-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdocker-compose.local.yml
More file actions
137 lines (133 loc) · 4.74 KB
/
Copy pathdocker-compose.local.yml
File metadata and controls
137 lines (133 loc) · 4.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
name: portarium-local
# ---------------------------------------------------------------------------
# Local override — builds API server and worker from source (cockpit profile).
#
# Combine with the base compose file profiles to bring up the full stack:
#
# COMPOSE_PROFILES=baseline,runtime,auth,idp,authz,erp,tools,cockpit \
# docker compose -f docker-compose.yml -f docker-compose.local.yml up -d
#
# To also enable Redis-backed rate limiting:
# COMPOSE_PROFILES=baseline,runtime,auth,idp,authz,erp,tools,rate-limiting,cockpit \
# docker compose -f docker-compose.yml -f docker-compose.local.yml up -d
#
# Health probes (available once containers start):
# curl http://localhost:8080/readyz # API server
# curl http://localhost:8081/readyz # Worker
# ---------------------------------------------------------------------------
services:
db-init:
profiles: [cockpit]
image: portarium-local-api
build:
context: .
dockerfile: infra/docker/control-plane.Dockerfile
container_name: portarium-db-init
command:
- /bin/sh
- -c
- |
node dist/src/infrastructure/migrations/cli.js bootstrap --tenants ws-local-dev
node -e 'const { Client } = require("pg"); const client = new Client({ connectionString: process.env.DATABASE_URL }); client.connect().then(() => client.query("INSERT INTO workspace_registry (tenant_id) VALUES ('\''ws-local-dev'\'') ON CONFLICT DO NOTHING")).then(() => client.end()).catch((error) => { console.error(error); process.exit(1); });'
environment:
DATABASE_URL: postgresql://portarium:portarium@evidence-db:5432/portarium
PORTARIUM_DEV_WORKSPACE_ID: ws-local-dev
depends_on:
evidence-db:
condition: service_healthy
networks:
- portarium-control
api:
profiles: [cockpit]
image: portarium-local-api
build:
context: .
dockerfile: infra/docker/control-plane.Dockerfile
container_name: portarium-api
environment:
NODE_ENV: development
# Store — connect to local Postgres (evidence-db service)
PORTARIUM_USE_POSTGRES_STORES: 'true'
PORTARIUM_DATABASE_URL: postgresql://portarium:portarium@evidence-db:5432/portarium
# Run orchestration — API starts executions against the Temporal service.
PORTARIUM_TEMPORAL_ADDRESS: temporal:7233
PORTARIUM_TEMPORAL_NAMESPACE: default
PORTARIUM_TEMPORAL_TASK_QUEUE: portarium-runs
# Dev auth — static bearer token bypasses JWKS for local development.
# Never use outside NODE_ENV=development/test.
ENABLE_DEV_AUTH: 'true'
PORTARIUM_DEV_TOKEN: portarium-dev-token
PORTARIUM_DEV_WORKSPACE_ID: ws-local-dev
PORTARIUM_DEV_USER_ID: user-local-dev
PORTARIUM_CORS_ALLOWED_ORIGINS: http://cockpit.localhost:1355,http://localhost:1355,http://localhost:5173
# OTel — forward to the tools-profile collector when active
OTEL_EXPORTER_OTLP_ENDPOINT: http://otel-collector:4317
depends_on:
temporal:
condition: service_healthy
evidence-db:
condition: service_healthy
db-init:
condition: service_completed_successfully
evidence-store:
condition: service_healthy
vault:
condition: service_started
otel-collector:
condition: service_started
ports:
- '8080:8080'
healthcheck:
test:
[
'CMD',
'node',
'-e',
"fetch('http://127.0.0.1:8080/readyz').then((r) => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))",
]
interval: 10s
timeout: 5s
retries: 12
start_period: 30s
networks:
- portarium-control
worker:
profiles: [cockpit]
image: portarium-local-worker
build:
context: .
dockerfile: infra/docker/worker.Dockerfile
container_name: portarium-worker
environment:
NODE_ENV: development
PORTARIUM_ENABLE_TEMPORAL_WORKER: 'true'
PORTARIUM_TEMPORAL_ADDRESS: temporal:7233
PORTARIUM_TEMPORAL_NAMESPACE: default
PORTARIUM_TEMPORAL_TASK_QUEUE: portarium-runs
# OTel — forward to the tools-profile collector when active
OTEL_EXPORTER_OTLP_ENDPOINT: http://otel-collector:4317
depends_on:
temporal:
condition: service_healthy
vault:
condition: service_started
evidence-db:
condition: service_healthy
otel-collector:
condition: service_started
ports:
- '8081:8081'
healthcheck:
test:
[
'CMD',
'node',
'-e',
"fetch('http://127.0.0.1:8081/readyz').then((r) => process.exit(r.ok ? 0 : 1)).catch(() => process.exit(1))",
]
interval: 10s
timeout: 5s
retries: 12
start_period: 30s
networks:
- portarium-control