Skip to content

Commit

Permalink
cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
tobiasmcnulty committed Nov 16, 2023
1 parent fedfe89 commit 02ee837
Show file tree
Hide file tree
Showing 3 changed files with 159 additions and 11 deletions.
8 changes: 2 additions & 6 deletions .github/workflows/docker-publish.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
name: Docker

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

on:
push:
branches: [gh-images]
Expand All @@ -23,6 +18,7 @@ jobs:
build_args: [""]
flavor: [""]
include:
# Build additional OIDC flavor for nginx (tags will be suffixed with -oidc)
- image: nginx
flavor: |
latest=true
Expand Down Expand Up @@ -52,7 +48,7 @@ jobs:
with:
images: ${{ env.REGISTRY_WITH_PATH }}/central-${{ matrix.image }}
flavor: ${{ matrix.flavor }}
# generate Docker tags based on the following events/attributes
# Generate Docker tags based on the following events/attributes
tags: |
type=ref,event=branch
type=semver,pattern={{version}}
Expand Down
143 changes: 143 additions & 0 deletions docker-compose.nobuild.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
version: "3"
services:
postgres14:
build:
context: .
dockerfile: postgres14.dockerfile
volumes:
- postgres14:/var/lib/odk/postgresql/14
environment:
POSTGRES_USER: odk
POSTGRES_PASSWORD: odk
POSTGRES_DATABASE: odk
restart: always
postgres:
# This service upgrades from postgres 9.6 to 14.
# The legacy name must be maintained to allow access to the anonymous volume.
build:
context: .
dockerfile: postgres-upgrade.dockerfile
volumes:
- /var/lib/postgresql/data
- postgres14:/var/lib/postgresql/14
- ./files/postgres14/upgrade:/postgres14-upgrade
environment:
PGUSER: odk
POSTGRES_INITDB_ARGS: -U odk
POSTGRES_PASSWORD: odk
POSTGRES_DATABASE: odk
mail:
image: "ixdotai/smtp:v0.5.1"
volumes:
- ./files/mail/rsa.private:/etc/exim4/dkim.key.temp:ro
environment:
- MAILNAME=${DOMAIN}
- DKIM_KEY_PATH=/etc/exim4/dkim.key.temp
restart: always
service:
image: ghcr.io/caktus/central-service:latest
depends_on:
- secrets
- postgres14
- mail
- pyxform
- enketo
volumes:
- secrets:/etc/secrets
- /data/transfer:/data/transfer
- ./files/service/config.json.template:/usr/share/odk/config.json.template
environment:
- DOMAIN=${DOMAIN}
- SYSADMIN_EMAIL=${SYSADMIN_EMAIL}
- HTTPS_PORT=${HTTPS_PORT:-443}
- NODE_OPTIONS=${SERVICE_NODE_OPTIONS:-}
- DB_HOST=${DB_HOST:-postgres14}
- DB_USER=${DB_USER:-odk}
- DB_PASSWORD=${DB_PASSWORD:-odk}
- DB_NAME=${DB_NAME:-odk}
- DB_SSL=${DB_SSL:-null}
- EMAIL_FROM=${EMAIL_FROM:-no-reply@$DOMAIN}
- EMAIL_HOST=${EMAIL_HOST:-mail}
- EMAIL_PORT=${EMAIL_PORT:-25}
- EMAIL_SECURE=${EMAIL_SECURE:-false}
- EMAIL_IGNORE_TLS=${EMAIL_IGNORE_TLS:-true}
- EMAIL_USER=${EMAIL_USER:-}
- EMAIL_PASSWORD=${EMAIL_PASSWORD:-}
- OIDC_ENABLED=${OIDC_ENABLED:-false}
- OIDC_ISSUER_URL=${OIDC_ISSUER_URL:-}
- OIDC_CLIENT_ID=${OIDC_CLIENT_ID:-}
- OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET:-}
- SENTRY_ORG_SUBDOMAIN=${SENTRY_ORG_SUBDOMAIN:-o130137}
- SENTRY_KEY=${SENTRY_KEY:-3cf75f54983e473da6bd07daddf0d2ee}
- SENTRY_PROJECT=${SENTRY_PROJECT:-1298632}
command: [ "wait-for-it", "${DB_HOST:-postgres14}:5432", "--", "./start-odk.sh" ]
restart: always
logging:
driver: local
nginx:
image: ghcr.io/caktus/central-nginx:latest
depends_on:
- service
- enketo
environment:
- DOMAIN=${DOMAIN}
- CERTBOT_EMAIL=${SYSADMIN_EMAIL}
- SSL_TYPE=${SSL_TYPE:-letsencrypt}
- SENTRY_ORG_SUBDOMAIN=${SENTRY_ORG_SUBDOMAIN:-o130137}
- SENTRY_KEY=${SENTRY_KEY:-3cf75f54983e473da6bd07daddf0d2ee}
- SENTRY_PROJECT=${SENTRY_PROJECT:-1298632}
ports:
- "${HTTP_PORT:-80}:80"
- "${HTTPS_PORT:-443}:443"
healthcheck:
test: [ "CMD-SHELL", "nc -z localhost 80 || exit 1" ]
restart: always
logging:
driver: local
options:
max-file: "30"
pyxform:
image: 'ghcr.io/getodk/pyxform-http:v1.12.2'
restart: always
secrets:
image: ghcr.io/caktus/central-secrets:latest
volumes:
- secrets:/etc/secrets
command: './generate-secrets.sh'
enketo:
image: ghcr.io/caktus/central-enketo:latest
volumes:
- secrets:/etc/secrets
restart: always
depends_on:
- secrets
- enketo_redis_main
- enketo_redis_cache
environment:
- DOMAIN=${DOMAIN}
- SUPPORT_EMAIL=${SYSADMIN_EMAIL}
- HTTPS_PORT=${HTTPS_PORT:-443}
enketo_redis_main:
image: redis:7.2
volumes:
- ./files/enketo/redis-enketo-main.conf:/usr/local/etc/redis/redis.conf:ro
- enketo_redis_main:/data
command:
- redis-server
- /usr/local/etc/redis/redis.conf
restart: always
enketo_redis_cache:
image: redis:7.2
volumes:
- ./files/enketo/redis-enketo-cache.conf:/usr/local/etc/redis/redis.conf:ro
- enketo_redis_cache:/data
command:
- redis-server
- /usr/local/etc/redis/redis.conf
restart: always
volumes:
secrets:
transfer:
postgres14:
enketo_redis_main:
enketo_redis_cache:
19 changes: 14 additions & 5 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,9 @@ services:
- DKIM_KEY_PATH=/etc/exim4/dkim.key.temp
restart: always
service:
image: ghcr.io/caktus/central-service:gh-images
build:
context: .
dockerfile: service.dockerfile
depends_on:
- secrets
- postgres14
Expand All @@ -45,7 +47,6 @@ services:
volumes:
- secrets:/etc/secrets
- /data/transfer:/data/transfer
- ./files/service/config.json.template:/usr/share/odk/config.json.template
environment:
- DOMAIN=${DOMAIN}
- SYSADMIN_EMAIL=${SYSADMIN_EMAIL}
Expand Down Expand Up @@ -75,7 +76,11 @@ services:
logging:
driver: local
nginx:
image: ghcr.io/caktus/central-nginx:gh-images
build:
context: .
args:
- OIDC_ENABLED=${OIDC_ENABLED:-false}
dockerfile: nginx.dockerfile
depends_on:
- service
- enketo
Expand All @@ -100,14 +105,18 @@ services:
image: 'ghcr.io/getodk/pyxform-http:v1.12.2'
restart: always
secrets:
image: ghcr.io/caktus/central-secrets:gh-images
volumes:
- secrets:/etc/secrets
build:
context: .
dockerfile: secrets.dockerfile
command: './generate-secrets.sh'
enketo:
image: ghcr.io/caktus/central-enketo:gh-images
volumes:
- secrets:/etc/secrets
build:
context: .
dockerfile: enketo.dockerfile
restart: always
depends_on:
- secrets
Expand Down

0 comments on commit 02ee837

Please sign in to comment.