Skip to content

Commit

Permalink
2/2: Move integration tests containers to docker-compose.it.yml
Browse files Browse the repository at this point in the history 
It's so annoying to have them start always.
  • Loading branch information
@kajmagnus
kajmagnus committed Nov 11, 2022
1 parent ce9ef46 commit 81d365f
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 412 deletions.
334 changes: 14 additions & 320 deletions docker-compose.it.yml
View file
Expand Up @@ -8,316 +8,6 @@ networks:
- subnet: ${INTERNAL_NET_SUBNET}

services:
web:
build:
context: images/web
dockerfile: Dockerfile.or # openresty
image: ${DOCKER_REPOSITORY}/talkyard-web
# so can specify core dump path [NGXCORED]
#privileged: true
volumes:
# The LetsEncrypt ACME account key gets generated by run-envsubst-gen-keys.sh.
# Once done, you could make this dir read-only: append ':ro' to the next line.
- ./volumes/acme/:/etc/nginx/acme/
# Mount the config, scripts and styles, rather than relying on Docker's COPY,
# so Nginx can auto reload them after edits, without rebuilding the image.
# (The files are COPY:d too, so will work in Prod.)
# [ty_v1] Rename to just sites-enabled, here and in prod too — remove
# sites-enabled-auto-gen.
- ./images/web/sites-enabled-manual/:/etc/nginx/sites-enabled-manual/:ro
- ./images/web/ed-lua/:/opt/talkyard/lua/:ro
- ./images/web/assets/:/opt/talkyard/assets/:ro # [NGXSTC]
- ./images/web/ty-media/:/opt/talkyard/ty-media/:ro
# Mount Lua packages dir, so can upgrade packages by running
# 'opm install' from inside a web container. [upd_resty_pkgs]
#- ./images/web/openresty-pkgs/new/:/usr/local/openresty/site/
- ./volumes/uploads/:/opt/talkyard/uploads/:ro
- ./volumes/letsencrypt/:/etc/letsencrypt/:ro
- ./volumes/nginx-logs/:/var/log/nginx/
- ./volumes/nginx-core-dumps/:/tmp/cores/
- ./volumes/nginx-tmp-rw:/tmp/rw/
ports:
- '80:80'
- '443:443'
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_WEB_IP}
depends_on:
- app
- cache
environment:
# When debugging, it's nice to see everything if typing `docker-compose logs`.
TY_LOG_TO_STDOUT_STDERR: '1'
TY_NGX_ERROR_LOG_LEVEL: 'debug'
#TY_NGX_ACCESS_LOG_CONFIG: 'tyalogfmt'
#TY_NGX_LIMIT_REQ_BODY_SIZE: "5m"
CDN_PULL_KEY: "public"
# This is dev mode; tell the browser to refresh its cache each request. [2WBKP46]
TY_MAX_AGE_YEAR: "no-cache"
TY_MAX_AGE_MONTH: "no-cache"
TY_MAX_AGE_WEEK: "no-cache"
TY_MAX_AGE_DAY: "no-cache"
TY_MAX_AGE_HOUR: "no-cache"
TY_MAX_AGE_15MIN: "no-cache"
# Try this out during development for a while,
# see: https://stackoverflow.com/questions/43467670/which-capabilities-can-i-drop-in-a-docker-nginx-container
# DO_AFTER 2021-03-1 reply and say if worked, accept answer.
# When cap_drop is ALL, it gets processed before cap_add, see:
# https://stackoverflow.com/a/63219871
# and:
# https://github.com/moby/moby/blob/1c39b1c44c973f18f39bd684c6aba57bb96510fe/oci/caps/utils.go#L120
cap_drop:
- ALL
cap_add:
# Without CHOWN:
# nginx: [emerg] chown("/opt/nginx/proxy-cache", 100) failed (1: Operation not permitted)
- CHOWN
# To bypass file read, write, and execute permission checks:
# (DAC means "discretionary access control", and DAC_OVERRIDE)
# Without DAC_OVERRIDE:
# nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
- DAC_OVERRIDE
# To change the group and user id of a process: (so Nginx won't need to run as root)
- SETGID
- SETUID
# To bind to lower ports. Maybe listen on 8080 instead, and map port 80:8080?
- NET_BIND_SERVICE

app:
build:
context: images/app/
dockerfile: Dockerfile.dev
# (Image ${DOCKER_REPOSITORY}/talkyard-app is for production, and gets created by
# ./docker/build-app-prod.sh.)
image: ${DOCKER_REPOSITORY}/talkyard-app-dev
stdin_open: true # otherwise Play exits
tty: true # colored logs
volumes:
- ./:/opt/talkyard/app/
- ./volumes/uploads/:/opt/talkyard/uploads/
- ./volumes/app-logs/:/var/log/talkyard/
# So assets get refreshed on restart, in dev mode, without rebuilding image. [APPJSPATH]
- ./images/app/assets/:/opt/talkyard/app/assets/:ro
- ./version.txt:/opt/talkyard/app/version.txt:ro
# Without this, takes forever to start: sbt would always download all dependencies. [SBTHOME]
# This is for Linux: (https://get-coursier.io/docs/cache.html#default-location)
- ./vendors/jars/cache/:/home/owner/.cache/
- ./vendors/jars/ivy2/:/home/owner/.ivy2/
- ./vendors/jars/sbt/:/home/owner/.sbt/
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_APP_IP}
ports:
# Let's expose these, for debugging and troubleshooting.
- '9000:9000' # Play's HTTP listen port.
- '9999:9999' # Java debugger port
- '3333:3333' # JMX
depends_on:
- cache
- rdb
- search
#- fakemail
environment:
PLAY_HEAP_MEMORY_MB: 2800
HOSTNAME: "localhost"
CREATE_SITE_HOSTNAME: "localhost"
BECOME_OWNER_EMAIL_ADDRESS: "admin@example.com"
E2E_TEST_PASSWORD: "public"
FORBIDDEN_PASSWORD: "public"

# ----- Tracing
# See: https://github.com/jaegertracing/legacy-client-java/blob/master/jaeger-core/README.md
# #configuration-via-environment

# Or "probabilistic", param 0.0 ... 1.0, or "ratelimiting" with param = num samples per second.
# or "remote" (the default), asks the Jaeger agent how to sample.
JAEGER_SAMPLER_TYPE: "const"
JAEGER_SAMPLER_PARAM: "1"
# Or 6831? 6832? will be renamed to JAEGER_CONFIG_MANAGER_HOST_PORT
# https://github.com/jaegertracing/jaeger-client-go/issues/282
#JAEGER_SAMPLER_MANAGER_HOST_PORT: "tracer:5778"

# Either configure Jaeger agent host and port:
# JAEGER_AGENT_HOST
# JAEGER_AGENT_PORT
# Or connect directly to the Jaeger connector: (optionally with authentication info)
JAEGER_ENDPOINT: "http://tracer:14268/api/traces"
# JAEGER_USER: ""
# JAEGER_PASSWORD: ""
# JAEGER_AUTH_TOKEN: ""

cache:
build: images/cache/
image: ${DOCKER_REPOSITORY}/talkyard-cache
volumes:
- ./volumes/cache-data/:/data/
# Expose, so can troubleshoot-query Redis.
ports:
- '6379:6379'
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_CACHE_IP}
sysctls:
net.core.somaxconn: 511

search:
build: images/search/
image: ${DOCKER_REPOSITORY}/talkyard-search
# If too low, the 'search' container will suddenly exit with code 137. No error message
# will get logged — instead it just exits, suddenly. Why? OOM-killed? In Docker? Hmm.
#mem_limit: 800M
volumes:
- ./volumes/search-data/:/usr/share/elasticsearch/data/
- ./volumes/search-logs/:/usr/share/elasticsearch/logs/
ports:
# Expose, for troubleshooting.
- '9200:9200'
- '9300:9300'
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_SEARCH_IP}
environment:
ES_JAVA_OPTS: '-Xms384m -Xmx384m'

rdb:
build: images/rdb/
image: ${DOCKER_REPOSITORY}/talkyard-rdb
volumes:
- ./volumes/rdb-data/:/var/lib/postgresql/data/
- ./volumes/rdb-logs/:/var/log/postgresql/
# Can live reload the config like so: ([ty_v1] document this where?)
# # bash-4.4# su - postgres # as root in the container
# $ pg_ctl reload -D /var/lib/postgresql/data/
# or: SELECT pg_reload_conf();
- ./modules/ed-prod-one-test/conf/rdb/:/var/lib/postgresql/conf/
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_RDB_IP}
# Log to stderr, not to /var/log/postgresql/: (log_destination is stderr by default)
# (see https://github.com/sameersbn/docker-postgresql/blob/master/docker-compose.yml)
# [ty_v1] do automatically if TY_LOG_TO_STDOUT_STDERR is set in .env,
# maybe would need to edit: (clone repo, incl in images/rdb/)
# https://github.com/sameersbn/docker-postgresql/blob/master/entrypoint.sh
# Also change from Ubuntu to Debian instead.
command: '--logging_collector=off --log_connections=yes'
environment:
POSTGRES_PASSWORD: 'public'
PEER_HOST: 'rdb2'
PEER_PORT: '5432'
PEER_PASSWORD: 'public2'
CREATE_TEST_USER: 'yes'

# An extra database, so you can experiment with Postgres replication and failover.
# You don't need to start it.
#rdb2:
# mem_limit: 30M
# build: images/rdb/
# volumes:
# - ./volumes/rdb2-data/:/var/lib/postgresql/data/
# - ./volumes/rdb2-logs/:/var/log/postgresql/
# networks:
# internal_net:
# ipv4_address: ${INTERNAL_NET_RDB2_IP}
# environment:
# POSTGRES_PASSWORD: 'public2'
# PEER_HOST: 'rdb'
# PEER_PORT: '5432'
# PEER_PASSWORD: 'public'

# Remove this? Instead, s/d run --rm -p '9229:9229' nodejs .. ?
# But how specify ipv4_address via `s/d run`?
#
#test:
# build: images/gulp/
# image: ${DOCKER_REPOSITORY}/talkyard-test
# volumes:
# - ./:/opt/talkyard/server/
# ports:
# # This is for debugging tests running in Node.js in this container, and started
# # via `node --debug-brk --inspect=9229`. [8EA02R4]
# - '9229:9229'
# networks:
# internal_net:
# ipv4_address: ${INTERNAL_NET_TEST_IP}
# # So can send HTTP request to the web container. See tests/security/settings.ts [7PKW4R2]
# depends_on:
# - web
# # Don't want this container to start at all by default.
# command: 'exit 0'

# A fake external server, for e2e tests, when the Ty server sends its own HTTP
# requests to external things.
fakeweb:
build: images/fakeweb/
image: ${DOCKER_REPOSITORY}/fakeweb
# Now included in the image instead: [fakeweb_mount_nothing]
#volumes:
# - ./images/fakeweb/app/:/app/:ro
# - ./volumes/fakeweb-deno-dir:/deno-dir
ports:
# So the Webdriverio e2e tests can ask this server what HTTP requests
# the Ty server has sent. E.g. outgoing webhooks, or anti spam service queries.
- '8090:8090'
networks:
internal_net:
ipv4_address: ${INTERNAL_NET_TEST_IP}

# Dummy SMTP server, for testing.
# fakemail:
# build: images/fakemail/mailslurper
# image: ${DOCKER_REPOSITORY}/fakemail
# volumes:
# - ./images/fakemail/mailslurper-config.json:/config.json
# - ./images/fakemail/fakemail-publ-test-self-signed.key:/smtp-server.key
# - ./images/app/fakemail-publ-test-self-signed.crt:/smtp-server.crt # yes, in app-dev [26UKWD2]
# ports:
# - '8025:8025' # smtp, '80' + 25 (25 = old standard port, 587 = new for STARTTLS)
# - '8026:8026' # admin interface, '80' + 25 + 1
# - '8027:8027' # service port = api requests or what? '80' + 25 + 2
# networks:
# internal_net:
# ipv4_address: ${INTERNAL_NET_FAKEMAIL_IP}

# Jaeger Tracing. Access at http://localhost:16686.
# Not currently in use.
#tracer:
# image: jaegertracing/all-in-one:1.7
# ports: # Component. What. (https://www.jaegertracing.io/docs/1.6/getting-started/)
# #- '5775:5775/udp' # Agent. accept zipkin.thrift over compact thrift protocol
# - '6831:6831/udp' # Agent. accept jaeger.thrift over compact thrift protocol
# - '6832:6832/udp' # Agent. accept jaeger.thrift over binary thrift protocol
# - '5778:5778' # Agent. serve configs
# - '16686:16686' # Query. Web interface + find traces.
# - '14268:14268' # Collector. accept jaeger.thrift directly from clients
# #- '9411:9411' # Collector. Zipkin compatible endpoint
# networks:
# internal_net:
# ipv4_address: ${INTERNAL_NET_TRACER_IP}

# The same as the 'test' container, except that 'nodejs' won't start the rest of
# the stack, instead it just transpiles Typescript and Stylus.
nodejs:
# RENAME dir from gulp to nodejs
build: images/gulp/
# RENAME img from -gulp to -nodejs
image: ${DOCKER_REPOSITORY}/talkyard-gulp
tty: true # colored logs
volumes:
- ./:/opt/talkyard/server/ # [NODEHOME]
#command: ['yarn install && gulp watch']
# But 'exit 0' won't work — not an executable file,
command: ['echo']


# Would like to remove, but is incl in talkyard-prod-one's Compose file already,
# and would cause errors, if removed here, and people then upgrade? (because new version
# couldn't be downloaded). Remove in Ty v1 [ty_v1].
certgen:
build: images/certgen/
image: ${DOCKER_REPOSITORY}/talkyard-certgen
# Only want to build (but not run) this container, in dev/test mode.
command: 'echo'



# Integration test containers
Expand All @@ -333,16 +23,20 @@ services:
# -v (this-repo-dir)/tests/int-w/ghost/content:/var/lib/ghost/content ghost:4.34.0
#
# But let's include here, and use Ghost's default port 2368?
it-ghost:
# Image docs: https://hub.docker.com/_/ghost/
image: ghost:4.34.0
# Won't work in Prod tests — so, incl in image instead of mounting? [ghost_prod_test_img]
volumes:
- ./tests/int-w/ghost/casper-post.hbs:/var/lib/ghost/current/content/themes/casper/post.hbs
ports:
# Why does Ghost like this port? Who knows
- '2368:2368'
# networks — don't use the internal net; Ghost is usually hosted elsewhere.

# Ghost is currently in the main docker-compose.yml, needed by some e2e tests.
# Move it to here later:
#
# it-ghost:
# # Image docs: https://hub.docker.com/_/ghost/
# image: ghost:4.34.0
# # Won't work in Prod tests — so, incl in image instead of mounting? [ghost_prod_test_img]
# volumes:
# - ./tests/int-w/ghost/casper-post.hbs:/var/lib/ghost/current/content/themes/casper/post.hbs
# ports:
# # Why does Ghost like this port? Who knows
# - '2368:2368'
# # networks — don't use the internal net; Ghost is usually hosted elsewhere.


# Matrix
Expand Down

0 comments on commit 81d365f

Please sign in to comment.