51 lines
1.8 KiB
YAML
51 lines
1.8 KiB
YAML
# Render blueprint: web service (pulls the CI image — it ships the gitignored
|
|
# web UI bundle a source build can't) + managed Postgres + data disk.
|
|
# Defaults to built-in `accounts` auth (multi-user, no IdP). Full walkthrough:
|
|
# deploy/render/README.md.
|
|
|
|
services:
|
|
- type: web
|
|
name: omnigent
|
|
runtime: image
|
|
image:
|
|
url: ghcr.io/omnigent-ai/omnigent-server:latest
|
|
# While the package is private, add image.creds.fromRegistryCreds (a GHCR
|
|
# read:packages token registered in the Render dashboard). Drop once public.
|
|
plan: starter
|
|
healthCheckPath: /health
|
|
disk:
|
|
name: artifact-data
|
|
mountPath: /data
|
|
sizeGB: 10
|
|
envVars:
|
|
- key: DATABASE_URL
|
|
fromDatabase:
|
|
name: omnigent-db
|
|
property: connectionString
|
|
- key: ARTIFACT_DIR
|
|
value: /data/artifacts
|
|
# Keep the first-boot admin password on the disk across redeploys.
|
|
- key: OMNIGENT_ADMIN_CREDENTIALS_PATH
|
|
value: /data/admin-credentials
|
|
- key: HOST
|
|
value: 0.0.0.0
|
|
- key: OMNIGENT_AUTH_PROVIDER
|
|
value: accounts
|
|
- key: OMNIGENT_ACCOUNTS_AUTO_OPEN
|
|
value: "0"
|
|
# No COOKIE_SECRET or BASE_URL here: the entrypoint mints a hex cookie
|
|
# secret on the disk and auto-detects the public URL from RENDER_EXTERNAL_URL.
|
|
# (Render's generateValue isn't hex, which the server's bytes.fromhex rejects.)
|
|
# So this blueprint deploys with zero prompts — true 1-click.
|
|
#
|
|
# To use your own IdP instead of built-in accounts, set
|
|
# OMNIGENT_AUTH_PROVIDER=oidc and add the OMNIGENT_OIDC_* vars
|
|
# (including OMNIGENT_OIDC_COOKIE_SECRET = `openssl rand -hex 32`) in the
|
|
# Render dashboard. See deploy/render/README.md.
|
|
|
|
databases:
|
|
- name: omnigent-db
|
|
plan: basic-256mb
|
|
databaseName: omnigent
|
|
user: omnigent
|