forked from gchq/Bailo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yaml
More file actions
161 lines (148 loc) · 3.89 KB
/
compose.yaml
File metadata and controls
161 lines (148 loc) · 3.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: bailo
configs:
mongod_conf:
file: infrastructure/mongodb/mongod_docker_compose.conf
mongod_keyfile:
content: abcdef1234567890
services:
mongo:
image: mongodb/mongodb-community-server:8.2.5-ubi9
networks:
internal:
environment:
- MONGODB_INITDB_ROOT_USERNAME=bailoadmin
- MONGODB_INITDB_ROOT_PASSWORD=bailoadmin
- MONGODB_INITDB_REPL_SET_HOST=mongo
- MONGODB_INITDB_DATABASE=bailo
volumes:
- mongoVolume:/data/db
configs:
- source: mongod_conf
target: /etc/mongod.conf
- source: mongod_keyfile
target: /etc/mongod.keyfile
mode: 0400
uid: '999'
gid: '999'
command:
- '-f'
- '/etc/mongod.conf'
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/test --quiet
interval: 10s
start_period: 30s
ports:
- 27017:27017
minio:
image: bitnamilegacy/minio:2025.7.23
networks:
internal:
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
volumes:
- minioVolume:/bitnami/minio
clamd:
image: clamav/clamav:1.4.3_base
networks:
internal:
healthcheck:
test: ['CMD-SHELL', "echo 'PING' | nc -w 5 localhost 3310"]
interval: 30s
timeout: 10s
retries: 5
artefactscan:
networks:
internal:
image: bailo_artefactscan:${INSTANCE_NAME}
build:
context: ./lib/artefactscan_api
volumes:
- ./lib/artefactscan_api/bailo_artefactscan_api:/app/bailo_artefactscan_api
- ./backend/certs:/certs
healthcheck:
test: ['CMD-SHELL', 'curl --fail http://127.0.0.1:3311/info || exit 1']
interval: 30s
timeout: 10s
retries: 5
environment:
BACKEND_BASE_URL: http://backend:3001
nginx:
image: nginxinc/nginx-unprivileged:1.28.0-alpine3.21-slim
networks:
default:
internal:
volumes:
- ./infrastructure/nginx/nginx.conf:/etc/nginx/nginx.conf
ports:
- ${EXTERNAL_PORT}:8080
depends_on:
- frontend
- backend
registry:
image: registry:3.0.0
networks:
internal:
environment:
REGISTRY_HTTP_TLS_CERTIFICATE: /certs/cert.pem
REGISTRY_HTTP_TLS_KEY: /certs/key.pem
REGISTRY_STORAGE_S3_ACCESSKEY: minioadmin
REGISTRY_STORAGE_S3_SECRETKEY: minioadmin
REGISTRY_AUTH: token
REGISTRY_AUTH_TOKEN_REALM: http://backend:3001/api/v1/registry_auth
REGISTRY_AUTH_TOKEN_SERVICE: RegistryAuth
REGISTRY_AUTH_TOKEN_ISSUER: RegistryIssuer
REGISTRY_AUTH_TOKEN_JWKS: /certs/jwks.json
REGISTRY_AUTH_TOKEN_ROOTCERTBUNDLE: /certs/cert.pem
volumes:
- ./backend/config/registry.conf:/etc/distribution/config.yml
- ./backend/certs:/certs
depends_on:
artefactscan:
condition: service_healthy
frontend:
networks:
internal:
image: bailo_frontend:${INSTANCE_NAME}
build:
context: ./frontend/
depends_on:
- backend
backend:
networks:
internal:
image: bailo_backend:${INSTANCE_NAME}
build:
context: ./backend/
additional_contexts:
python: ./lib/python
volumes:
- ./backend/certs:/certs
- ./backend/certs:/usr/local/share/ca-certificates
- ./backend/config:/app/config
depends_on:
clamd:
condition: service_healthy
registry:
condition: service_started
artefactscan:
condition: service_healthy
minio:
condition: service_started
mongo:
condition: service_started
security_opt:
- seccomp:unconfined
- apparmor:unconfined
environment:
- NODE_CONFIG_ENV=${INSTANCE_NAME}_docker_compose
volumes:
minioVolume:
name: ${INSTANCE_NAME}_minioVolume
mongoVolume:
name: ${INSTANCE_NAME}_mongoVolume
networks:
default:
name: ${INSTANCE_NAME}_default
internal:
name: ${INSTANCE_NAME}_internal