mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
34747359ba
Other ports we use are locked to 127.0.0.1. The `git` service, however, already promotes security in its sshd service and can't really be abused from an external source. This simplifies the need to forward to localhost if deploy targets want the sshd to be available. Signed-off-by: Kevin Morris <kevr@0cost.org>
349 lines
9.4 KiB
YAML
349 lines
9.4 KiB
YAML
#
|
|
# Docker service definitions for the aurweb project.
|
|
#
|
|
# Notable services:
|
|
# - `sharness` - Run sharness test suites
|
|
# - `pytest-mysql` - Run pytest suites with MariaDB
|
|
# - `pytest-sqlite` - Run pytest suites with SQLite
|
|
# - `test` - Run sharness, pytest-mysql and pytest-sqlite
|
|
# - `mariadb` - `port 13306` - MariaDB server for docker
|
|
# - `ca` - Certificate Authority generation
|
|
# - `git` - `port 2222` - Git over SSH server
|
|
# - `fastapi` - hypercorn service for aurweb's FastAPI app
|
|
# - `php-fpm` - Execution server for PHP aurweb
|
|
# - `nginx` - `ports 8444 (FastAPI), 8443 (PHP)` - Everything
|
|
# - You can reach `nginx` via FastAPI at `https://localhost:8444/`
|
|
# or via PHP at `https://localhost:8443/`. CGit can be reached
|
|
# via the `/cgit/` request uri on either server.
|
|
#
|
|
# Copyright (C) 2021 aurweb Development
|
|
# All Rights Reserved.
|
|
version: "3.8"
|
|
|
|
services:
|
|
aurweb-image:
|
|
build: .
|
|
image: aurweb:latest
|
|
|
|
ca:
|
|
image: aurweb:latest
|
|
init: true
|
|
entrypoint: /docker/ca-entrypoint.sh
|
|
command: echo
|
|
|
|
memcached:
|
|
image: aurweb:latest
|
|
init: true
|
|
command: /docker/scripts/run-memcached.sh
|
|
healthcheck:
|
|
test: "bash /docker/health/memcached.sh"
|
|
interval: 3s
|
|
|
|
redis:
|
|
image: aurweb:latest
|
|
init: true
|
|
entrypoint: /docker/redis-entrypoint.sh
|
|
command: /docker/scripts/run-redis.sh
|
|
healthcheck:
|
|
test: "bash /docker/health/redis.sh"
|
|
interval: 3s
|
|
ports:
|
|
- "127.0.0.1:16379:6379"
|
|
|
|
mariadb:
|
|
image: aurweb:latest
|
|
init: true
|
|
entrypoint: /docker/mariadb-entrypoint.sh
|
|
command: /usr/bin/mysqld_safe --datadir=/var/lib/mysql
|
|
ports:
|
|
# This will expose mariadbd on 127.0.0.1:13306 in the host.
|
|
# Ex: `mysql -uaur -paur -h 127.0.0.1 -P 13306 aurweb`
|
|
- "127.0.0.1:13306:3306"
|
|
volumes:
|
|
- mariadb_run:/var/run/mysqld # Bind socket in this volume.
|
|
- mariadb_data:/var/lib/mysql
|
|
healthcheck:
|
|
test: "bash /docker/health/mariadb.sh"
|
|
interval: 3s
|
|
|
|
mariadb_init:
|
|
image: aurweb:latest
|
|
init: true
|
|
entrypoint: /docker/mariadb-init-entrypoint.sh
|
|
command: echo "MariaDB tables initialized."
|
|
volumes:
|
|
- mariadb_run:/var/run/mysqld
|
|
depends_on:
|
|
mariadb:
|
|
condition: service_healthy
|
|
|
|
mariadb_test:
|
|
# Test database.
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- MARIADB_PRIVILEGED=1
|
|
entrypoint: /docker/mariadb-entrypoint.sh
|
|
command: /usr/bin/mysqld_safe --datadir=/var/lib/mysql
|
|
ports:
|
|
# This will expose mariadbd on 127.0.0.1:13307 in the host.
|
|
# Ex: `mysql -uaur -paur -h 127.0.0.1 -P 13306 aurweb`
|
|
- "127.0.0.1:13307:3306"
|
|
volumes:
|
|
- mariadb_test_run:/var/run/mysqld # Bind socket in this volume.
|
|
healthcheck:
|
|
test: "bash /docker/health/mariadb.sh"
|
|
interval: 3s
|
|
|
|
git:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
- SSH_CMDLINE=${SSH_CMDLINE:-ssh ssh://aur@localhost:2222}
|
|
entrypoint: /docker/git-entrypoint.sh
|
|
command: /docker/scripts/run-sshd.sh
|
|
ports:
|
|
- "2222:2222"
|
|
healthcheck:
|
|
test: "bash /docker/health/sshd.sh"
|
|
interval: 3s
|
|
depends_on:
|
|
mariadb_init:
|
|
condition: service_started
|
|
volumes:
|
|
- mariadb_run:/var/run/mysqld
|
|
|
|
smartgit:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
entrypoint: /docker/smartgit-entrypoint.sh
|
|
command: /docker/scripts/run-smartgit.sh
|
|
healthcheck:
|
|
test: "bash /docker/health/smartgit.sh"
|
|
interval: 3s
|
|
|
|
cgit-php:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
- CGIT_CLONE_PREFIX=${AURWEB_PHP_PREFIX}
|
|
- CGIT_CSS=/css/cgit.css
|
|
entrypoint: /docker/cgit-entrypoint.sh
|
|
command: /docker/scripts/run-cgit.sh 3000
|
|
healthcheck:
|
|
test: "bash /docker/health/cgit.sh 3000"
|
|
interval: 3s
|
|
depends_on:
|
|
git:
|
|
condition: service_healthy
|
|
ports:
|
|
- "127.0.0.1:13000:3000"
|
|
volumes:
|
|
- git_data:/aurweb/aur.git
|
|
|
|
cgit-fastapi:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
- CGIT_CLONE_PREFIX=${AURWEB_FASTAPI_PREFIX}
|
|
- CGIT_CSS=/static/css/cgit.css
|
|
entrypoint: /docker/cgit-entrypoint.sh
|
|
command: /docker/scripts/run-cgit.sh 3000
|
|
healthcheck:
|
|
test: "bash /docker/health/cgit.sh 3000"
|
|
interval: 3s
|
|
depends_on:
|
|
git:
|
|
condition: service_healthy
|
|
ports:
|
|
- "127.0.0.1:13001:3000"
|
|
volumes:
|
|
- git_data:/aurweb/aur.git
|
|
|
|
cron:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
entrypoint: /docker/cron-entrypoint.sh
|
|
command: /docker/scripts/run-cron.sh
|
|
depends_on:
|
|
mariadb_init:
|
|
condition: service_started
|
|
volumes:
|
|
- ./aurweb:/aurweb/aurweb
|
|
- mariadb_run:/var/run/mysqld
|
|
- archives:/var/lib/aurweb/archives
|
|
|
|
php-fpm:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=/aurweb/conf/config
|
|
- AURWEB_PHP_PREFIX=${AURWEB_PHP_PREFIX}
|
|
- AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX}
|
|
entrypoint: /docker/php-entrypoint.sh
|
|
command: /docker/scripts/run-php.sh
|
|
healthcheck:
|
|
test: "bash /docker/health/php.sh"
|
|
interval: 3s
|
|
depends_on:
|
|
ca:
|
|
condition: service_started
|
|
git:
|
|
condition: service_healthy
|
|
memcached:
|
|
condition: service_healthy
|
|
cron:
|
|
condition: service_started
|
|
volumes:
|
|
- mariadb_run:/var/run/mysqld
|
|
- archives:/var/lib/aurweb/archives
|
|
ports:
|
|
- "127.0.0.1:19000:9000"
|
|
|
|
fastapi:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=conf/config
|
|
- FASTAPI_BACKEND=${FASTAPI_BACKEND}
|
|
- FASTAPI_WORKERS=${FASTAPI_WORKERS}
|
|
- AURWEB_FASTAPI_PREFIX=${AURWEB_FASTAPI_PREFIX}
|
|
- AURWEB_SSHD_PREFIX=${AURWEB_SSHD_PREFIX}
|
|
- PROMETHEUS_MULTIPROC_DIR=/tmp_prometheus
|
|
entrypoint: /docker/fastapi-entrypoint.sh
|
|
command: /docker/scripts/run-fastapi.sh "${FASTAPI_BACKEND}"
|
|
healthcheck:
|
|
test: "bash /docker/health/fastapi.sh ${FASTAPI_BACKEND}"
|
|
interval: 3s
|
|
depends_on:
|
|
ca:
|
|
condition: service_started
|
|
git:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
cron:
|
|
condition: service_started
|
|
volumes:
|
|
- mariadb_run:/var/run/mysqld
|
|
ports:
|
|
- "127.0.0.1:18000:8000"
|
|
|
|
nginx:
|
|
image: aurweb:latest
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=conf/config
|
|
entrypoint: /docker/nginx-entrypoint.sh
|
|
command: /docker/scripts/run-nginx.sh
|
|
ports:
|
|
- "127.0.0.1:8443:8443" # PHP
|
|
- "127.0.0.1:8444:8444" # FastAPI
|
|
healthcheck:
|
|
test: "bash /docker/health/nginx.sh"
|
|
interval: 3s
|
|
depends_on:
|
|
cgit-php:
|
|
condition: service_healthy
|
|
cgit-fastapi:
|
|
condition: service_healthy
|
|
smartgit:
|
|
condition: service_healthy
|
|
fastapi:
|
|
condition: service_healthy
|
|
php-fpm:
|
|
condition: service_healthy
|
|
volumes:
|
|
- archives:/var/lib/aurweb/archives
|
|
|
|
sharness:
|
|
image: aurweb:latest
|
|
profiles: ["dev"]
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=conf/config.sqlite
|
|
entrypoint: /docker/test-sqlite-entrypoint.sh
|
|
command: /docker/scripts/run-sharness.sh
|
|
stdin_open: true
|
|
tty: true
|
|
depends_on:
|
|
mariadb_test:
|
|
condition: service_healthy
|
|
volumes:
|
|
- ./data:/data
|
|
- ./aurweb:/aurweb/aurweb
|
|
- ./migrations:/aurweb/migrations
|
|
- ./test:/aurweb/test
|
|
- ./web/html:/aurweb/web/html
|
|
- ./web/template:/aurweb/web/template
|
|
- ./web/lib:/aurweb/web/lib
|
|
- ./templates:/aurweb/templates
|
|
|
|
pytest-mysql:
|
|
image: aurweb:latest
|
|
profiles: ["dev"]
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=conf/config
|
|
- TEST_RECURSION_LIMIT=${TEST_RECURSION_LIMIT}
|
|
- PROMETHEUS_MULTIPROC_DIR=/tmp_prometheus
|
|
entrypoint: /docker/test-mysql-entrypoint.sh
|
|
command: /docker/scripts/run-pytests.sh clean
|
|
stdin_open: true
|
|
tty: true
|
|
depends_on:
|
|
mariadb_test:
|
|
condition: service_healthy
|
|
tmpfs:
|
|
- /tmp
|
|
volumes:
|
|
- mariadb_test_run:/var/run/mysqld
|
|
- ./data:/data
|
|
- ./aurweb:/aurweb/aurweb
|
|
- ./migrations:/aurweb/migrations
|
|
- ./test:/aurweb/test
|
|
- ./web/html:/aurweb/web/html
|
|
- ./web/template:/aurweb/web/template
|
|
- ./web/lib:/aurweb/web/lib
|
|
- ./templates:/aurweb/templates
|
|
|
|
test:
|
|
image: aurweb:latest
|
|
profiles: ["dev"]
|
|
init: true
|
|
environment:
|
|
- AUR_CONFIG=conf/config
|
|
- TEST_RECURSION_LIMIT=${TEST_RECURSION_LIMIT}
|
|
- PROMETHEUS_MULTIPROC_DIR=/tmp_prometheus
|
|
entrypoint: /docker/test-mysql-entrypoint.sh
|
|
command: /docker/scripts/run-tests.sh
|
|
stdin_open: true
|
|
tty: true
|
|
depends_on:
|
|
mariadb_test:
|
|
condition: service_healthy
|
|
volumes:
|
|
- mariadb_test_run:/var/run/mysqld
|
|
- ./data:/data
|
|
- ./aurweb:/aurweb/aurweb
|
|
- ./migrations:/aurweb/migrations
|
|
- ./test:/aurweb/test
|
|
- ./web/html:/aurweb/web/html
|
|
- ./web/template:/aurweb/web/template
|
|
- ./web/lib:/aurweb/web/lib
|
|
- ./templates:/aurweb/templates
|
|
|
|
volumes:
|
|
mariadb_test_run: {}
|
|
mariadb_run: {} # Share /var/run/mysqld/mysqld.sock
|
|
mariadb_data: {} # Share /var/lib/mysql
|
|
git_data: {} # Share aurweb/aur.git
|
|
smartgit_run: {}
|
|
archives: {}
|