services: db: image: postgres environment: POSTGRES_DB: concourse POSTGRES_PASSWORD: concourse_pass POSTGRES_USER: concourse_user PGDATA: /database POSTGRES_HOST_AUTH_METHOD: trust healthcheck: test: ["CMD-SHELL", "pg_isready -U concourse_user -d concourse"] interval: 3s timeout: 3s retries: 5 networks: - ci worker: image: concourse/concourse command: worker privileged: true depends_on: web: condition: service_healthy volumes: - {{ ci_base }}/volumes/keys/worker:/concourse-keys networks: - ci stop_signal: SIGUSR2 environment: CONCOURSE_TSA_HOST: web:2222 CONCOURSE_GARDEN_DNS_PROXY_ENABLE: "true" web: image: concourse depends_on: db: condition: service_healthy volumes: - {{ ci_base }}/volumes/keys/web:/concourse-keys environment: - TZ={{ timezone }} - DEPLOYMENT_TIME={{ deployment_time }} - CONCOURSE_POSTGRES_HOST: db - CONCOURSE_POSTGRES_USER: concourse_user - CONCOURSE_POSTGRES_PASSWORD: concourse_pass - CONCOURSE_POSTGRES_DATABASE: concourse - CONCOURSE_EXTERNAL_URL: https://{{ ci_domain }} - # instead of relying on the default "detect" - CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay - CONCOURSE_CLUSTER_NAME={{ ci_domain }} - CONCOURSE_OIDC_DISPLAY_NAME={{ domain }} <3 - CONCOURSE_OIDC_CLIENT_ID=concourse - CONCOURSE_OIDC_CLIENT_SECRET={{ concourse_secret_key }} - CONCOURSE_OID_ISSUER=https://{{ idm_domain }}/oauth2/openid/concourse/ networks: - ci - proxy healthcheck: test: ["CMD-SHELL", "curl", "--fail", "http://localhost:8080"] timeout: 15s interval: 30s retries: 3 start_period: 5s deploy: mode: replicated update_config: parallelism: 1 failure_action: rollback order: start-first delay: 5s monitor: 20s replicas: 1 labels: - traefik.enable=true - traefik.swarm.network=proxy - traefik.http.routers.ci.tls=true - traefik.http.routers.ci.tls.certResolver=letsencrypt - traefik.http.routers.ci.rule=Host(`{{ ci_domain }}`) - traefik.http.routers.ci.entrypoints=websecure - traefik.http.services.ci.loadbalancer.server.port=8080 networks: ci: proxy: external: true