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "curl -fsS http://localhost:3000/health || exit 1"]
+      interval: 10s
+      timeout: 3s
+      retries: 10

If the health endpoint differs, please replace accordingly.

docs/docs/deployment-guide.mdx (4)

7-7: Capitalize “Docker Compose” consistently

Minor copy tweak for brand consistency.

-The following guide will walk you through the steps to deploy Sourcebot locally using [Docker compose](https://docs.docker.com/compose).
+The following guide will walk you through the steps to deploy Sourcebot locally using [Docker Compose](https://docs.docker.com/compose).

---

20-24: Pin the curl URL to a released tag/commit for reproducibility

Pulling docker-compose.yml from main can drift and break the walkthrough. Suggest pinning to a release tag (or commit SHA) and optionally mentioning how to grab “latest.”

-Download the [docker-compose.yml](https://github.com/sourcebot-dev/sourcebot/blob/main/docker-compose.yml) file from the Sourcebot repository.
+Download the [docker-compose.yml](https://github.com/sourcebot-dev/sourcebot/blob/v0.15.2/docker-compose.yml) file from the Sourcebot repository.
@@
-curl -o docker-compose.yml https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/docker-compose.yml
+curl -o docker-compose.yml https://raw.githubusercontent.com/sourcebot-dev/sourcebot/v0.15.2/docker-compose.yml
+# Or, to fetch the latest from main (may change without notice):
+# curl -o docker-compose.yml https://raw.githubusercontent.com/sourcebot-dev/sourcebot/main/docker-compose.yml

---

35-36: Confirm JSON-with-comments support or remove the inline comment

The sample uses // comments inside JSON. If config.json is strict JSON, this will break copying/pasting. If JSONC is supported, add a brief note and link to the parser support; otherwise, remove the comment from the sample.

-                // comments are supported 
+                // Comments are supported in config.json (JSONC). See the docs for details.

Or drop the line entirely if not supported.

Also applies to: 45-46

---

17-19: Add a .env step to manage secrets cleanly

Since the compose relies heavily on environment variables, add a step to create a .env file and reference security hygiene (.gitignore).

     <Step title="Requirements">
-        - docker & docker compose -> use [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Mac or Windows.
+        - docker & docker compose -> use [Docker Desktop](https://www.docker.com/products/docker-desktop/) on Mac or Windows.
+        - a text editor to create config.json and a .env file (don’t commit .env)
     </Step>
+    <Step title="Create a .env file (recommended)">
+        Create a `.env` file with your environment variables (database, redis, auth, provider keys). The compose will auto-load it.
+
+        ```bash wrap icon="terminal"
+        cat > .env << 'EOF'
+        AUTH_URL=http://localhost:3000
+        DATABASE_URL=postgresql://postgres:postgres@postgres:5432/sourcebot
+        REDIS_URL=redis://redis:6379
+        # OPENAI_API_KEY=...
+        EOF
+        ```
+    </Step>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ca9069e and a538453.

📒 Files selected for processing (2)

• docker-compose.yml (1 hunks)
• docs/docs/deployment-guide.mdx (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*

📄 CodeRabbit inference engine (.cursor/rules/style.mdc)

Filenames should always be camelCase. Exception: if there are filenames in the same directory with a format other than camelCase, use that format to keep things consistent.

Files:

• docker-compose.yml
• docs/docs/deployment-guide.mdx

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

docker-compose.yml (1)

60-62: LGTM on volume declaration

Named volume for app data is appropriate for local persistence.

docs/docs/deployment-guide.mdx (1)

67-67: Nice cross-link to env var docs

Good addition for discoverability.