generated from digitalservicebund/java-application-template
-
Notifications
You must be signed in to change notification settings - Fork 9
/
compose.yaml
182 lines (174 loc) · 6.3 KB
/
compose.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
services:
initialization:
image: ghcr.io/digitalservicebund/ris-data-migration:7365c89e5ea83932c1d5f1dd00a63ccfd4d6fe90
depends_on:
- postgres14
environment:
- SPRING_PROFILES_ACTIVE=feature-development,dev
- RIS_MIGRATION_RUNNER=feature-development
- RIS_MIGRATION_CLI_MODE=false
- RIS_MIGRATION_DB_HOST=host.docker.internal
- RIS_MIGRATION_DB_PORT=5432
- RIS_MIGRATION_DB_NAME=neuris
- RIS_MIGRATION_DB_USER=test
- RIS_MIGRATION_DB_PASSWORD=test
- RIS_MIGRATION_DB_SCHEMA=incremental_migration
- RIS_MIGRATION_S3_ENDPOINT=https://obs.eu-de.otc.t-systems.com
- RIS_MIGRATION_S3_ACCESS_KEY=${AWS_ACCESS_KEY_ID} # Use the OTC S3 access key from 1Password. See migration_image.md for details.
- RIS_MIGRATION_S3_SECRET=${AWS_SECRET_ACCESS_KEY} # Use the OTC S3 access key from 1Password. See migration_image.md for details.
- RIS_MIGRATION_S3_BUCKET=${AWS_BUCKET_NAME} # Use the OTC S3 access key from 1Password. See migration_image.md for details.
- RIS_MIGRATION_S3_DATA_VERSION=2024-09
- RIS_MIGRATION_S3_FIRST_DAILY_VERSION=2024-08-31
traefik:
image: traefik:v3.2
extra_hosts:
- localhost:host-gateway
container_name: traefik
volumes:
- ./traefik.yaml:/etc/traefik/config.yml:ro
command:
- "--api.dashboard=false"
- "--providers.file.filename=/etc/traefik/config.yml"
- "--entryPoints.http.address=:80"
- "--ping=true"
- "--entryPoints.ping.address=:8082"
- "--ping.entryPoint=ping"
ports:
- 80:80
healthcheck:
test:
[
"CMD",
"traefik",
"healthcheck",
"--entrypoints.ping.address=:8082",
"--ping.entryPoint=ping",
"--ping",
]
interval: 5s
retries: 3
start_period: 3s
timeout: 3s
backend:
image: gradle:8-jdk17
user: ${MY_UID}:${MY_GID}
extra_hosts:
- localhost:host-gateway
container_name: backend
volumes:
- ./:/app
- gradle-cache:/root/.gradle/caches
working_dir: /app
environment:
- SPRING_PROFILES_ACTIVE=local,compose
- GH_PACKAGES_REPOSITORY_USER=${GH_PACKAGES_REPOSITORY_USER}
- GH_PACKAGES_REPOSITORY_TOKEN=${GH_PACKAGES_REPOSITORY_TOKEN}
- OAUTH2_CLIENT_ISSUER=${OAUTH2_CLIENT_ISSUER}
- OAUTH2_CLIENT_ID=${OAUTH2_CLIENT_ID}
- OAUTH2_CLIENT_SECRET=${OAUTH2_CLIENT_SECRET}
- JAVA_OPTS=-XX:MaxDirectMemorySize=100M
command: sh run.sh _start
depends_on:
traefik: { condition: service_healthy }
postgres14: { condition: service_healthy }
redis: { condition: service_healthy }
initialization: { condition: service_completed_successfully }
ports:
- 8080:8080
healthcheck:
test: curl --silent --fail http://127.0.0.1:8080/actuator/health/readiness | grep UP || exit 1
interval: 10s
retries: 10
start_period: 60s
timeout: 3s
frontend:
image: neuris/frontend
extra_hosts:
- localhost:host-gateway
container_name: frontend
volumes:
- ./frontend/src/:/usr/src/app/src
environment:
- BACKEND_HOST=http://127.0.0.1
command: npm run dev -- --host
depends_on:
- traefik
ports:
- 3000:3000
healthcheck:
test: curl --silent --fail --request GET http://127.0.0.1:3000 || exit 1
interval: 10s
retries: 10
start_period: 10s
timeout: 3s
postgres14:
image: postgres:14-alpine
extra_hosts:
- localhost:host-gateway
restart: always
container_name: postgres14
volumes:
- postgres14-data:/var/lib/postgresql/data
environment:
- POSTGRES_DB=neuris
- POSTGRES_PASSWORD=test
- POSTGRES_USER=test
- POSTGRES_INITDB_ARGS="--auth-local=md5"
- PGPASSWORD=test
- PGUSER=test
- MIGRATION_USER_NAME=migration
- MIGRATION_USER_PASSWORD=migration
ports:
- 5432:5432
entrypoint:
- /bin/bash
- -c
- |
set -e
docker-entrypoint.sh postgres &
sleep 5
# Create migration role (unless it exists)
[ "$$(psql -U test postgres -Atc "select 1 from pg_roles where rolname = '$${MIGRATION_USER_NAME}';")" = "1" ] || psql -e -U test postgres -c "CREATE ROLE $${MIGRATION_USER_NAME} LOGIN PASSWORD '$${MIGRATION_USER_PASSWORD}';"
# access for migration user
psql -e -U test "$${POSTGRES_DB}" -c "CREATE SCHEMA IF NOT EXISTS incremental_migration;"
psql -e -U test "$${POSTGRES_DB}" -c "GRANT ALL ON schema incremental_migration TO $${MIGRATION_USER_NAME}, $${POSTGRES_USER};"
psql -e -U test "$${POSTGRES_DB}" -c "GRANT ALL ON ALL TABLES IN schema incremental_migration TO $${MIGRATION_USER_NAME}, $${POSTGRES_USER};"
psql -e -U test "$${POSTGRES_DB}" -c "GRANT ALL ON ALL SEQUENCES IN schema incremental_migration TO $${MIGRATION_USER_NAME}, $${POSTGRES_USER};"
psql -e -U test "$${POSTGRES_DB}" -c "GRANT ALL ON ALL FUNCTIONS IN schema incremental_migration TO $${MIGRATION_USER_NAME}, $${POSTGRES_USER};"
psql -e -U test "$${POSTGRES_DB}" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA incremental_migration GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $${MIGRATION_USER_NAME}, $${POSTGRES_USER};"
psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";'
psql -U $${POSTGRES_USER} -d $${POSTGRES_DB} -c 'CREATE EXTENSION IF NOT EXISTS pg_trgm;'
wait
healthcheck:
test: [ "CMD-SHELL", "pg_isready -U test -d neuris" ]
interval: 5s
retries: 3
start_period: 5s
timeout: 3s
redis:
image: cgr.dev/chainguard/redis@sha256:d6037316ed0ac4c89a5c2aa931b138d14ac38da380f72433ec0c183875b71e54
extra_hosts:
- localhost:host-gateway
container_name: redis
command:
- "--maxmemory 256mb"
- "--maxmemory-policy allkeys-lru"
- "--timeout 300"
- "--tcp-keepalive 10"
- "--user redis on +@all -CONFIG ~* >password"
- "--user default off resetchannels -@all"
ports:
- "6379:6379"
healthcheck:
test:
[
"CMD-SHELL",
"redis-cli -h 127.0.0.1 --user redis -a password PING | grep 'PONG' || exit 1",
]
interval: 5s
retries: 5
start_period: 3s
timeout: 5s
volumes:
gradle-cache:
postgres14-data: