GH-444: [Eval] Remote DB Usage via Docker Compose (#445)

* feat: Implement production deployment configuration for Choreo using remote databases, along with a deployment guide and a Supabase restore script.

* docs: Add documentation for database restoration from GitHub backups to remote PostgreSQL databases.

* chore: Remove the explicit volumes section from docker-compose-prod.yml.

* fix(reviews): adding correct tool

Author: vibhatha

.gitignore

@@ -23,6 +23,7 @@ target/
 artifacts and env configs not to be committed
 opengin/core-api/.env
 .env
+.env.*
 opengin/core-api/core-service
 
 # Neo4j

deployment/choreo/development/docker/postgres/restore_from_github_to_supabase.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+set -e
+
+# Configuration
+GITHUB_REPO="LDFLK/data-backups"
+ENVIRONMENT="${ENVIRONMENT:-development}"
+VERSION="${1:-latest}"
+
+# Colors for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+log() {
+    local level=$1
+    shift
+    local message="$*"
+    case $level in
+        "INFO") echo -e "${BLUE}[INFO]${NC} $message" ;;
+        "SUCCESS") echo -e "${GREEN}[SUCCESS]${NC} $message" ;;
+        "ERROR") echo -e "${RED}[ERROR]${NC} $message" ;;
+    esac
+}
+
+# Prerequisites Checks
+if [ -z "$SUPABASE_DB_URL" ]; then
+    log "ERROR" "SUPABASE_DB_URL environment variable is required."
+    echo -e "Example: export SUPABASE_DB_URL='postgresql://user:pass@host:5432/db'"
+    exit 1
+fi
+
+if ! command -v psql &> /dev/null; then
+    log "ERROR" "psql could not be found. Please install PostgreSQL client tools."
+    exit 1
+fi
+
+if ! command -v wget &> /dev/null; then
+    log "ERROR" "wget could not be found. Please install wget."
+    exit 1
+fi
+
+if ! command -v unzip &> /dev/null; then
+    log "ERROR" "unzip could not be found. Please install unzip."
+    exit 1
+fi
+
+# Create temporary directory
+TEMP_DIR=$(mktemp -d)
+log "INFO" "Created temporary directory: $TEMP_DIR"
+
+cleanup() {
+    log "INFO" "Cleaning up temporary files..."
+    rm -rf "$TEMP_DIR"
+}
+trap cleanup EXIT
+
+# 1. Download Release
+ARCHIVE_URL="https://github.com/$GITHUB_REPO/archive/refs/tags/$VERSION.zip"
+ARCHIVE_FILE="$TEMP_DIR/archive.zip"
+
+log "INFO" "Downloading GitHub archive for version $VERSION from $ARCHIVE_URL..."
+
+if wget -q "$ARCHIVE_URL" -O "$ARCHIVE_FILE"; then
+    log "SUCCESS" "Download complete."
+else
+    log "ERROR" "Failed to download archive. Please check the version/tag."
+    exit 1
+fi
+
+# 2. Extract Archive
+log "INFO" "Extracting archive..."
+unzip -q "$ARCHIVE_FILE" -d "$TEMP_DIR"
+EXTRACTED_DIR="$TEMP_DIR/data-backups-$VERSION"
+
+# Note: If version is 'latest', the folder name inside might be based on the commit hash or tag name
+# We should try to find the directory if the predictable name fails, or just assume the single directory extracted
+if [ ! -d "$EXTRACTED_DIR" ]; then
+    EXTRACTED_DIR=$(find "$TEMP_DIR" -maxdepth 1 -type d -name "data-backups-*" | head -n 1)
+fi
+
+log "INFO" "Extracted to: $EXTRACTED_DIR"
+
+# 3. Locate Postgres Backup
+# Structure: opengin/$environment/postgres/opengin.tar.gz
+BACKUP_ARCHIVE="$EXTRACTED_DIR/opengin/$ENVIRONMENT/postgres/opengin.tar.gz"
+
+if [ ! -f "$BACKUP_ARCHIVE" ]; then
+    log "ERROR" "PostgreSQL backup not found at: $BACKUP_ARCHIVE"
+    exit 1
+fi
+
+log "INFO" "Found backup archive: $BACKUP_ARCHIVE"
+
+# 4. Extract SQL Dump
+log "INFO" "Extracting SQL dump from archive..."
+tar -xzf "$BACKUP_ARCHIVE" -C "$TEMP_DIR"
+
+# The dump file name inside the tar usually matches the tar name base or is specifically named.
+# Based on init.sh, backup_postgres creates `opengin.tar.gz` containing `${backup_file}.sql` which defaults to `opengin.sql`
+DUMP_FILE="$TEMP_DIR/opengin.sql"
+
+if [ ! -f "$DUMP_FILE" ]; then
+    # Fallback: find any .sql file in temp dir
+    DUMP_FILE=$(find "$TEMP_DIR" -maxdepth 1 -name "*.sql" | head -n 1)
+fi
+
+if [ ! -f "$DUMP_FILE" ]; then
+    log "ERROR" "Could not find extracted SQL file."
+    exit 1
+fi
+
+log "INFO" "SQL Dump ready: $DUMP_FILE"
+
+# 5. Restore to Supabase
+log "INFO" "Using local psql: $(psql --version)"
+log "INFO" "Restoring to Supabase..."
+
+if psql -d "$SUPABASE_DB_URL" -f "$DUMP_FILE"; then
+    log "SUCCESS" "Migration completed successfully!"
+else
+    log "ERROR" "Migration failed."
+    exit 1
+fi

deployment/choreo/docs/PRODUCTION_DEPLOYMENT.md

@@ -0,0 +1,119 @@
+# Production Deployment Guide
+
+This guide describes how to deploy the OpenGIN services in a production-like environment using the Choreo-optimized Docker configuration (`docker-compose-prod.yml`).
+
+## Overview
+
+The production setup differs from development in the following ways:
+*   **Databases**: Connects to remote managed databases (Supabase for PostgreSQL, MongoDB Atlas, Neo4j Aura) instead of valid local containers.
+*   **Images**: Uses `.choreo` Dockerfiles which are optimized for cloud deployment (e.g., using specific build contexts and startup scripts).
+*   **Configuration**: All secrets and connection details are managed via environment variables.
+
+## Prerequisites
+
+*   Rancher Desktop (or Docker Engine + Compose plugin) installed.
+*   Access to the remote database instances.
+
+## Configuration (.env)
+
+Create a `.env` file in the project root to store your database credentials. 
+
+> **Important**: This file contains secrets. Ensure it is added to your `.gitignore`.
+
+### Required Variables
+
+Add the following variables to your `.env` file, replacing the values with your actual credentials.
+
+#### PostgreSQL (Supabase)
+```bash
+POSTGRES_HOST=your-db-host.supabase.co
+POSTGRES_PORT=5432
+POSTGRES_USER=your-db-user
+POSTGRES_PASSWORD=your-db-password
+POSTGRES_DB=postgres
+# SSL Mode is usually 'require' for managed databases
+POSTGRES_SSL_MODE=require
+```
+![Supabase Connection URL Settings](supabase-url.png)
+*Find your connection details in Project Settings > Database > Connection Parameters*
+
+#### MongoDB (Atlas)
+```bash
+MONGO_URI=mongodb+srv://user:pass@cluster.mongodb.net/
+MONGO_DB_NAME=opengin
+MONGO_ADMIN_USER=your-admin-user
+MONGO_ADMIN_PASSWORD=your-admin-pass
+```
+
+#### Neo4j (Aura)
+```bash
+NEO4J_URI=neo4j+s://your-instance.databases.neo4j.io
+NEO4J_USER=neo4j
+NEO4J_PASSWORD=your-neo4j-password
+NEO4J_DATABASE=neo4j
+```
+
+## Running the Application
+
+To start the application using the production configuration:
+
+```bash
+docker compose -f docker-compose-prod.yml --env-file .env up --build
+```
+
+### Detached Mode
+To run in the background:
+```bash
+docker compose -f docker-compose-prod.yml --env-file .env up -d --build
+```
+
+### Stopping the Application
+```bash
+docker compose -f docker-compose-prod.yml down
+```
+
+## Troubleshooting
+
+### Environment Variable Collisions (Auth Failures)
+If you encounter authentication failures (e.g., `password authentication failed for user "postgres"`), check if you have local shell environment variables set that conflict with your `.env` file.
+
+Docker Compose prioritizes shell variables over the `.env` file. Common conflicts include:
+*   `POSTGRES_USER`
+*   `POSTGRES_PASSWORD`
+
+**Solution**: Unset the conflicting variables in your shell before running docker-compose:
+```bash
+unset POSTGRES_USER POSTGRES_PASSWORD
+docker compose -f docker-compose-prod.yml --env-file .env up --build
+```
+
+### Hostname Resolution
+If services cannot communicate (e.g., `Could not resolve host: core-choreo`), ensure that `docker-compose-prod.yml` explicitly overrides the `BAL_CONFIG_VAR_CORESERVICEURL` environment variable for dependent services (ingestion, read).
+
+```yaml
+environment:
+  - BAL_CONFIG_VAR_CORESERVICEURL=http://core:50051
+```
+This is already configured in the provided `docker-compose-prod.yml`.
+
+## Database Restoration
+
+To restore the latest backup from the GitHub repository (`LDFLK/data-backups`) to your remote PostgreSQL database (Supabase or NeonDB), use the helper script:
+
+`deployment/choreo/development/docker/postgres/restore_from_github_to_supabase.sh`
+
+### Usage
+
+1.  **Set the Connection String**:
+    The script requires the `SUPABASE_DB_URL` environment variable. You can use the value from your `.env` file (construct it from the individual variables if needed, or if you have a full connection string variable).
+
+2.  **Run the Script**:
+    You can optionally specify a version tag (defaults to `latest`).
+
+```bash
+# Example: Restoring to the DB defined in your current shell
+export SUPABASE_DB_URL='postgresql://user:password@host:port/dbname?sslmode=require'
+./deployment/choreo/development/docker/postgres/restore_from_github_to_supabase.sh [version]
+```
+
+*   `[version]`: Optional. The tag version to download from GitHub (e.g., `0.0.1`). Defaults to `latest`.

deployment/choreo/docs/supabase-url.png

@@ -0,0 +1,98 @@
+version: '3.8'
+
+services:
+  # MongoDB service is removed in production as we use a remote DB
+
+  # Neo4j service is removed in production as we use a remote DB
+
+  # Postgres service is removed in production as we use a remote DB
+
+  core:
+    build:
+      context: ./opengin/core-api
+      dockerfile: docker/Dockerfile.choreo
+    container_name: core
+    ports:
+      - "50051:50051"
+    environment:
+      # Neo4j Config - Remote DB
+      - NEO4J_URI=${NEO4J_URI}
+      - NEO4J_USER=${NEO4J_USER}
+      - NEO4J_PASSWORD=${NEO4J_PASSWORD}
+      # MongoDB Config - Remote DB
+      - MONGO_URI=${MONGO_URI}
+      - MONGO_DB_NAME=${MONGO_DB_NAME}
+      - MONGO_COLLECTION=metadata
+      - MONGO_ADMIN_USER=${MONGO_ADMIN_USER}
+      - MONGO_ADMIN_PASSWORD=${MONGO_ADMIN_PASSWORD}
+      # Postgres Config - Remote DB
+      - POSTGRES_HOST=${POSTGRES_HOST}
+      - POSTGRES_PORT=${POSTGRES_PORT:-5432}
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_DB=${POSTGRES_DB:-postgres}
+      - CORE_SERVICE_HOST=0.0.0.0
+      - CORE_SERVICE_PORT=50051
+    # No depends_on needed as all databases are remote
+    networks:
+      - ldf-network
+    healthcheck:
+      test: [ "CMD", "nc", "-zv", "localhost", "50051" ]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+
+  ingestion:
+    build:
+      context: ./opengin/ingestion-api
+      dockerfile: docker/Dockerfile.choreo
+    container_name: ingestion
+    ports:
+      - "8080:8080"
+    networks:
+      - ldf-network
+    environment:
+      # Explicitly set Ballerina Config Var to override image default (core-choreo)
+      - BAL_CONFIG_VAR_CORESERVICEURL=http://core:50051
+      - CORE_SERVICE_URL=http://core:50051
+      - INGESTION_SERVICE_HOST=0.0.0.0
+      - INGESTION_SERVICE_PORT=8080
+    depends_on:
+      core:
+        condition: service_healthy
+    healthcheck:
+      test: [ "CMD", "nc", "-z", "localhost", "8080" ]
+      interval: 15s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+
+  read:
+    build:
+      context: ./opengin/read-api
+      dockerfile: docker/Dockerfile.choreo
+    container_name: read
+    ports:
+      - "8081:8081"
+    networks:
+      - ldf-network
+    environment:
+      # Explicitly set Ballerina Config Var to override image default (core-choreo)
+      - BAL_CONFIG_VAR_CORESERVICEURL=http://core:50051
+      - CORE_SERVICE_URL=http://core:50051
+      - READ_SERVICE_HOST=0.0.0.0
+      - READ_SERVICE_PORT=8081
+    depends_on:
+      core:
+        condition: service_healthy
+    healthcheck:
+      test: [ "CMD", "nc", "-zv", "localhost", "8081" ]
+      interval: 15s
+      timeout: 10s
+      retries: 5
+      start_period: 120s
+
+networks:
+  ldf-network:
+    driver: bridge