kcidb-ng/docker-compose.yaml at main · kernelci/kcidb-ng · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# kcidb-rest interface workers
services:
  kcidb-rest:
    image: ghcr.io/kernelci/kcidb-ng/kcidb-rest:latest
    env_file:
      - .env
    ports:
      - "443:443"
      - "80:80"
    volumes:
      - ./spool:/app/spool
      - ./certs:/etc/letsencrypt
      # Uncomment to enable ACME challenge for certbot (also set ACME_WEBROOT in .env)
      # - ./acme-challenge:/var/www/acme-challenge
    restart: unless-stopped
    networks:
      - kcidb
# To disable JWT auth
#    command: ["/usr/local/bin/kcidb-restd-rs","-j",""]
  ingester:
      image: ${IMAGE_REGISTRY:-ghcr.io}/${IMAGE_OWNER:-kernelci}/${IMAGE_REPOSITORY:-dashboard}/dashboard-backend:${IMAGE_TAG:-latest}
      command:
          - poetry
          - run
          - python3
          - manage.py
          - monitor_submissions
          - --spool-dir
          - /app/spool
      env_file: .env
      environment:
          SKIP_CRONJOBS: "True"
      volumes:
          - ./backend-data:${BACKEND_VOLUME_DIR:-/volume_data}
          - ${INGESTER_SPOOL_DIR:-./spool}:/app/spool
          - ./state:/app/state
          - ./cache:/app/cache
      restart: always
      ports:
        - "2003:8002"
      networks:
        - kcidb

#      depends_on:
#          - redis
#      profiles: ["with_commands"]

  pending_aggregations_processor:
      image: ${IMAGE_REGISTRY:-ghcr.io}/${IMAGE_OWNER:-kernelci}/${IMAGE_REPOSITORY:-dashboard}/dashboard-backend:${IMAGE_TAG:-latest}
      command:
          - poetry
          - run
          - python3
          - manage.py
          - process_pending_aggregations
          - --loop
          - --interval
          - "5"
      env_file: .env
      environment:
          SKIP_CRONJOBS: "True"
      restart: always
      ports:
        - "2004:8001"
      networks:
        - kcidb

#      depends_on:
#          - redis
#      profiles: ["with_commands"]

  logspec-worker:
    image: ghcr.io/kernelci/kcidb-ng/logspec-worker:latest
    env_file:
      - .env
    volumes:
      - ./spool:/app/spool
      - ./cache:/cache
      - ./state:/app/state
      - ./config:/app/config
    command: ["python", "/app/logspec_worker.py", "--spool-dir", "/app/spool", "--config-file", "/app/logspec_worker.yaml"]
    restart: unless-stopped
    networks:
      - kcidb

  db:
    image: postgres:17
    container_name: 'postgres'
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s        # run every 10 s
      timeout: 5s          # fail if probe > 5 s
      retries: 5           # mark unhealthy after 5 failures
      start_period: 5s     # give Postgres a moment to boot
    env_file:
      - .env
    volumes:
      - ./db:/var/lib/postgresql/data
    ports:
      - "5432:5432"
    restart: unless-stopped
    profiles: ["self-hosted"]
    networks:
      - kcidb
  dbinit:
    build:
      context: .
      dockerfile: Dockerfile.dbinit
    container_name: 'dbinit'
    env_file:
      - .env
    restart: "no"
    profiles: ["self-hosted"]
    depends_on:
      db:
        condition: service_healthy
    networks:
      - kcidb
  # Certbot standalone mode - runs its own webserver on port 80
  # Use this when kcidb-rest is NOT running (e.g., initial cert setup or standalone renewal)
  # To use:
  #   1. Stop kcidb-rest: docker compose stop kcidb-rest
  #   2. Issue cert: docker compose --profile=certbot-standalone run --rm certbot-standalone
  #   3. Renew cert: docker compose --profile=certbot-standalone run --rm certbot-standalone renew
  #   4. Restart kcidb-rest: docker compose up -d kcidb-rest
  certbot-standalone:
    image: certbot/certbot
    profiles: ["certbot-standalone"]
    ports:
      - "80:80"
    volumes:
      - ./certs:/etc/letsencrypt
      - ./certs-data:/var/lib/letsencrypt
    env_file:
      - .env
    command: certonly --standalone -d ${CERTBOT_DOMAIN} --email ${CERTBOT_EMAIL} --agree-tos --non-interactive --no-eff-email

networks:
  kcidb:
    name: kcidb
    driver: bridge

# Certbot with webroot mode (alternative) - uses ACME challenge served by kcidb-rest
# To use:
#   1. Uncomment the acme-challenge volume in kcidb-rest service
#   2. Set ACME_WEBROOT=/var/www/acme-challenge in .env
#   3. Run: docker compose run --rm certbot
#  certbot:
#    image: certbot/certbot
#    volumes:
#      - ./certs:/etc/letsencrypt
#      - ./certs-data:/var/lib/letsencrypt
#      - ./acme-challenge:/var/www/acme-challenge
#    env_file:
#      - .env
#    command: certonly --webroot -w /var/www/acme-challenge -d ${CERTBOT_DOMAIN} --email ${CERTBOT_EMAIL} --agree-tos --non-interactive --no-eff-email
#    # For renewal, use: docker compose run --rm certbot renew