From f7f266b994a1b7d0e3b54e49e640be35b8078bf0 Mon Sep 17 00:00:00 2001
From: Astounds <kirito@disroot.org>
Date: Fri, 29 May 2026 21:28:22 -0500
Subject: Add hardened Docker support and multi-arch CI

Multi-stage Dockerfile (non-root, Tor-ready), compose file, and
entrypoints. Forgejo CI builds linux/amd64+arm64, scans with
checksum-verified Grype, and pins all actions to commit SHA.
Makefile gains venv bootstrap and docker targets; server.py gains
a --bind flag.
---
 docker-compose.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 docker-compose.yml

(limited to 'docker-compose.yml')

diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..6b28926
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,20 @@
+services:
+  yt-local:
+    build: .
+    container_name: yt-local
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:9010:9010"
+    volumes:
+      - yt-local-data:/home/appuser/.yt-local
+    environment:
+      - ENABLE_TOR=0
+    healthcheck:
+      test: ["CMD", "python", "-c", "import urllib.request; urllib.request.urlopen('http://127.0.0.1:9010')"]
+      interval: 30s
+      timeout: 5s
+      start_period: 10s
+      retries: 3
+
+volumes:
+  yt-local-data:
-- 
cgit v1.2.3