-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcompose.dev.yml
101 lines (88 loc) · 3.62 KB
/
compose.dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# TODO: Should SQLite be exposed as an option with compose config? The
# application supports it, so if someone really wants to work that way they
# can. Our recommended development default should probably be PostgreSQL for
# prod-likeness. Set `USAON_BENEFIT_TOOL_DB_SQLITE` to "true" to enable.
x-db-image: &db-image "nsidc/usaon-benefit-tool-db:latest"
x-service-common: &common
restart: "unless-stopped"
networks: ["usaon-benefit-tool-postgres"]
logging:
options:
max-size: "20m"
max-file: "5"
secrets: !reset {}
services:
usaon-benefit-tool:
<<: *common
image: "nsidc/usaon-benefit-tool:dev"
# Flask development server with live debugger and hot reloading:
# NOTE: --cert=adhoc enables HTTPS in dev, but it's a pain in the butt to
# add a browser extension every time the app hot reloads.
command: "flask run --host 0.0.0.0"
build: "."
# To make volume mounting (especially for new volume mounts like the DB)
# easier, override the micromamba non-root user:
# TODO: remove?
user: "root"
volumes:
- "./usaon_benefit_tool:/usaon-benefit-tool/usaon_benefit_tool:ro"
- "./migrations:/usaon-benefit-tool/migrations:rw"
- "./tasks:/usaon-benefit-tool/tasks:ro"
ports:
- "5000:5000"
environment:
###############################################################
# DEV DANGER ZONE: These settings are INSECURE IN PRODUCTION. #
###############################################################
# Enable the in-browser debugger and hot reloading:
FLASK_DEBUG: "True"
# In dev, we don't need to secure our sessions
FLASK_SECRET_KEY: "supersecret"
# Connect to the "db" service in this compose file!
USAON_BENEFIT_TOOL_DB_HOST: "db"
USAON_BENEFIT_TOOL_DB_PORT: "5432"
# Creds for talking to the DB:
USAON_BENEFIT_TOOL_DB_USER: &db-user "usaon-benefit-tool"
USAON_BENEFIT_TOOL_DB_PASSWORD: &db-pw "DevelopmentONLYPassword"
# Disable login:
USAON_BENEFIT_TOOL_LOGIN_DISABLED: "true"
# NOTE: Uncomment below if you want to test real SSO login behavior!
# Creds for talking to Google:
# USAON_BENEFIT_TOOL_GOOGLE_CLIENT_ID: "${USAON_BENEFIT_TOOL_GOOGLE_CLIENT_ID:?USAON_BENEFIT_TOOL_GOOGLE_CLIENT_ID must be set}"
# USAON_BENEFIT_TOOL_GOOGLE_CLIENT_SECRET: "${USAON_BENEFIT_TOOL_GOOGLE_CLIENT_SECRET:?USAON_BENEFIT_TOOL_GOOGLE_CLIENT_SECRET must be set}"
# Allow http when doing OAuth in dev; useful if testing login behavior!
# Alternately, pass `--cert=adhoc` to the flask dev server :)
# https://flask-dance.readthedocs.io/en/v0.8.0/quickstarts/google.html#code
# OAUTHLIB_INSECURE_TRANSPORT: "1"
secrets: !reset []
# Normally, the database is managed independently of the app, but in dev, we
# want it to be easy to get started!
db:
<<: *common
depends_on:
db-volume-prep:
condition: "service_completed_successfully"
image: *db-image
container_name: "usaon-benefit-tool-db"
command: ["postgres", "-c", "log_statement=none"]
volumes:
- "./_db/postgresql:/data/db:rw"
environment:
POSTGRES_USER: *db-user
POSTGRES_PASSWORD: *db-pw
db-volume-prep:
image: *db-image
user: "root"
# Ensure database volume directories have the correct permissions before
# starting the database
entrypoint: ["sh", "-c", 'mkdir -p /data/postgresql && chown -R dbuser:dbuser /data/postgresql']
volumes:
- "./_db:/data:rw"
adminer:
<<: *common
image: "adminer:4.8.1"
container_name: "adminer"
ports:
- "8080:8080"
networks:
usaon-benefit-tool-postgres: