for deploy

This commit is contained in:
k
2026-04-21 19:41:11 +08:00
parent 3268080401
commit 3056635a5c
5 changed files with 115 additions and 14 deletions
+14
View File
@@ -0,0 +1,14 @@
venv/
__pycache__/
*.pyc
*.pyo
.env
*.db
*.db-shm
*.db-wal
.git/
.gitignore
*.md
test_*.py
simulate_trades.py
scripts/
+19 -14
View File
@@ -1,23 +1,28 @@
# Database # ── Database ─────────────────────────────────────────────────────────────────
DATABASE_URL=sqlite+aiosqlite:///./trumpsignal.db # For Docker Compose — only POSTGRES_PASSWORD needs to be set;
# For Postgres in production: # DATABASE_URL is built automatically by docker-compose.yml.
# DATABASE_URL=postgresql+asyncpg://user:password@host:5432/trumpsignal # For local dev without Docker, set DATABASE_URL directly:
# DATABASE_URL=sqlite+aiosqlite:///./trumpsignal.db
POSTGRES_PASSWORD=change_me_in_production
# Frontend origin for CORS # ── CORS / Frontend ──────────────────────────────────────────────────────────
FRONTEND_URL=http://localhost:3001 # Your frontend origin — no trailing slash
FRONTEND_URL=https://yourdomain.com
# AI provider (OpenAI-compatible). Default below is gptsapi.net relay for Claude. # ── Encryption ───────────────────────────────────────────────────────────────
# KEK for envelope-encrypting HL API keys in DB.
# Generate: openssl rand -hex 32
# WARNING: rotating this invalidates all stored keys.
ENCRYPTION_KEY=
# ── AI provider ──────────────────────────────────────────────────────────────
AI_API_KEY= AI_API_KEY=
AI_BASE_URL=https://api.gptsapi.net/v1 AI_BASE_URL=https://api.gptsapi.net/v1
AI_MODEL=claude-sonnet-4-6 AI_MODEL=claude-sonnet-4-6
# Hyperliquid — leverage & network only. Per-user API keys are stored in DB. # ── Hyperliquid ──────────────────────────────────────────────────────────────
HL_LEVERAGE=3
HL_MAINNET=true HL_MAINNET=true
# ── Runtime ──────────────────────────────────────────────────────────────────
# development | production # development | production
ENVIRONMENT=development ENVIRONMENT=production
# KEK for envelope-encrypting HL API keys in the DB.
# Generate: `openssl rand -hex 32`. ROTATING THIS INVALIDATES ALL STORED KEYS.
ENCRYPTION_KEY=
+27
View File
@@ -0,0 +1,27 @@
FROM python:3.11-slim
# System deps
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc libpq-dev curl \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
# Install Python deps first (layer cache)
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# App source
COPY . .
# Make entrypoint executable
RUN chmod +x entrypoint.sh
# Non-root user for security
RUN useradd -m appuser && chown -R appuser /app
USER appuser
EXPOSE 8000
# Runs: alembic upgrade head → uvicorn
ENTRYPOINT ["./entrypoint.sh"]
+47
View File
@@ -0,0 +1,47 @@
services:
db:
image: postgres:16-alpine
restart: unless-stopped
environment:
POSTGRES_DB: trumpsignal
POSTGRES_USER: trumpsignal
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U trumpsignal"]
interval: 5s
timeout: 5s
retries: 10
api:
build: .
restart: unless-stopped
depends_on:
db:
condition: service_healthy
ports:
- "8000:8000"
environment:
DATABASE_URL: postgresql+asyncpg://trumpsignal:${POSTGRES_PASSWORD}@db:5432/trumpsignal
FRONTEND_URL: ${FRONTEND_URL}
ENCRYPTION_KEY: ${ENCRYPTION_KEY}
AI_API_KEY: ${AI_API_KEY}
AI_BASE_URL: ${AI_BASE_URL:-https://api.gptsapi.net/v1}
AI_MODEL: ${AI_MODEL:-claude-sonnet-4-6}
HL_MAINNET: ${HL_MAINNET:-true}
ENVIRONMENT: ${ENVIRONMENT:-production}
volumes:
# Persist SQLite only if you're still using it (dev fallback).
# In production with Postgres this volume isn't needed.
- api_data:/app/data
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/api/health"]
interval: 15s
timeout: 5s
retries: 5
volumes:
postgres_data:
api_data:
+8
View File
@@ -0,0 +1,8 @@
#!/bin/sh
set -e
echo "[entrypoint] Running Alembic migrations..."
alembic upgrade head
echo "[entrypoint] Starting API server..."
exec uvicorn app.main:app --host 0.0.0.0 --port 8000