Add example docker-compose file

docker/README.md

@@ -0,0 +1,6 @@
+# Run as docker comtainer
+
+To run this project as a docker container, simply download
+[docker-compose.yml](./docker-compose.yml) and
+[application.yml](./application.yml) to a location on your machine and
+type `docker compose up -d`.

docker/application.yml

@@ -0,0 +1,111 @@
+---
+logging:
+  level:
+    root: INFO
+    generiek: DEBUG
+
+server:
+  port: 8092
+  error:
+    path: "/error"
+    include-message: always
+  servlet:
+    session:
+      tracking-modes: cookie
+      cookie:
+        secure: true
+
+spring:
+  jpa:
+    properties:
+      hibernate:
+        naming-strategy: org.hibernate.cfg.ImprovedNamingStrategy
+        # dialect: org.hibernate.dialect.PostgreSQL10Dialect
+        dialect: org.hibernate.dialect.H2Dialect
+    open-in-view: false
+  datasource:
+    driver-class-name: org.h2.Driver
+    url: jdbc:h2:file:./database/student-mobility
+    # driver-class-name: org.postgresql.Driver
+    # url: jdbc:postgresql://localhost:5432/mobility
+    # username: mobility_rw
+    # password: secret
+  flyway:
+    locations: classpath:db/{vendor}/migration
+
+config:
+  connection_timeout_millis: 20_000
+  connection_pool_keep_alive_duration_millis: 300_000
+  # Set to 0 to disable connection-pooling. If responses are slow,
+  # connection-pooling does not matter anyway
+  connection_pool_max_idle_connections: 256
+
+features:
+  # Do we allow to mock the different scenario's - only allow on test
+  allow_playground: true
+
+# URL of the broker-gui to redirect back after authentication and the
+# credentials of the broker-server to check against
+broker:
+  url: "http://localhost:3003"
+  user: user
+  password: secret
+  service_registry_base_url: "http://localhost:8091"
+
+# Credentials of the SIS (e.g. Osiris) to check against when
+# reporting back results
+sis:
+  user: sis
+  password: secret
+
+# Details on which custom inteken implementation to call including credentials
+backend:
+  url: "http://localhost:8093/intake"
+  api_user: user
+  api_password: secret
+
+oidc:
+  acr-context-class-ref: https://eduid.nl/trust/affiliation-student
+  client-id: student.mobility.rp.localhost
+  client-secret: secret
+  redirect-uri: http://localhost:8092/redirect_uri
+  authorization-uri: https://connect.test2.surfconext.nl/oidc/authorize
+  token-uri: https://connect.test2.surfconext.nl/oidc/token
+  jwk-set-uri: https://connect.test2.surfconext.nl/oidc/certs
+  jwk:
+    # The HTTP connect timeout for JWK set retrieval, in millisecond
+    connect-timeout: 1500
+    # The HTTP read timeout for JWK set retrieval, in milliseconds
+    read-timeout: 1500
+    # The HTTP entity size limit for JWK set retrieval, in bytes
+    size-limit: 153_600
+    # authorization-uri: http://localhost:8080/oidc/authorize
+    # token-uri: http://localhost:8080/oidc/token
+    # jwk-set-uri: http://localhost:8080/oidc/certs
+
+management:
+  endpoints:
+    enabled-by-default: false
+    web:
+      exposure:
+        include:
+          - health
+          - info
+      base-path: "/internal"
+  endpoint:
+    health:
+      enabled: true
+      show-details: when_authorized
+    info:
+      enabled: true
+  info:
+    git:
+      mode: full
+    defaults:
+      enabled: true
+
+# used by the git plugin
+info:
+  build:
+    artifact: "@project.artifactId@"
+    version: "@project.version@"

docker/docker-compose.yml

@@ -0,0 +1,11 @@
+# yamllint disable rule:line-length
+---
+version: '3.8'
+services:
+  intekenontvanger-generiek:
+    image: ghcr.io/surfnet/student-mobility-inteken-ontvanger-generiek/intekenontvanger-generiek:sha-66f2f1e
+    volumes:
+      - ${PWD}/application.yml:/application.yml
+      - ${PWD}/database:/database
+    ports:
+      - 8092:8092