-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathdocker-compose-dev.yml
More file actions
209 lines (189 loc) · 6.01 KB
/
docker-compose-dev.yml
File metadata and controls
209 lines (189 loc) · 6.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
services:
server:
build:
context: ./server
dockerfile: ../config/development/Dockerfile.server
volumes:
- ./server:/app
- /app/node_modules
environment:
- BASE_URL=http://localhost:3000
- NODE_ENV=development
- DATABASE_URL=postgresql://user:password@postgres:5432/projects_db
- SECRET_KEY=notsecretkey
# - TRUST_PROXY=0
# - TOKEN_EXPIRES_IN=365 # In days
# related: https://github.com/knex/knex/issues/2354
# As knex does not pass query parameters from the connection string we
# have to use environment variables in order to pass the desired values, e.g.
# - PGSSLMODE=<value>
# Configure knex to accept SSL certificates
# - KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE=false
# - SHOW_DETAILED_AUTH_ERRORS=false # Set to true to show more detailed authentication error messages. It should not be enabled without a rate limiter for security reasons.
- ALLOW_ALL_TO_CREATE_PROJECTS=true
# - S3_ENDPOINT=
# - S3_REGION=
# - S3_ACCESS_KEY_ID=
# - S3_SECRET_ACCESS_KEY=
# - S3_BUCKET=
# - S3_FORCE_PATH_STYLE=true
- ORGANIZATION_ID_CLAIM=siret
- OIDC_ISSUER=http://auth.local:8080/realms/projects
- OIDC_CLIENT_ID=projects-client
- OIDC_CLIENT_SECRET=a-not-so-secret-secret
- OIDC_SCOPES=openid profile email organization
# - OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG=RS256
# - OIDC_USERINFO_SIGNED_RESPONSE_ALG=RS256
# - OIDC_RESPONSE_MODE=fragment
- OIDC_USE_DEFAULT_RESPONSE_MODE=true
# - OIDC_ADMIN_ROLES=admin
# - OIDC_CLAIMS_SOURCE=userinfo
# - OIDC_EMAIL_ATTRIBUTE=email
- OIDC_FULLNAME_ATTRIBUTES=given_name,family_name
# - OIDC_USERNAME_ATTRIBUTE=preferred_username
# - OIDC_ROLES_ATTRIBUTE=groups
- OIDC_IGNORE_USERNAME=true
- OIDC_IGNORE_ROLES=true
- OIDC_ENFORCED=true
# - OIDC_POST_LOGOUT_REDIRECT_URI=http://localhost:3000/custom-logout-page
# Email Notifications (https://nodemailer.com/smtp/)
# - SMTP_HOST=
# - SMTP_PORT=587
# - SMTP_NAME=
# - SMTP_SECURE=true
# - SMTP_USER=
# - SMTP_PASSWORD=
# - SMTP_FROM="Demo Demo" <demo@demo.demo>
# - SMTP_TLS_REJECT_UNAUTHORIZED=false
# Optional fields: accessToken, events, excludedEvents
# - |
# WEBHOOKS=[{
# "url": "http://localhost:3001",
# "accessToken": "notaccesstoken",
# "events": ["cardCreate", "cardUpdate", "cardDelete"],
# "excludedEvents": ["notificationCreate", "notificationUpdate"]
# }]
# - SLACK_BOT_TOKEN=
# - SLACK_CHANNEL_ID=
# - GOOGLE_CHAT_WEBHOOK_URL=
# - TELEGRAM_BOT_TOKEN=
# - TELEGRAM_CHAT_ID=
# - TELEGRAM_THREAD_ID=
working_dir: /app
extra_hosts:
- 'auth.local:host-gateway'
command: ['sh', '-c', 'npm run start']
depends_on:
postgres:
condition: service_healthy
keycloak:
condition: service_healthy
client:
build:
context: ./client
dockerfile: ../config/development/Dockerfile.client
volumes:
- ./client:/app/client
- /app/client/node_modules
- /app/node_modules
environment:
- NODE_ENV=development
- CHOKIDAR_USEPOLLING=true
- BASE_URL=http://localhost:3000
- REACT_APP_SERVER_BASE_URL=http://localhost:3000
working_dir: /app/client
command: npm start
init-db:
build:
context: ./server
dockerfile: ../config/development/Dockerfile.server
environment:
- DATABASE_URL=postgresql://user:password@postgres:5432/projects_db
- DEFAULT_ADMIN_EMAIL=user.test@suite.anct.gouv.fr
- DEFAULT_ADMIN_PASSWORD=password
- DEFAULT_ADMIN_NAME=Test User
- DEFAULT_ADMIN_USERNAME=test.user
working_dir: /app
command: ['sh', '-c', 'npm run db:init']
volumes:
- ./server:/app
- /app/node_modules
depends_on:
postgres:
condition: service_healthy
postgres:
image: postgres:16-alpine
volumes:
- db-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: projects_db
POSTGRES_USER: user
POSTGRES_PASSWORD: password
ports:
- '5432:5432'
restart: unless-stopped
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U user -d projects_db']
interval: 10s
timeout: 5s
retries: 5
keycloak-db:
image: postgres:16-alpine
volumes:
- keycloak-db-data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
healthcheck:
test: ['CMD-SHELL', 'pg_isready -U keycloak -d keycloak']
interval: 10s
timeout: 5s
retries: 5
keycloak:
image: quay.io/keycloak/keycloak:26.4
command: start-dev --import-realm
environment:
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://keycloak-db:5432/keycloak
KC_DB_USERNAME: keycloak
KC_DB_PASSWORD: keycloak
KC_HOSTNAME_STRICT: false
KC_HOSTNAME_STRICT_HTTPS: false
KC_HTTP_ENABLED: true
KC_HOSTNAME: auth.local
KC_HOSTNAME_PORT: 8080
KC_HTTP_RELATIVE_PATH: /
volumes:
- ./config/development/realm-export.json:/opt/keycloak/data/import/realm-export.json:ro
ports:
- '8080:8080'
depends_on:
keycloak-db:
condition: service_healthy
healthcheck:
test:
[
'CMD-SHELL',
'exec 3<>/dev/tcp/localhost/8080 && echo -e "GET /realms/master/.well-known/openid-configuration HTTP/1.1\r\nHost: localhost\r\nConnection: close\r\n\r\n" >&3 && cat <&3 | grep -q "HTTP/1.1 200" || exit 1',
]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
networks:
- default
proxy:
image: nginx:alpine
ports:
- '3000:80'
volumes:
- ./config/development/nginx.conf:/etc/nginx/nginx.conf
depends_on:
- server
- client
volumes:
db-data:
keycloak-db-data: