docker-compose-cicd.yaml

# This file is used to run operations on CI/CD pipeline against your remotely
# running application. These operations include:
#
# - End-to-end tests for the UI
# - Integration tests for the API
# - Database migrations for the database
#
# This file contains two types of containers:
#
# a) Containers that provide the implementations (tests, migrations, etc).
#    Typically the build stage of the Dockerfile.build includes these.
# b) Containers that act as a proxy to provide access to database or
#    internal services. Typically Taito CLI image is used as a proxy.

version: '3.8'
services:
  # TODO: update also playwright setup located in the playwright folder
  full-stack-template-playwright-cicd:
    image: full-stack-template-playwright-builder:${IMAGE_TAG}
    restart: "no"
    volumes:
      - "${DOCKER_HOST_PATH}/playwright:/playwright:delegated"
      - "/playwright/node_modules"
    secrets:
      - TEST_USER_PASSWORD
    environment:
      CI: "true"
      TEST_ENV: ${taito_target_env}
      TEST_BASE_URL: https://${taito_domain}
      TEST_USER_EMAIL: username@mydomain.com

  full-stack-template-server-cicd:
    image: full-stack-template-server-builder:${IMAGE_TAG}
    restart: 'no'
    networks:
      - cicd
    depends_on:
      full-stack-template-database-proxy:
        condition: service_healthy
      # full-stack-template-services-proxy
      #   condition: service_healthy
    volumes:
      - "${DOCKER_HOST_PATH:-.}/server:/develop:delegated"
      - "${DOCKER_HOST_PATH:-.}/shared:/develop/shared:delegated"
      - "/develop/node_modules"
      - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_mgr_secret}:/run/secrets/DATABASE_PASSWORD" # For GitHub Actions
      - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_ca_secret}:/run/secrets/DATABASE_SSL_CA" # For GitHub Actions
      - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_cert_secret}:/run/secrets/DATABASE_SSL_CERT" # For GitHub Actions
      - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_key_secret}:/run/secrets/DATABASE_SSL_KEY" # For GitHub Actions
    secrets:
      - DATABASE_PASSWORD
      - DATABASE_SSL_CA
      - DATABASE_SSL_CERT
      - DATABASE_SSL_KEY
      - TEST_USER_PASSWORD      
    environment:
      TEST_ENV: ${taito_target_env}
      TEST_BASE_URL: https://${taito_domain}
      TEST_USER_EMAIL: username@mydomain.com
      DATABASE_HOST: full-stack-template-database-proxy
      DATABASE_PORT: ${db_database_real_port}
      DATABASE_NAME: ${db_database_name}
      DATABASE_USER: ${db_database_mgr_username}
      DATABASE_SSL_ENABLED: ${db_database_ssl_enabled}
      DATABASE_SSL_CLIENT_CERT_ENABLED: ${db_database_ssl_client_cert_enabled}
      DATABASE_SSL_SERVER_CERT_ENABLED: ${db_database_ssl_server_cert_enabled}

  # Taito CLI container serves as a database proxy
  full-stack-template-database-proxy:
    image: ${taito_image}
    restart: 'no'
    user: taito
    networks:
      - cicd
    entrypoint:
      - /bin/sh
      - -c
      - |
        cd /project
        taito db proxy:${taito_env} 5432
    healthcheck:
      test: (echo > /dev/tcp/localhost/5432) &> /dev/null || exit 1
      start_period: 10s
    ports:
      - "5432"
    volumes:
      - "${DOCKER_HOST_PATH:-.}/:/project:delegated"
      - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/cicd-proxy-serviceaccount.key:/run/secrets/CICD_PROXY_SERVICEACCOUNT_KEY" # For GitHub Actions # For GCP
    secrets: # For GCP
      - CICD_PROXY_SERVICEACCOUNT_KEY # For GCP
    environment:
      taito_docker: 'true'
      taito_mode: 'ci'
      AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
      AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET}
      AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
      AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
      DO_API_KEY: ${DO_API_KEY}
      # TIP: If connection halts, try to set GOOGLE_SQL_PROXY_CREDENTIALS instead # For GCP
      GOOGLE_APPLICATION_CREDENTIALS: /run/secrets/CICD_PROXY_SERVICEACCOUNT_KEY # For GCP
      template_default_taito_image: ${template_default_taito_image}
      template_default_environments: ${template_default_environments}
      template_default_organization: ${template_default_organization}
      template_default_organization_abbr: ${template_default_organization_abbr}
      template_default_vc_organization: ${template_default_vc_organization}
      template_default_vc_url: ${template_default_vc_url}
      template_default_sentry_organization: ${template_default_sentry_organization}
      template_default_domain: ${template_default_domain}
      template_default_domain_prod: ${template_default_domain_prod}
      template_default_zone: ${template_default_zone}
      template_default_zone_prod: ${template_default_zone_prod}
      template_default_provider: ${template_default_provider}
      template_default_provider_org_id: ${template_default_provider_org_id}
      template_default_provider_region: ${template_default_provider_region}
      template_default_provider_zone: ${template_default_provider_zone}
      template_default_provider_org_id_prod: ${template_default_provider_org_id_prod}
      template_default_provider_region_prod: ${template_default_provider_region_prod}
      template_default_provider_zone_prod: ${template_default_provider_zone_prod}
      template_default_uptime_channels_prod: ${template_default_uptime_channels_prod}
      template_default_container_registry: ${template_default_container_registry}
      template_default_source_git: ${template_default_source_git}
      template_default_dest_git: ${template_default_dest_git}
      template_default_kubernetes: ${template_default_kubernetes}
      template_default_postgres: ${template_default_postgres}
      template_default_mysql: ${template_default_mysql}

  # Taito CLI container serves as a tcp proxy for redis, etc.
  # full-stack-template-services-proxy:
  #   image: ${taito_image}
  #   restart: 'no'
  #   user: taito
  #   networks:
  #     - cicd
  #   entrypoint:
  #     - /bin/sh
  #     - -c
  #     - |
  #       cd /project
  #       taito forward:redis:${taito_env} 6379
  #       # TIP: you can define multiple forwards like this:
  #       # taito forward:redis:${taito_env} 6379 &
  #       # tail -f /dev/null
  #   healthcheck:
  #     test: (echo > /dev/tcp/localhost/6379) &> /dev/null || exit 1
  #     start_period: 10s
  #   ports:
  #     - "6379"
  #   volumes:
  #     - "${DOCKER_HOST_PATH:-.}/:/project:delegated"
  #     - "${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/cicd-proxy-serviceaccount.key:/run/secrets/CICD_PROXY_SERVICEACCOUNT_KEY" # For GitHub Actions # For GCP
  #   secrets: # For GCP
  #     - CICD_PROXY_SERVICEACCOUNT_KEY # For GCP
  #   environment:
  #     taito_docker: 'true'
  #     taito_mode: 'ci'
  #     AZURE_CLIENT_ID: ${AZURE_CLIENT_ID}
  #     AZURE_CLIENT_SECRET: ${AZURE_CLIENT_SECRET}
  #     AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
  #     AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
  #     DO_API_KEY: ${DO_API_KEY}
  #     # TIP: If connection halts, try to set GOOGLE_SQL_PROXY_CREDENTIALS instead # For GCP
  #     GOOGLE_APPLICATION_CREDENTIALS: /run/secrets/CICD_PROXY_SERVICEACCOUNT_KEY # For GCP

secrets:
  CICD_PROXY_SERVICEACCOUNT_KEY: # For GCP
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/cicd-proxy-serviceaccount.key # For GCP
  DATABASE_PASSWORD:
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_mgr_secret}
  DATABASE_SSL_CA:
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_ca_secret}
  DATABASE_SSL_CERT:
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_cert_secret}
  DATABASE_SSL_KEY:
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${db_database_ssl_key_secret}
  TEST_USER_PASSWORD:
    file: ${DOCKER_HOST_PATH:-.}/tmp/secrets/${taito_env}/${taito_project}-${taito_env}-test-user-password.secret

networks:
  cicd: