playbooks/roles/ci/templates/stacks/docker-compose.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

services:
  db:
    image: postgres
    environment:
      POSTGRES_DB: concourse
      POSTGRES_PASSWORD: concourse_pass
      POSTGRES_USER: concourse_user
      PGDATA: /database
      POSTGRES_HOST_AUTH_METHOD: trust
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U concourse_user -d concourse"]
      interval: 3s
      timeout: 3s
      retries: 5
    networks:
      - ci

  worker:
    image: concourse/concourse
    command: worker
    privileged: true
    depends_on:
      web:
        condition: service_healthy
    volumes:
      - {{ ci_base }}/volumes/keys/worker:/concourse-keys
    networks:
      - ci
    stop_signal: SIGUSR2
    environment:
      CONCOURSE_TSA_HOST: web:2222
      CONCOURSE_GARDEN_DNS_PROXY_ENABLE: "true"

  web:
    image: concourse
    depends_on:
      db:
        condition: service_healthy
    volumes:
      - {{ ci_base }}/volumes/keys/web:/concourse-keys
    environment:
      - TZ={{ timezone }}
      - DEPLOYMENT_TIME={{ deployment_time }}
      - CONCOURSE_POSTGRES_HOST: db
      - CONCOURSE_POSTGRES_USER: concourse_user
      - CONCOURSE_POSTGRES_PASSWORD: concourse_pass
      - CONCOURSE_POSTGRES_DATABASE: concourse
      - CONCOURSE_EXTERNAL_URL: https://{{ ci_domain }}

      - # instead of relying on the default "detect"
      - CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER=overlay
      - CONCOURSE_CLUSTER_NAME={{ ci_domain }}

      - CONCOURSE_OIDC_DISPLAY_NAME={{ domain }} <3
      - CONCOURSE_OIDC_CLIENT_ID=concourse
      - CONCOURSE_OIDC_CLIENT_SECRET={{ concourse_secret_key }}
      - CONCOURSE_OID_ISSUER=https://{{ idm_domain }}/oauth2/openid/concourse/
    networks:
      - ci
      - proxy
    healthcheck:
      test: ["CMD-SHELL", "curl", "--fail", "http://localhost:8080"]
      timeout: 15s
      interval: 30s
      retries: 3
      start_period: 5s
    deploy:
      mode: replicated
      update_config:
        parallelism: 1
        failure_action: rollback
        order: start-first
        delay: 5s
        monitor: 20s
      replicas: 1
      labels:
        - traefik.enable=true
        - traefik.swarm.network=proxy
        - traefik.http.routers.ci.tls=true
        - traefik.http.routers.ci.tls.certResolver=letsencrypt
        - traefik.http.routers.ci.rule=Host(`{{ ci_domain }}`)
        - traefik.http.routers.ci.entrypoints=websecure
        - traefik.http.services.ci.loadbalancer.server.port=8080

networks:
  ci:
  proxy:
    external: true