From 81d365f082dc17630f03ec9a40817f1c6263faf8 Mon Sep 17 00:00:00 2001 From: Kaj Magnus Lindberg Date: Mon, 7 Nov 2022 09:06:14 +0100 Subject: [PATCH] 2/2: Move integration tests containers to docker-compose.it.yml It's so annoying to have them start always. --- docker-compose.it.yml | 334 ++---------------------------------------- docker-compose.yml | 94 +----------- 2 files changed, 16 insertions(+), 412 deletions(-) diff --git a/docker-compose.it.yml b/docker-compose.it.yml index b7e38cc5a3..bf44440f27 100644 --- a/docker-compose.it.yml +++ b/docker-compose.it.yml @@ -8,316 +8,6 @@ networks: - subnet: ${INTERNAL_NET_SUBNET} services: - web: - build: - context: images/web - dockerfile: Dockerfile.or # openresty - image: ${DOCKER_REPOSITORY}/talkyard-web - # so can specify core dump path [NGXCORED] - #privileged: true - volumes: - # The LetsEncrypt ACME account key gets generated by run-envsubst-gen-keys.sh. - # Once done, you could make this dir read-only: append ':ro' to the next line. - - ./volumes/acme/:/etc/nginx/acme/ - # Mount the config, scripts and styles, rather than relying on Docker's COPY, - # so Nginx can auto reload them after edits, without rebuilding the image. - # (The files are COPY:d too, so will work in Prod.) - # [ty_v1] Rename to just sites-enabled, here and in prod too — remove - # sites-enabled-auto-gen. - - ./images/web/sites-enabled-manual/:/etc/nginx/sites-enabled-manual/:ro - - ./images/web/ed-lua/:/opt/talkyard/lua/:ro - - ./images/web/assets/:/opt/talkyard/assets/:ro # [NGXSTC] - - ./images/web/ty-media/:/opt/talkyard/ty-media/:ro - # Mount Lua packages dir, so can upgrade packages by running - # 'opm install' from inside a web container. [upd_resty_pkgs] - #- ./images/web/openresty-pkgs/new/:/usr/local/openresty/site/ - - ./volumes/uploads/:/opt/talkyard/uploads/:ro - - ./volumes/letsencrypt/:/etc/letsencrypt/:ro - - ./volumes/nginx-logs/:/var/log/nginx/ - - ./volumes/nginx-core-dumps/:/tmp/cores/ - - ./volumes/nginx-tmp-rw:/tmp/rw/ - ports: - - '80:80' - - '443:443' - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_WEB_IP} - depends_on: - - app - - cache - environment: - # When debugging, it's nice to see everything if typing `docker-compose logs`. - TY_LOG_TO_STDOUT_STDERR: '1' - TY_NGX_ERROR_LOG_LEVEL: 'debug' - #TY_NGX_ACCESS_LOG_CONFIG: 'tyalogfmt' - #TY_NGX_LIMIT_REQ_BODY_SIZE: "5m" - CDN_PULL_KEY: "public" - # This is dev mode; tell the browser to refresh its cache each request. [2WBKP46] - TY_MAX_AGE_YEAR: "no-cache" - TY_MAX_AGE_MONTH: "no-cache" - TY_MAX_AGE_WEEK: "no-cache" - TY_MAX_AGE_DAY: "no-cache" - TY_MAX_AGE_HOUR: "no-cache" - TY_MAX_AGE_15MIN: "no-cache" - # Try this out during development for a while, - # see: https://stackoverflow.com/questions/43467670/which-capabilities-can-i-drop-in-a-docker-nginx-container - # DO_AFTER 2021-03-1 reply and say if worked, accept answer. - # When cap_drop is ALL, it gets processed before cap_add, see: - # https://stackoverflow.com/a/63219871 - # and: - # https://github.com/moby/moby/blob/1c39b1c44c973f18f39bd684c6aba57bb96510fe/oci/caps/utils.go#L120 - cap_drop: - - ALL - cap_add: - # Without CHOWN: - # nginx: [emerg] chown("/opt/nginx/proxy-cache", 100) failed (1: Operation not permitted) - - CHOWN - # To bypass file read, write, and execute permission checks: - # (DAC means "discretionary access control", and DAC_OVERRIDE) - # Without DAC_OVERRIDE: - # nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied) - - DAC_OVERRIDE - # To change the group and user id of a process: (so Nginx won't need to run as root) - - SETGID - - SETUID - # To bind to lower ports. Maybe listen on 8080 instead, and map port 80:8080? - - NET_BIND_SERVICE - - app: - build: - context: images/app/ - dockerfile: Dockerfile.dev - # (Image ${DOCKER_REPOSITORY}/talkyard-app is for production, and gets created by - # ./docker/build-app-prod.sh.) - image: ${DOCKER_REPOSITORY}/talkyard-app-dev - stdin_open: true # otherwise Play exits - tty: true # colored logs - volumes: - - ./:/opt/talkyard/app/ - - ./volumes/uploads/:/opt/talkyard/uploads/ - - ./volumes/app-logs/:/var/log/talkyard/ - # So assets get refreshed on restart, in dev mode, without rebuilding image. [APPJSPATH] - - ./images/app/assets/:/opt/talkyard/app/assets/:ro - - ./version.txt:/opt/talkyard/app/version.txt:ro - # Without this, takes forever to start: sbt would always download all dependencies. [SBTHOME] - # This is for Linux: (https://get-coursier.io/docs/cache.html#default-location) - - ./vendors/jars/cache/:/home/owner/.cache/ - - ./vendors/jars/ivy2/:/home/owner/.ivy2/ - - ./vendors/jars/sbt/:/home/owner/.sbt/ - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_APP_IP} - ports: - # Let's expose these, for debugging and troubleshooting. - - '9000:9000' # Play's HTTP listen port. - - '9999:9999' # Java debugger port - - '3333:3333' # JMX - depends_on: - - cache - - rdb - - search - #- fakemail - environment: - PLAY_HEAP_MEMORY_MB: 2800 - HOSTNAME: "localhost" - CREATE_SITE_HOSTNAME: "localhost" - BECOME_OWNER_EMAIL_ADDRESS: "admin@example.com" - E2E_TEST_PASSWORD: "public" - FORBIDDEN_PASSWORD: "public" - - # ----- Tracing - # See: https://github.com/jaegertracing/legacy-client-java/blob/master/jaeger-core/README.md - # #configuration-via-environment - - # Or "probabilistic", param 0.0 ... 1.0, or "ratelimiting" with param = num samples per second. - # or "remote" (the default), asks the Jaeger agent how to sample. - JAEGER_SAMPLER_TYPE: "const" - JAEGER_SAMPLER_PARAM: "1" - # Or 6831? 6832? will be renamed to JAEGER_CONFIG_MANAGER_HOST_PORT - # https://github.com/jaegertracing/jaeger-client-go/issues/282 - #JAEGER_SAMPLER_MANAGER_HOST_PORT: "tracer:5778" - - # Either configure Jaeger agent host and port: - # JAEGER_AGENT_HOST - # JAEGER_AGENT_PORT - # Or connect directly to the Jaeger connector: (optionally with authentication info) - JAEGER_ENDPOINT: "http://tracer:14268/api/traces" - # JAEGER_USER: "" - # JAEGER_PASSWORD: "" - # JAEGER_AUTH_TOKEN: "" - - cache: - build: images/cache/ - image: ${DOCKER_REPOSITORY}/talkyard-cache - volumes: - - ./volumes/cache-data/:/data/ - # Expose, so can troubleshoot-query Redis. - ports: - - '6379:6379' - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_CACHE_IP} - sysctls: - net.core.somaxconn: 511 - - search: - build: images/search/ - image: ${DOCKER_REPOSITORY}/talkyard-search - # If too low, the 'search' container will suddenly exit with code 137. No error message - # will get logged — instead it just exits, suddenly. Why? OOM-killed? In Docker? Hmm. - #mem_limit: 800M - volumes: - - ./volumes/search-data/:/usr/share/elasticsearch/data/ - - ./volumes/search-logs/:/usr/share/elasticsearch/logs/ - ports: - # Expose, for troubleshooting. - - '9200:9200' - - '9300:9300' - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_SEARCH_IP} - environment: - ES_JAVA_OPTS: '-Xms384m -Xmx384m' - - rdb: - build: images/rdb/ - image: ${DOCKER_REPOSITORY}/talkyard-rdb - volumes: - - ./volumes/rdb-data/:/var/lib/postgresql/data/ - - ./volumes/rdb-logs/:/var/log/postgresql/ - # Can live reload the config like so: ([ty_v1] document this where?) - # # bash-4.4# su - postgres # as root in the container - # $ pg_ctl reload -D /var/lib/postgresql/data/ - # or: SELECT pg_reload_conf(); - - ./modules/ed-prod-one-test/conf/rdb/:/var/lib/postgresql/conf/ - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_RDB_IP} - # Log to stderr, not to /var/log/postgresql/: (log_destination is stderr by default) - # (see https://github.com/sameersbn/docker-postgresql/blob/master/docker-compose.yml) - # [ty_v1] do automatically if TY_LOG_TO_STDOUT_STDERR is set in .env, - # maybe would need to edit: (clone repo, incl in images/rdb/) - # https://github.com/sameersbn/docker-postgresql/blob/master/entrypoint.sh - # Also change from Ubuntu to Debian instead. - command: '--logging_collector=off --log_connections=yes' - environment: - POSTGRES_PASSWORD: 'public' - PEER_HOST: 'rdb2' - PEER_PORT: '5432' - PEER_PASSWORD: 'public2' - CREATE_TEST_USER: 'yes' - - # An extra database, so you can experiment with Postgres replication and failover. - # You don't need to start it. - #rdb2: - # mem_limit: 30M - # build: images/rdb/ - # volumes: - # - ./volumes/rdb2-data/:/var/lib/postgresql/data/ - # - ./volumes/rdb2-logs/:/var/log/postgresql/ - # networks: - # internal_net: - # ipv4_address: ${INTERNAL_NET_RDB2_IP} - # environment: - # POSTGRES_PASSWORD: 'public2' - # PEER_HOST: 'rdb' - # PEER_PORT: '5432' - # PEER_PASSWORD: 'public' - - # Remove this? Instead, s/d run --rm -p '9229:9229' nodejs .. ? - # But how specify ipv4_address via `s/d run`? - # - #test: - # build: images/gulp/ - # image: ${DOCKER_REPOSITORY}/talkyard-test - # volumes: - # - ./:/opt/talkyard/server/ - # ports: - # # This is for debugging tests running in Node.js in this container, and started - # # via `node --debug-brk --inspect=9229`. [8EA02R4] - # - '9229:9229' - # networks: - # internal_net: - # ipv4_address: ${INTERNAL_NET_TEST_IP} - # # So can send HTTP request to the web container. See tests/security/settings.ts [7PKW4R2] - # depends_on: - # - web - # # Don't want this container to start at all by default. - # command: 'exit 0' - - # A fake external server, for e2e tests, when the Ty server sends its own HTTP - # requests to external things. - fakeweb: - build: images/fakeweb/ - image: ${DOCKER_REPOSITORY}/fakeweb - # Now included in the image instead: [fakeweb_mount_nothing] - #volumes: - # - ./images/fakeweb/app/:/app/:ro - # - ./volumes/fakeweb-deno-dir:/deno-dir - ports: - # So the Webdriverio e2e tests can ask this server what HTTP requests - # the Ty server has sent. E.g. outgoing webhooks, or anti spam service queries. - - '8090:8090' - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_TEST_IP} - - # Dummy SMTP server, for testing. - # fakemail: - # build: images/fakemail/mailslurper - # image: ${DOCKER_REPOSITORY}/fakemail - # volumes: - # - ./images/fakemail/mailslurper-config.json:/config.json - # - ./images/fakemail/fakemail-publ-test-self-signed.key:/smtp-server.key - # - ./images/app/fakemail-publ-test-self-signed.crt:/smtp-server.crt # yes, in app-dev [26UKWD2] - # ports: - # - '8025:8025' # smtp, '80' + 25 (25 = old standard port, 587 = new for STARTTLS) - # - '8026:8026' # admin interface, '80' + 25 + 1 - # - '8027:8027' # service port = api requests or what? '80' + 25 + 2 - # networks: - # internal_net: - # ipv4_address: ${INTERNAL_NET_FAKEMAIL_IP} - - # Jaeger Tracing. Access at http://localhost:16686. - # Not currently in use. - #tracer: - # image: jaegertracing/all-in-one:1.7 - # ports: # Component. What. (https://www.jaegertracing.io/docs/1.6/getting-started/) - # #- '5775:5775/udp' # Agent. accept zipkin.thrift over compact thrift protocol - # - '6831:6831/udp' # Agent. accept jaeger.thrift over compact thrift protocol - # - '6832:6832/udp' # Agent. accept jaeger.thrift over binary thrift protocol - # - '5778:5778' # Agent. serve configs - # - '16686:16686' # Query. Web interface + find traces. - # - '14268:14268' # Collector. accept jaeger.thrift directly from clients - # #- '9411:9411' # Collector. Zipkin compatible endpoint - # networks: - # internal_net: - # ipv4_address: ${INTERNAL_NET_TRACER_IP} - - # The same as the 'test' container, except that 'nodejs' won't start the rest of - # the stack, instead it just transpiles Typescript and Stylus. - nodejs: - # RENAME dir from gulp to nodejs - build: images/gulp/ - # RENAME img from -gulp to -nodejs - image: ${DOCKER_REPOSITORY}/talkyard-gulp - tty: true # colored logs - volumes: - - ./:/opt/talkyard/server/ # [NODEHOME] - #command: ['yarn install && gulp watch'] - # But 'exit 0' won't work — not an executable file, - command: ['echo'] - - - # Would like to remove, but is incl in talkyard-prod-one's Compose file already, - # and would cause errors, if removed here, and people then upgrade? (because new version - # couldn't be downloaded). Remove in Ty v1 [ty_v1]. - certgen: - build: images/certgen/ - image: ${DOCKER_REPOSITORY}/talkyard-certgen - # Only want to build (but not run) this container, in dev/test mode. - command: 'echo' - # Integration test containers @@ -333,16 +23,20 @@ services: # -v (this-repo-dir)/tests/int-w/ghost/content:/var/lib/ghost/content ghost:4.34.0 # # But let's include here, and use Ghost's default port 2368? - it-ghost: - # Image docs: https://hub.docker.com/_/ghost/ - image: ghost:4.34.0 - # Won't work in Prod tests — so, incl in image instead of mounting? [ghost_prod_test_img] - volumes: - - ./tests/int-w/ghost/casper-post.hbs:/var/lib/ghost/current/content/themes/casper/post.hbs - ports: - # Why does Ghost like this port? Who knows - - '2368:2368' - # networks — don't use the internal net; Ghost is usually hosted elsewhere. + + # Ghost is currently in the main docker-compose.yml, needed by some e2e tests. + # Move it to here later: + # + # it-ghost: + # # Image docs: https://hub.docker.com/_/ghost/ + # image: ghost:4.34.0 + # # Won't work in Prod tests — so, incl in image instead of mounting? [ghost_prod_test_img] + # volumes: + # - ./tests/int-w/ghost/casper-post.hbs:/var/lib/ghost/current/content/themes/casper/post.hbs + # ports: + # # Why does Ghost like this port? Who knows + # - '2368:2368' + # # networks — don't use the internal net; Ghost is usually hosted elsewhere. # Matrix diff --git a/docker-compose.yml b/docker-compose.yml index b7e38cc5a3..1dbfa70071 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -319,12 +319,8 @@ services: command: 'echo' - - # Integration test containers - # --------------------------- - - # For testing integrations with 3rd party software. Prefixed by 'it-'. - + # Ghost e2e test container — move it to docker-compose.it.yml later. + # # Ghost integration test. Docs, over at Ghost: # https://ghost.org/integrations/talkyard/ # @@ -345,90 +341,4 @@ services: # networks — don't use the internal net; Ghost is usually hosted elsewhere. - # Matrix - #version: '2.3' - #services: - #mx-postgres: - # image: postgres:14 - # #restart: unless-stopped - # networks: - # internal_net: - # ipv4_address: ${INTERNAL_NET_MX_PG_IP} - # #default: - # # ipv4_address: 10.10.10.2 - # volumes: - # - ./volumes/matrix-pg-data:/var/lib/postgresql/data - # # These will be used in homeserver.yaml later on - # environment: - # - POSTGRES_DB=synapse - # - POSTGRES_USER=synapse - # - POSTGRES_PASSWORD=pub_mx_pg_pwd - - # See: https://github.com/vector-im/element-web - # Also: https://cyberhost.uk/element-matrix-setup/#installmatrixandelement - # Access at: http://ty-it-mx-element.localhost:8088 - ty-it-mx-element: - image: vectorim/element-web:latest - #restart: unless-stopped - volumes: - - ./tests/int-w/matrix/element-web-config.json:/app/config.json - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_MX_ELEMENT_IP} - ports: - - '8088:80' - #networks: - # default: - # ipv4_address: 10.10.10.3 - - # Register new server admin user: (mxsrvadm) - # d/c exec ty-it-mx-synapse /bin/bash - # register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008 \ - # --user mxsrvadm --password pub-mxsr020 --admin - # See: https://github.com/matrix-org/synapse/tree/master/docker - ty-it-mx-synapse: - image: matrixdotorg/synapse:latest - # matrixdotorg/synapse:v1.53.0 - # see: https://hub.docker.com/r/matrixdotorg/synapse/tags - restart: unless-stopped - volumes: - - ./volumes/matrix-synapse-data:/data - - ./tests/int-w/matrix/homeserver.yaml:/data/homeserver.yaml - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_MX_SYNAPSE_IP} - ports: - - '8008:8008' # connections from end user clients, to send messages - - '8009:8009' # This is a Websocket proxy, which turns the ws messages - # into HTTP requests to port :8008? - # See: https://github.com/matrix-org/matrix-websockets-proxy/blob/master/main.go - # '8448:8448' # connections from other servers, for federation - - #default: - #ipv4_address: 10.10.10.4 - - - # n8n, "source-available Zapier": - # - # https://hub.docker.com/r/n8nio/n8n - # - # docker run -it --rm \ - # --name n8n \ - # -p 5678:5678 \ - # -v ~/.n8n:/home/node/.n8n \ - # n8nio/n8n - # - ty-it-n8n: - image: n8nio/n8n - volumes: - - ./volumes/n8n/dot-n8n:/home/node/.n8n - ports: - - '5678:5678' - networks: - internal_net: - ipv4_address: ${INTERNAL_NET_N8N_IP} - #profiles: - # - integration_tests - - # vim: et ts=2 sw=2