docker-compose.yml

version: '3'

volumes:
  packages:
  vault:

services:
  vault:
    # NOTE: intentionally an older version, for consistency with cabotage
    image: vault:1.3.4
    restart: on-failure
    entrypoint: /bin/sh
    command: ["/etc/vault/entry.sh"]
    environment:
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
      VAULT_DEV_ROOT_TOKEN_ID: "an insecure vault access token"
    ports:
      - "8200:8200"
    cap_add:
      - IPC_LOCK
    volumes:
      - vault:/vault/file
      - ./dev/vault:/etc/vault

  db:
    image: postgres:10.1
    ports:
      # 5432 may already in use by another PostgreSQL on host
      - "5433:5432"

  redis:
    image: redis:4.0

  localstack:
    image: localstack/localstack:0.8.7
    environment:
      SERVICES: "sqs"
      HOSTNAME: "localstack"
      HOSTNAME_EXTERNAL: "localstack"
      DEFAULT_REGION: "us-east-2"
    ports:
      - "4576:4576"

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.8.7
    environment:
      - xpack.security.enabled=false
    ulimits:
      nofile:
        soft: 65536
        hard: 65536

  camo:
    image: pypa/warehouse-camo:latest
    ports:
      - "9000:9000"
    environment:
      CAMO_KEY: "insecurecamokey"

  web:
    build:
      context: .
      args:
        DEVEL: "yes"
        IPYTHON: "no"
        # Uncomment the line below and add the private repo URL if you're
        # working on pypi-theme, this is a private repository due to the fact
        # that other people's IP is contained in it.
        #THEME_REPO:
    command: gunicorn --reload -b 0.0.0.0:8000 warehouse.wsgi:application
    env_file: dev/environment
    volumes:
      # We specify all of these directories instead of just . because we want to
      # avoid having ./node_modules from the host OS being shared with the docker
      # container, and since there's no way to exclude a directory, the only way
      # to make this work is to share multiple, smaller directories. These cover
      # the important things that we want to share, but changes to requirements
      # or any file not in these directories will require a rebuild.
      # The :z option fixes permission issues with SELinux by setting a
      # permissive security context.
      - ./dev:/opt/warehouse/src/dev:z
      - ./docs:/opt/warehouse/src/docs:z
      - ./warehouse:/opt/warehouse/src/warehouse:z
      - ./tests:/opt/warehouse/src/tests:z
      - ./htmlcov:/opt/warehouse/src/htmlcov:z
      - .coveragerc:/opt/warehouse/src/.coveragerc:z
      - packages:/var/opt/warehouse/packages
      - ./bin:/opt/warehouse/src/bin:z
    ports:
      - "80:8000"

  files:
    build:
      context: .
    working_dir: /var/opt/warehouse
    command: python -m http.server 9001
    volumes:
      - packages:/var/opt/warehouse/packages
    ports:
      - "9001:9001"

  worker:
    build:
      context: .
      args:
        DEVEL: "yes"
    command: hupper -m celery -A warehouse worker -B -S redbeat.RedBeatScheduler -l info
    volumes:
      - ./warehouse:/opt/warehouse/src/warehouse:z
    env_file: dev/environment
    environment:
      C_FORCE_ROOT: "1"
      FILES_BACKEND: "warehouse.packaging.services.LocalFileStorage path=/var/opt/warehouse/packages/ url=http://files:9001/packages/{path}"

  static:
    build:
      context: .
      dockerfile: Dockerfile.static
    command: bash -c "node --trace-warnings `which gulp` watch"
    volumes:
      - ./warehouse:/opt/warehouse/src/warehouse:z
      - ./Gulpfile.babel.js:/opt/warehouse/src/Gulpfile.babel.js:z
      - ./.babelrc:/opt/warehouse/src/.babelrc:z
      - ./.sass-lint.yml:/opt/warehouse/src/.sass-lint.yml:z
      - ./tests/frontend:/opt/warehouse/src/tests/frontend:z
      - ./bin:/opt/warehouse/src/bin:z

  smtp:
    build:
      context: .
    command: python /opt/warehouse/dev/smtp.py 0.0.0.0:2525
    ports:
      - "2525:2525"
    volumes:
      - ./dev/smtp.py:/opt/warehouse/dev/smtp.py

  notdatadog:
    build:
      context: .
    command: python /opt/warehouse/dev/notdatadog.py 0.0.0.0:8125
    ports:
      - "8125:8125/udp"
    volumes:
      - ./dev/notdatadog.py:/opt/warehouse/dev/notdatadog.py