Skip to content

docker: polish Docker-first install experience#226

Draft
TheZupZup wants to merge 1 commit into
mainfrom
claude/nova-docker-install-docs-qa9izb
Draft

docker: polish Docker-first install experience#226
TheZupZup wants to merge 1 commit into
mainfrom
claude/nova-docker-install-docs-qa9izb

Conversation

@TheZupZup

Copy link
Copy Markdown
Owner

Goal

Follow-up to #224. That PR made the Docker stack zero-setup; this one makes Nova feel like a polished Docker-first product for real users — especially Docker Desktop users — without making it Docker-only. Docker (prebuilt GHCR image) becomes the official/recommended user install path; build-from-source Compose and the local Python setup remain the contributor/developer paths, fully documented.

Docs, diagnostics, and build-context hygiene only — the app itself is untouched.

Changes

INSTALL.md (new, root) — short user-facing install guide:

  • Path A (recommended): prebuilt ghcr.io/thezupzup/nova via docker-compose.ghcr.yml, no clone/build.
  • Path B (contributors): git clone + docker compose up -d, with pointers to the dev overlay and the local Python setup in the README.
  • What lives where: nova-data (database incl. memory/conversations/settings, logs, exports, memory packs, backups, session key) and ollama-models (downloaded models); explicit warning that docker compose down -v deletes both.
  • Update commands for both paths; default admin / changeme login and how to change it.

docs/docker-desktop.md (new) — Docker Desktop guide built around one rule: use Docker Compose to create the stack, then use Docker Desktop to monitor/manage it. Explains why clicking Run on the image is not the supported setup (skips the bundled Ollama service, uses an anonymous volume instead of the named ones, may not publish the right ports, creates one container instead of the Compose stack); shows what a healthy stack looks like (containers nova/nova-ollama, images ghcr.io/thezupzup/nova or nova:local + ollama/ollama, volumes nova-data/ollama-models, the Uvicorn running on http://0.0.0.0:8000 log line); Linux sign-in fallback (docker login, docker login ghcr.io); safe reset (down + up -d) vs destructive reset (down -v).

scripts/docker-doctor.sh (new) — strictly read-only POSIX diagnostic. Checks: docker CLI, daemon reachability, compose v2 plugin, compose files exist and render via docker compose config, Nova containers, nova-data/ollama-models volumes (warns they're created on first start, matching the project-name prefix), published ports / port-8000 hint, optional .env. Stack selectable via NOVA_COMPOSE_FILES=docker-compose.ghcr.yml:docker-compose.watchtower.yml. Never mutates anything; ends with the down -v data-loss warning. CDPATH-safe path resolution.

.dockerignore (hardened) — mirrors .gitignore's *.env catch-all so untracked secret files (e.g. prod.env) can't be baked in by COPY . .; uses **/ prefixes where depth matters (dockerignore globs are root-anchored, unlike gitignore); excludes node_modules/, build/, dist/, coverage/caches, local exports//backups//memory-packs/ dirs, archives (*.tar.gz etc.), *.gguf models, and docker-compose*.yml metadata. CHANGELOG.md deliberately stays in the imagecore/data_export.py and core/memory_pack.py read it at runtime for version stamping. Verified nothing the Dockerfile's COPY needs is dropped (incl. docker/entrypoint.sh).

Credential-docs correction (INSTALL.md, docs/docker.md, README Docker section) — the previous wording implied editing .env later changes the login. It doesn't: NOVA_USERNAME/NOVA_PASSWORD seed the account on the very first start only (core/users.py seeds only into an empty users table; /login checks the bcrypt hash in the DB with no env fallback). Docs now say: set .env before the first up, or use the in-app admin Users → reset password on a running install.

tests/test_docker_install_docs.py (new) — plain-text contract tests in the style of tests/test_docker_stack.py: both install paths and volume documentation present, down -v warnings, doctor script is executable/POSIX/read-only/CDPATH-safe, .dockerignore keeps secrets out without excluding anything the image needs.

Plus small cross-links: README's "Running locally" intro points users at INSTALL.md (contributor path stays), and docs/docker.md links the Desktop guide and the doctor script.

What it does not change

Validation

  • docker compose -f docker-compose.yml config, -f docker-compose.ghcr.yml config, -f docker-compose.ghcr.yml -f docker-compose.watchtower.yml config, and -f docker-compose.yml -f docker-compose.dev.yml config all render cleanly. No Docker daemon is available in the CI sandbox, so this is daemon-less (client-side) validation only; the stack was not booted here.
  • scripts/docker-doctor.sh exercised end-to-end: default run, NOVA_COMPOSE_FILES selection, missing-file case, run from a foreign cwd, and under CDPATH=. (a case that initially produced a false failure and was fixed); syntax-checked with sh -n and dash -n.
  • pytest tests/test_docker_install_docs.py tests/test_docker_stack.py68 passed.
  • .dockerignore semantics verified against Docker's actual matcher (empirical COPY . . build of a synthetic context with root-level and nested files), confirming secrets/junk are dropped and all image-needed paths survive.
  • An adversarial multi-agent review of the diff surfaced and fixed 7 defects pre-merge, including the first-start-only credential-seeding doc error and the compose project-name volume-prefix caveat.

🤖 Generated with Claude Code

https://claude.ai/code/session_014MypQiQJQey5NpWKAkogpr


Generated by Claude Code

Docs, diagnostics, and build-context hygiene only — no change to app
runtime behavior, the Dockerfile, or the compose semantics from #224.

- Add INSTALL.md: short user-facing install guide. Prebuilt GHCR image
  is the recommended user path, build-from-source stays the
  contributor path (local Python setup remains in the README). Covers
  the nova-data / ollama-models volumes, the `down -v` data-loss
  warning, update commands for both paths, and the admin/changeme
  default login.
- Add docs/docker-desktop.md: guide for Docker Desktop users — create
  the stack with Compose, monitor/manage it in Docker Desktop; why
  clicking "Run" on the image is not the supported setup; what a
  healthy stack looks like (containers, images, volumes, logs); the
  Linux sign-in fallback (docker login / docker login ghcr.io); safe
  vs destructive reset.
- Add scripts/docker-doctor.sh: strictly read-only POSIX diagnostic
  (CLI, daemon, compose plugin, compose-file render, containers,
  volumes, published ports), with NOVA_COMPOSE_FILES to select the
  stack; CDPATH-safe path resolution.
- Harden .dockerignore: mirror .gitignore's *.env catch-all, use **/
  prefixes so nested secrets/junk are excluded (dockerignore globs are
  root-anchored), exclude node_modules/build/dist/caches/archives/
  models and compose metadata. CHANGELOG.md deliberately stays in the
  image (read at runtime for version stamping).
- Correct the credential docs (INSTALL.md, docs/docker.md, README):
  NOVA_USERNAME/NOVA_PASSWORD seed the account on the very first start
  only; on a running install the password is changed from the admin
  Users panel, not by editing .env.
- Add tests/test_docker_install_docs.py: plain-text contract tests in
  the style of test_docker_stack.py pinning all of the above.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_014MypQiQJQey5NpWKAkogpr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants