forked from notaryproject/notary
/
docker-compose.sandbox.yml
119 lines (113 loc) · 2.84 KB
/
docker-compose.sandbox.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
version: "2"
services:
server:
image: notary:server-dev
build:
context: .
dockerfile: server.Dockerfile
volumes:
- go_modules:/go/pkg/mod
networks:
mdb:
sig:
aliases:
- notary-server
ports:
- "8080"
- "4443:4443"
entrypoint: /usr/bin/env sh
command: -c "./migrations/migrate.sh && notary-server -config=fixtures/server-config.json"
depends_on:
- mysql
- signer
signer:
image: notary:signer-dev
build:
context: .
dockerfile: signer.Dockerfile
volumes:
- go_modules:/go/pkg/mod
networks:
mdb:
sig:
aliases:
- notarysigner
entrypoint: /usr/bin/env sh
command: -c "./migrations/migrate.sh && notary-signer -config=fixtures/signer-config.json"
depends_on:
- mysql
mysql:
image: mariadb:10.4
networks:
- mdb
volumes:
- ./notarysql/mysql-initdb.d:/docker-entrypoint-initdb.d
- notary_data:/var/lib/mysql
environment:
TERM: dumb
MYSQL_ALLOW_EMPTY_PASSWORD: "true"
command: mysqld --innodb_file_per_table
registry:
image: registry:2.7
environment:
REGISTRY_HTTP_SECRET: topS3cr3t
ports:
- "5000:5000"
networks:
- sig
sandbox:
image: notary:sandbox-dev
build:
context: .
dockerfile: sandbox.Dockerfile
networks:
- sig
volumes:
- dct_data:/root/.docker/trust:rw
- go_modules:/go/pkg/mod
depends_on:
- server
privileged: true
environment:
DOCKER_CONTENT_TRUST: "1"
DOCKER_CONTENT_TRUST_SERVER: https://notary-server:4443
entrypoint: /usr/bin/env sh
command: |-
-c 'cp ~/.notary/certs/root-ca.crt /usr/local/share/ca-certificates/root-ca.crt &&
update-ca-certificates &&
dockerd-entrypoint.sh --insecure-registry registry:5000'
# This sandbox can be used for testing delegation keys;
# There is no mount to the shared docker trust folder!
# So if you want to pull push etc, you need to export delegation keys from the sandbox
# to this sandbox and load them with docker trust key load.
sandbox-2:
image: notary:sandbox-dev
build:
context: .
dockerfile: sandbox.Dockerfile
networks:
- sig
volumes:
- go_modules:/go/pkg/mod
depends_on:
- server
privileged: true
environment:
DOCKER_CONTENT_TRUST: "1"
DOCKER_CONTENT_TRUST_SERVER: https://notary-server:4443
entrypoint: /usr/bin/env sh
command: |-
-c 'cp ~/.notary/certs/root-ca.crt /usr/local/share/ca-certificates/root-ca.crt &&
update-ca-certificates &&
dockerd-entrypoint.sh --insecure-registry registry:5000'
volumes:
go_modules:
dct_data:
external: false
notary_data:
external: false
networks:
mdb:
external: false
sig:
external: false