pass-docker/eclipse-pass.base.yml at main · springstim/pass-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
version: '3.8'

# The base docker-compose file for eclipse-pass.org deployments
# DO NOT CALL THIS directly, instead look at specific environments
#
#  - eclipse-pass.demo.yml
#  - eclipse-pass.nightly.yml
services:
  auth:
    build: ./sp
    image: ghcr.io/eclipse-pass/pass-auth:0.2.0@sha256:b32633e39b820bb7047a72922934503f71028dcf401396b96522c4535427d830
    container_name: auth
    networks:
      - front
      - back

  pass-core:
    image: ghcr.io/eclipse-pass/pass-core-main:0.2.0-SNAPSHOT@sha256:bd0b8b3a79a5e476bed8545c3738b274922e6421be1bd39c5b1a3518a326fb23
    container_name: pass-core
    networks:
      - back
    depends_on:
      - postgres

  pass-ui:
    image: ghcr.io/eclipse-pass/pass-ui:0.2.0@sha256:300602608acd70e5c0330242f1b7bb5c991f06de70a9260c080f6e641c992bd9
    build:
      context: ./ember
      args:
        # required args (throw error during build):
        EMBER_GIT_REPO: "${EMBER_GIT_REPO:?undefined-EMBER_GIT_REPO}"
        EMBER_GIT_BRANCH: "${EMBER_GIT_BRANCH:?undefined-EMBER_GIT_BRANCH}"
        # sensible defaults have been defined:
        DOI_SERVICE_URL: "${DOI_SERVICE_URL:-}"
        MANUSCRIPT_SERVICE_LOOKUP_URL: "${MANUSCRIPT_SERVICE_LOOKUP_URL:-}"
        MANUSCRIPT_SERVICE_DOWNLOAD_URL: "${MANUSCRIPT_SERVICE_DOWNLOAD_URL:-}"
        METADATA_SCHEMA_URI: "${METADATA_SCHEMA_URI:-}"
        PASS_UI_PORT: "${PASS_UI_PORT:-}"
        PASS_API_NAMESPACE: "${PASS_API_NAMESPACE:-}"
        PASS_UI_ROOT_URL: "${PASS_UI_ROOT_URL:-}"
        POLICY_SERVICE_URL: "${POLICY_SERVICE_URL:-}"
        USER_SERVICE_URL: "${USER_SERVICE_URL:-}"
    container_name: pass-ui
    networks:
      - back # is 'back' in the main docker-compose, use this or 'front'?

  postgres:
    image: postgres:14-alpine
    restart: always
    networks:
      - back
    volumes:
      - db:/var/lib/postgresql/data
      - ./postgres/demo/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh

  proxy:
    build: ./demo-proxy/
    image: ghcr.io/eclipse-pass/proxy:0.2.0@sha256:07847ef518d96464007aa583f1edbc505bd3221bc5d3d195609d8e1fbfa7822e
    container_name: proxy
    networks:
      - front
      - back
    ports:
      - "80:80"
      - "443:443"

  pass-ui-public:
    build:
      context: ./static-html
      args:
        STATIC_HTML_GIT_REPO: "${STATIC_HTML_GIT_REPO}"
        STATIC_HTML_GIT_BRANCH: "${STATIC_HTML_GIT_BRANCH}"
    image: ghcr.io/eclipse-pass/pass-ui-public:0.2.0@sha256:b51827ed21908c76fcb8a955743b5418f4e0c3e01426de96884645051512a7e0
    container_name: pass-ui-public
    ports:
      - "${STATIC_HTML_PORT}:${STATIC_HTML_PORT}"
    networks:
      - front

  idp:
    build:
      context: ./idp
      args:
        TENANT: jhu
    image: ghcr.io/eclipse-pass/idp:0.2.0@sha256:63c7c08e46474948d669ff77c8a51f8010dac02c019216ff12d90656ae0f816e
    container_name: idp
    depends_on:
     - ldap
    environment:
     - JETTY_MAX_HEAP=64m
     - JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=password
     - JETTY_BACKCHANNEL_SSL_KEYSTORE_PASSWORD=password
    expose:
     - "4443"
    networks:
     - back
    secrets:
     - source: idp_backchannel
     - source: idp_browser
     - source: idp_encryption
     - source: idp_signing
     - source: idp_sealer

  ldap:
    build:
      context: ./ldap
      args:
        TENANT: jhu
    image: ghcr.io/eclipse-pass/demo-ldap:0.2.0@sha256:331cd3ae9c3673c9439fa7465ee807172702bc3dac6583c173766e3c036e8c3e
    container_name: ldap
    networks:
     - back

  loader:
    image: ghcr.io/eclipse-pass/demo-loader:0.2.0@sha256:d6d559ad9a35e62c4109dff559dc346f700c6f56b516ae666bb03971c7561646
    container_name: loader
    networks:
      - back
    depends_on:
      - pass-core

volumes:
  db:
    driver: local

networks:
  front:
    driver: bridge
  back:
    driver: bridge

secrets:
  idp_backchannel:
    file: ./secrets/idp/idp-backchannel.p12
  idp_browser:
    file: ./secrets/idp/idp-browser.p12
  idp_encryption:
    file: ./secrets/idp/idp-encryption.key
  idp_signing:
    file: ./secrets/idp/idp-signing.key
  idp_sealer:
    file: ./secrets/idp/sealer.jks
  sp_key:
    file: ./secrets/sp/sp-key.pem