# yaml-language-server: $schema=https://schema.zeabur.app/template.json
apiVersion: zeabur.com/v1
kind: Template
metadata:
    name: SkillHub
spec:
    description: Enterprise-grade self-hosted skill registry for publishing, discovery, governance, and installation of reusable agent skills.
    coverImage: https://raw.githubusercontent.com/iflytek/skillhub/main/docs/skillhub/public/diagrams/cover.png
    icon: https://raw.githubusercontent.com/iflytek/skillhub/main/skillhub-logo.svg
    variables:
        - key: PUBLIC_DOMAIN
          type: DOMAIN
          name: Public Domain
          description: Public domain for the SkillHub web interface.
        - key: POSTGRES_PASSWORD
          type: STRING
          name: PostgreSQL Password
          description: Password for the bundled PostgreSQL database.
        - key: BOOTSTRAP_ADMIN_PASSWORD
          type: STRING
          name: Bootstrap Admin Password
          description: Initial password for the built-in SkillHub admin account.
        - key: DOWNLOAD_SECRET
          type: STRING
          name: Download Cookie Secret
          description: Random secret used to sign anonymous download cookies.
    tags:
        - AI
        - Registry
        - Developer
        - Tool
    readme: |
        # SkillHub

        SkillHub is an enterprise-grade, self-hosted registry for publishing, searching,
        reviewing, and installing reusable agent skills across teams.

        ## Included Services

        - `web`: public SkillHub web interface
        - `server`: backend API and auth flows
        - `skill-scanner`: security scanning service
        - `postgres`: metadata database
        - `redis`: session and cache store

        ## Deployment Notes

        1. Bind `PUBLIC_DOMAIN` to the `web` service.
        2. After deployment, open `https://<PUBLIC_DOMAIN>`.
        3. Sign in with the bootstrap account:
           - username: `admin`
           - password: the value you set for `BOOTSTRAP_ADMIN_PASSWORD`
        4. For quickstart, direct auth is enabled by default.
        5. Storage defaults to local filesystem for zero-config startup.

        ## Recommended Follow-up

        - Rotate the bootstrap admin password after first login.
        - Configure GitHub / GitLab / OIDC OAuth before exposing the instance to other users.
        - Configure SMTP if you need password reset emails.
        - Switch storage to S3 / MinIO for production-grade object storage.

        ## Source

        - Repository: https://github.com/iflytek/skillhub
        - Docs: https://iflytek.github.io/skillhub/
    resourceRequirement:
        minConfig:
            cpu: 2
            ram: 4
        recommendedConfig:
            cpu: 4
            ram: 8
    services:
        - name: postgres
          icon: https://raw.githubusercontent.com/zeabur/service-icons/main/marketplace/postgresql.svg
          template: PREBUILT_V2
          spec:
            id: postgres
            source:
                image: postgres:16-alpine
            ports:
                - id: database
                  port: 5432
                  type: TCP
            volumes:
                - id: data
                  dir: /var/lib/postgresql/data
            env:
                PGDATA:
                    default: /var/lib/postgresql/data/pgdata
                POSTGRES_DB:
                    default: skillhub
                    expose: true
                POSTGRES_PASSWORD:
                    default: ${POSTGRES_PASSWORD}
                    expose: true
                POSTGRES_USER:
                    default: skillhub
                    expose: true
        - name: redis
          icon: https://raw.githubusercontent.com/zeabur/service-icons/main/marketplace/redis.svg
          template: PREBUILT_V2
          spec:
            id: redis
            source:
                image: redis:7-alpine
                command:
                    - redis-server
                    - --appendonly
                    - "yes"
            ports:
                - id: database
                  port: 6379
                  type: TCP
            volumes:
                - id: data
                  dir: /data
        - name: skill-scanner
          icon: https://raw.githubusercontent.com/iflytek/skillhub/main/skillhub-logo.svg
          template: PREBUILT_V2
          spec:
            id: skill-scanner
            source:
                image: ghcr.io/iflytek/skillhub-scanner:latest
            ports:
                - id: web
                  port: 8000
                  type: HTTP
            env:
                SKILL_SCANNER_LLM_API_KEY:
                    default: ""
                SKILL_SCANNER_LLM_BASE_URL:
                    default: ""
                SKILL_SCANNER_LLM_MODEL:
                    default: ""
        - name: server
          icon: https://raw.githubusercontent.com/iflytek/skillhub/main/skillhub-logo.svg
          template: PREBUILT_V2
          spec:
            id: server
            source:
                image: ghcr.io/iflytek/skillhub-server:latest
            ports:
                - id: web
                  port: 8080
                  type: HTTP
            volumes:
                - id: storage
                  dir: /var/lib/skillhub/storage
            env:
                BOOTSTRAP_ADMIN_DISPLAY_NAME:
                    default: Platform Admin
                BOOTSTRAP_ADMIN_EMAIL:
                    default: admin@example.com
                BOOTSTRAP_ADMIN_ENABLED:
                    default: "true"
                BOOTSTRAP_ADMIN_PASSWORD:
                    default: ${BOOTSTRAP_ADMIN_PASSWORD}
                    expose: true
                BOOTSTRAP_ADMIN_USER_ID:
                    default: docker-admin
                BOOTSTRAP_ADMIN_USERNAME:
                    default: admin
                    expose: true
                DEVICE_AUTH_VERIFICATION_URI:
                    default: https://${PUBLIC_DOMAIN}/device
                OAUTH2_GITHUB_CLIENT_ID:
                    default: ""
                OAUTH2_GITHUB_CLIENT_SECRET:
                    default: ""
                OAUTH2_GITLAB_BASE_URI:
                    default: https://gitlab.com
                OAUTH2_GITLAB_CLIENT_ID:
                    default: ""
                OAUTH2_GITLAB_CLIENT_SECRET:
                    default: ""
                OAUTH2_GITLAB_DISPLAY_NAME:
                    default: GitLab
                REDIS_HOST:
                    default: redis.zeabur.internal
                REDIS_PORT:
                    default: "6379"
                SESSION_COOKIE_SECURE:
                    default: "true"
                SKILLHUB_AUTH_DIRECT_ENABLED:
                    default: "true"
                SKILLHUB_AUTH_PASSWORD_RESET_CODE_EXPIRY:
                    default: PT10M
                SKILLHUB_AUTH_PASSWORD_RESET_FROM_ADDRESS:
                    default: noreply@example.com
                SKILLHUB_AUTH_PASSWORD_RESET_FROM_NAME:
                    default: SkillHub
                SKILLHUB_DOWNLOAD_ANON_COOKIE_SECRET:
                    default: ${DOWNLOAD_SECRET}
                SKILLHUB_PUBLIC_BASE_URL:
                    default: https://${PUBLIC_DOMAIN}
                SKILLHUB_SECURITY_SCANNER_ENABLED:
                    default: "true"
                SKILLHUB_SECURITY_SCANNER_MODE:
                    default: upload
                SKILLHUB_SECURITY_SCANNER_URL:
                    default: http://skill-scanner.zeabur.internal:8000
                SKILLHUB_STORAGE_PROVIDER:
                    default: local
                SPRING_DATASOURCE_PASSWORD:
                    default: ${POSTGRES_PASSWORD}
                SPRING_DATASOURCE_URL:
                    default: jdbc:postgresql://postgres.zeabur.internal:5432/skillhub
                SPRING_DATASOURCE_USERNAME:
                    default: skillhub
                SPRING_MAIL_HOST:
                    default: ""
                SPRING_MAIL_PASSWORD:
                    default: ""
                SPRING_MAIL_PORT:
                    default: "587"
                SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_ENABLE:
                    default: "false"
                SPRING_MAIL_PROPERTIES_MAIL_SMTP_SSL_TRUST:
                    default: ""
                SPRING_MAIL_SMTP_AUTH:
                    default: "true"
                SPRING_MAIL_SMTP_STARTTLS_ENABLE:
                    default: "true"
                SPRING_MAIL_USERNAME:
                    default: ""
                SPRING_PROFILES_ACTIVE:
                    default: docker
                STORAGE_BASE_PATH:
                    default: /var/lib/skillhub/storage
        - name: web
          icon: https://raw.githubusercontent.com/iflytek/skillhub/main/skillhub-logo.svg
          template: PREBUILT_V2
          spec:
            id: web
            source:
                image: ghcr.io/iflytek/skillhub-web:latest
            ports:
                - id: web
                  port: 80
                  type: HTTP
            env:
                SKILLHUB_API_UPSTREAM:
                    default: http://server.zeabur.internal:8080
                SKILLHUB_PUBLIC_BASE_URL:
                    default: https://${PUBLIC_DOMAIN}
                SKILLHUB_WEB_API_BASE_URL:
                    default: ""
                SKILLHUB_WEB_AUTH_DIRECT_ENABLED:
                    default: "true"
                SKILLHUB_WEB_AUTH_DIRECT_PROVIDER:
                    default: local
          domainKey: PUBLIC_DOMAIN
