feat: Add Docker support with environment configuration and cron maintenance ✨

docker/Dockerfile

@@ -0,0 +1,65 @@
+FROM almalinux:9.5-minimal
+
+ARG DEV_DEPENDENCIES="gcc python3-devel postgresql-devel mariadb-devel"
+
+# Install only the runtime packages we need, including cronie for cron support
+# tini is used as PID 1 to reap zombie processes spawned by crond and forward
+# signals correctly to gunicorn on `docker stop`.
+# tzdata is required so named timezones (e.g. Pacific/Auckland) are available
+# to crond when TZ is set at runtime.
+RUN microdnf install -y epel-release \
+    && microdnf install -y \
+         python3-pip \
+         libpq \
+         mariadb-connector-c \
+         cronie \
+         tini \
+         tzdata \
+    && microdnf clean all
+
+# Install build-time dependencies, build Python packages, then remove them
+RUN microdnf install -y ${DEV_DEPENDENCIES} \
+    && python3 -m pip install --no-cache-dir "ara[server,postgresql,mysql]" gunicorn \
+    && microdnf remove -y ${DEV_DEPENDENCIES} \
+    && microdnf clean all
+
+COPY docker/entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# ---------------------------------------------------------------------------
+# ARA server configuration – all values can be overridden at runtime via
+# environment variables (see https://ara.readthedocs.io/en/latest/api-configuration.html)
+# ---------------------------------------------------------------------------
+
+# Core
+ENV ARA_BASE_DIR=/opt/ara
+# ENV ARA_SECRET_KEY=changeme        # set a stable secret in production
+# ENV ARA_ALLOWED_HOSTS="['*']"      # restrict to your hostname(s)
+# ENV ARA_TIME_ZONE=UTC              # ARA display/storage timezone
+# ENV TZ=UTC                         # system/crond timezone — set to match ARA_TIME_ZONE
+
+# Database (defaults to sqlite inside ARA_BASE_DIR)
+# ENV ARA_DATABASE_ENGINE=django.db.backends.postgresql
+# ENV ARA_DATABASE_NAME=ara
+# ENV ARA_DATABASE_USER=ara
+# ENV ARA_DATABASE_PASSWORD=secret
+# ENV ARA_DATABASE_HOST=db
+# ENV ARA_DATABASE_PORT=5432
+
+# Security / auth
+# ENV ARA_READ_LOGIN_REQUIRED=false
+# ENV ARA_WRITE_LOGIN_REQUIRED=false
+
+# Server tuning
+# ENV ARA_PORT=8000
+# ENV ARA_GUNICORN_WORKERS=4
+# ENV ARA_PAGE_SIZE=100
+# ENV ARA_LOG_LEVEL=INFO
+
+# Maintenance / pruning
+# ENV ARA_PRUNE_DAYS=30              # delete playbooks older than N days
+# ENV ARA_PRUNE_CRON="0 2 * * *"    # cron schedule for pruning (default: daily 02:00)
+
+EXPOSE ${ARA_PORT:-8000}
+
+ENTRYPOINT ["/usr/bin/tini", "--", "/entrypoint.sh"]

docker/entrypoint.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -e
+
+# ---------------------------------------------------------------------------
+# Timezone — controls when crond fires, not just ARA display times.
+# Set TZ at runtime, e.g.: -e TZ=Pacific/Auckland
+# Defaults to UTC if not set.
+# ---------------------------------------------------------------------------
+TZ="${TZ:-UTC}"
+ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime
+echo "${TZ}" > /etc/timezone
+export TZ
+
+# ---------------------------------------------------------------------------
+# Configurable retention period (days) – override via environment variable
+# Default: 30 days
+# ---------------------------------------------------------------------------
+PRUNE_DAYS="${ARA_PRUNE_DAYS:-30}"
+
+# ---------------------------------------------------------------------------
+# Cron schedule for pruning – override via environment variable
+# Default: daily at 02:00
+# ---------------------------------------------------------------------------
+PRUNE_CRON="${ARA_PRUNE_CRON:-0 2 * * *}"
+
+# ---------------------------------------------------------------------------
+# Write the cron job
+# Uses `ara playbook prune` with the offline client so it talks directly
+# to the same database without needing a running HTTP server.
+# ARA_BASE_DIR is inherited from the container environment.
+# ---------------------------------------------------------------------------
+echo "${PRUNE_CRON} /usr/local/bin/ara playbook prune \
+  --client offline \
+  --days ${PRUNE_DAYS} \
+  --limit 9000 \
+  --confirm >> /proc/1/fd/1 2>&1" \
+  | crontab -
+
+# Start the cron daemon in the background
+crond -n &
+
+# ---------------------------------------------------------------------------
+# Run DB migrations then start gunicorn
+# ---------------------------------------------------------------------------
+/usr/local/bin/ara-manage migrate
+
+exec python3 -m gunicorn \
+  --workers="${ARA_GUNICORN_WORKERS:-4}" \
+  --access-logfile - \
+  --bind "[::]:${ARA_PORT:-8000}" \
+  --access-logformat '%({x-forwarded-for}i)s %l %u %t "%r" %s %b "%f" "%a"' \
+  ara.server.wsgi