irmago/docker-compose.yml at master · privacybydesign/irmago · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
services:
  # Dependencies for running unit tests and for running the 'irma' command line tool using one of the test configurations.
  postgres:
    image: postgres:15
    environment:
      POSTGRES_USER: testuser
      POSTGRES_PASSWORD: testpassword
      POSTGRES_DB: test
    networks:
      # We use a localhost alias such that the test configuration also works for users who run it without Docker.
      irma-net:
        aliases:
            - postgres.localhost
    ports:
      - 5432:5432
  postgres-init:
    image: postgres:15
    environment:
      PGHOST: postgres
      PGUSER: testuser
      PGPASSWORD: testpassword
      PGDATABASE: test
    networks:
      - irma-net
    depends_on:
      - postgres
    volumes:
      - ./server/keyshare/schema.sql:/schema.sql
      - ./server/keyshare/cleanup.sql:/cleanup.sql
    # We have to wait until the database is up and running.
    # Database might already be running, so we need to do a cleanup first.
    command: /bin/sh -c "sleep 5 && psql -f cleanup.sql && psql -f schema.sql"
  mysql:
    image: mysql:8
    environment:
      MYSQL_ROOT_PASSWORD: testpassword
      MYSQL_DATABASE: test
      MYSQL_USER: testuser
      MYSQL_PASSWORD: testpassword
    ports:
      - 3306:3306
  sqlserver:
    image: kcollins/mssql:2022-latest
    platform: linux/amd64
    environment:
      ACCEPT_EULA: Y # Confirms your acceptance of the End-User Licensing Agreement.
      MSSQL_RANDOM_SA_PASSWORD: Y
      MSSQL_DATABASE: test
      MSSQL_USER: testuser
      MSSQL_PASSWORD: testpassword
      MSSQL_PID: Developer
    ports:
      - 1433:1433
  mailhog:
    image: mailhog/mailhog
    networks:
      # We use a localhost alias such that the test configuration also works for users who run it without Docker.
      irma-net:
        aliases:
          - mailhog.localhost
    ports:
      - 1025:1025
      - 8025:8025 # Port of the web interface

  # Frontend of 'irma keyshare myirmaserver'
  webclient:
    image: privacybydesign/irma_keyshare_webclient
    build:
      context: https://github.com/privacybydesign/irma_keyshare_webclient.git
    profiles:
      - webclient
    networks:
      irma-net:
        aliases:
          - webclient.localhost
    ports:
      - 3000:3000

  # Service to run unit tests
  test:
    image: golang:1
    # Add a test profile to prevent this service to be included when running docker-compose up.
    profiles:
      - test
    volumes:
      - .:/irmago
    depends_on:
      - eudi_verifier
      - eudi_verifier_jwt
      - postgres
      - mysql
      - sqlserver
      - mailhog
    # The tests assume postgres and mailhog can be accessed on localhost. Therefore, we use host networking.
    network_mode: host
    working_dir: /irmago
    entrypoint: go test -p 1
    command: ./...

  # Service to run the 'irma' command line tool
  irma:
    build: .
    image: privacybydesign/irma:latest
    # Add a run profile to prevent this service to be included when running docker-compose up.
    profiles:
      - run
    volumes:
      - .:/irmago
    working_dir: /irmago
    depends_on:
      - postgres
      - postgres-init
      - mailhog
    networks:
      - irma-net

  # Eudi openid4vp verifier service
  eudi_verifier:
    image: ghcr.io/eu-digital-identity-wallet/eudi-srv-web-verifier-endpoint-23220-4-kt:v0.6.0
    container_name: eudi_verifier
    ports:
      - "8089:8089"
    volumes:
      - ./testdata/eudi/verifier/keystore.p12:/keystore.p12
    environment:
      - SERVER_PORT=8089
      - VERIFIER_RESPONSE_MODE="DirectPost"
      - VERIFIER_PUBLIC_URL="0.0.0.0:8089"
      - VERIFIER_JAR_SIGNING_KEY=LoadFromKeystore
      - VERIFIER_JAR_SIGNING_KEY_ALIAS=verifier_cert
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE=file:///keystore.p12
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD=changeit
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE_TYPE=pkcs12
      - VERIFIER_JAR_SIGNING_KEY_PASSWORD=changeit
      - VERIFIER_VALIDATION_SDJWTVC_STATUSCHECK_ENABLED=false
      - VERIFIER_ORIGINALCLIENTID=localhost
      - VERIFIER_CLIENTIDPREFIX=x509_san_dns

  # Eudi openid4vp verifier service with direct_post.jwt enabled
  eudi_verifier_jwt:
    image: ghcr.io/eu-digital-identity-wallet/eudi-srv-web-verifier-endpoint-23220-4-kt:v0.6.0
    container_name: eudi_verifier_jwt
    ports:
      - "8090:8090"
    volumes:
      - ./testdata/eudi/verifier/keystore.p12:/keystore.p12
    environment:
      - SERVER_PORT=8090
      - VERIFIER_RESPONSE_MODE="DirectPost.jwt"
      - VERIFIER_PUBLIC_URL="0.0.0.0:8090"
      - VERIFIER_JAR_SIGNING_KEY=LoadFromKeystore
      - VERIFIER_JAR_SIGNING_KEY_ALIAS=verifier_cert
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE=file:///keystore.p12
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE_PASSWORD=changeit
      - VERIFIER_JAR_SIGNING_KEY_KEYSTORE_TYPE=pkcs12
      - VERIFIER_JAR_SIGNING_KEY_PASSWORD=changeit
      - VERIFIER_VALIDATION_SDJWTVC_STATUSCHECK_ENABLED=false
      - VERIFIER_ORIGINALCLIENTID=localhost
      - VERIFIER_CLIENTIDPREFIX=x509_san_dns

# Docker Desktop for MacOS does not support exposing ports when using host networking. Therefore,
# we have to use bridge networking and expose the ports manually.
# https://github.com/docker/for-mac/issues/1031
networks:
  irma-net:
    driver: bridge