-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml.jsonnet
127 lines (121 loc) · 4.98 KB
/
docker-compose.yml.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
local ddb = import 'ddb.docker.libjsonnet';
local db_user = "anchore";
local db_password = "anchore";
local domain = std.join('.', [std.extVar("core.domain.sub"), std.extVar("core.domain.ext")]);
local port_prefix = std.extVar("docker.port_prefix");
local app_workdir = "/app";
local anchore_auth_secret = 'ddbanchoreisgreat';
local prefix_port(port, output_port = null)= [port_prefix + (if output_port == null then std.substr(port, std.length(port) - 2, 2) else output_port) + ":" + port];
ddb.Compose() {
"services": {
db: ddb.Image("postgres:9")
+ {
environment: {
"POSTGRES_PASSWORD": db_password,
},
volumes: [
"anchore-db-volume:/var/lib/postgresql/data:rw",
],
healthcheck:{
test: ["CMD-SHELL", "pg_isready -U postgres"]
},
},
analyzer: ddb.Image("anchore/anchore-engine:v0.8.2")
+ {
command: ["anchore-manager", "service", "start", "analyzer"],
depends_on: ['db','catalog'],
environment: {
ANCHORE_ENDPOINT_HOSTNAME: 'analyzer',
ANCHORE_OAUTH_ENABLED: 'true',
ANCHORE_AUTH_SECRET: anchore_auth_secret,
ANCHORE_DB_HOST: 'db',
ANCHORE_DB_PASSWORD: db_password,
},
},
'policy-engine': ddb.Image("anchore/anchore-engine:v0.8.2")
+ {
command: ["anchore-manager", "service", "start", "policy_engine"],
depends_on: ['db','catalog'],
environment: {
ANCHORE_ENDPOINT_HOSTNAME: 'policy-engine',
ANCHORE_OAUTH_ENABLED: 'true',
ANCHORE_AUTH_SECRET: anchore_auth_secret,
ANCHORE_DB_HOST: 'db',
ANCHORE_DB_PASSWORD: db_password,
},
},
queue: ddb.Image("anchore/anchore-engine:v0.8.2")
+ {
command: ["anchore-manager", "service", "start", "simplequeue"],
depends_on: ['db','catalog'],
environment: {
ANCHORE_ENDPOINT_HOSTNAME: 'queue',
ANCHORE_OAUTH_ENABLED: 'true',
ANCHORE_AUTH_SECRET: anchore_auth_secret,
ANCHORE_DB_HOST: 'db',
ANCHORE_DB_PASSWORD: db_password,
}
},
catalog: ddb.Image("anchore/anchore-engine:v0.8.2")
+ {
command: ["anchore-manager", "service", "start", "catalog"],
depends_on: ['db'],
environment: {
ANCHORE_ENDPOINT_HOSTNAME: 'catalog',
ANCHORE_OAUTH_ENABLED: 'true',
ANCHORE_AUTH_SECRET: anchore_auth_secret,
ANCHORE_DB_HOST: 'db',
ANCHORE_DB_PASSWORD: db_password,
},
},
api: ddb.Image("anchore/anchore-engine:v0.8.2")
+ ddb.VirtualHost("8228", std.join(".", ["api", domain]), "api")
+ ddb.Binary('anchore-cli', args='anchore-cli')
+ {
command: ["anchore-manager", "service", "start", "apiext"],
depends_on: ['db'],
environment: {
ANCHORE_ENDPOINT_HOSTNAME: 'queue',
ANCHORE_DB_HOST: 'db',
ANCHORE_DB_PASSWORD: db_password,
ANCHORE_AUTH_SECRET: anchore_auth_secret,
ANCHORE_OAUTH_ENABLED: 'true',
ANCHORE_CLI_USER: 'admin',
ANCHORE_CLI_PASS: 'foobar',
ANCHORE_CLI_URL: "http://" + std.join(".", ["api", domain]) + "/v1/",
},
ports: ['8228:8228']
},
'web': ddb.Build("nginx")
+ ddb.VirtualHost("8080", std.join(".", ["swagger", domain]), "swagger")
+ (if std.extVar("core.env.current") == "prod" then ddb.VirtualHost("80", domain, "ui") else {})
+ {
depends_on: ['api', 'swagger-ui'],
volumes: [
ddb.path.project + '/.docker/nginx/config/nginx.conf:/etc/nginx/nginx.conf'
]
},
'swagger-ui': ddb.Image("swaggerapi/swagger-ui")
+ {
environment: {
URL:'https://' + std.join(".", ["swagger", domain]) + '/v1/swagger.json'
}
},
[if std.extVar("core.env.current") != "prod" then 'node']: ddb.Build("node")
+ ddb.User()
+ ddb.Binary("ncu", app_workdir, "ncu", "--label traefik.enable=false")
+ ddb.Binary("npm", app_workdir, "npm")
+ ddb.Binary("vue", app_workdir, "vue", "--label traefik.enable=false")
+ ddb.Binary("conventional-changelog", app_workdir, "conventional-changelog", "--label traefik.enable=false")
+ (if ddb.env.is("dev") then ddb.VirtualHost("8080", std.join(".", ["ui", domain]), "ui") else {})
+ {
command: ["npm", "run", "serve"],
working_dir: app_workdir + "/ui",
volumes: [
ddb.path.project + ":" + app_workdir + ":rw",
"node-cache:/home/node/.cache:rw",
"node-npm-packages:/home/node/.npm-packages:rw"
],
},
}
}