diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5268fc2..3881558 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -120,13 +120,14 @@ cache: stage: build script: - | - buildah build . \ + buildah bud \ --tag $IMAGE_NAME:$CI_COMMIT_SHA \ --file $CONTAINERFILE \ --target $BUILDTARGET \ --layers \ --cache-from $IMAGE_NAME-cache \ - --cache-to $IMAGE_NAME-cache + --cache-to $IMAGE_NAME-cache \ + . - buildah push $IMAGE_NAME:$CI_COMMIT_SHA rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH diff --git a/compose.yaml b/compose.yaml index 839adaf..7851c80 100644 --- a/compose.yaml +++ b/compose.yaml @@ -22,12 +22,6 @@ services: restart: false condition: service_healthy required: true - configs: - - source: backend_config - target: /app/config.toml - secrets: - - source: firebase - target: /app/firebase.json env_file: - path: ./infrastructure/configs/backend/.env.template required: true @@ -44,6 +38,19 @@ services: app_protocol: http restart: unless-stopped shm_size: 4mb + volumes: + - type: bind + source: ./infrastructure/configs/backend/config.toml + target: /app/config.toml + read_only: true + bind: + selinux: Z + - type: bind + source: ./infrastructure/configs/backend/firebase.json + target: /app/firebase.json + read_only: true + bind: + selinux: Z tests: build: @@ -70,11 +77,6 @@ services: restart: false condition: service_healthy required: true - configs: - - source: backend_config - target: /app/config.toml - - source: alembic_config - target: /app/alembic.ini env_file: - path: ./infrastructure/configs/backend/.env.template required: true @@ -84,9 +86,20 @@ services: - default profiles: - tests - restart: no shm_size: 4mb volumes: + - type: bind + source: ./infrastructure/configs/backend/config.toml + target: /app/config.toml + read_only: true + bind: + selinux: Z + - type: bind + source: ./alembic.ini + target: /app/alembic.ini + read_only: true + bind: + selinux: Z - type: bind source: ./.cov target: /app/cov @@ -104,11 +117,6 @@ services: restart: false condition: service_healthy required: true - configs: - - source: backend_config - target: /app/config.toml - - source: alembic_config - target: /app/alembic.ini env_file: - path: ./infrastructure/configs/backend/.env.template required: true @@ -118,21 +126,30 @@ services: - default profiles: - migrations - restart: no shm_size: 4mb + volumes: + - type: bind + source: ./infrastructure/configs/backend/config.toml + target: /app/config.toml + read_only: true + bind: + selinux: Z + - type: bind + source: ./alembic.ini + target: /app/alembic.ini + read_only: true + bind: + selinux: Z postgres: image: docker.io/postgres:17-alpine - configs: - - source: postgres_config - target: /etc/postgresql/postgresql.conf env_file: - path: ./infrastructure/configs/postgres/.env.template required: true - path: ./infrastructure/configs/postgres/.env required: false healthcheck: - test: [ "CMD", "pg_isready", "--dbname=postgres" ] + test: ["CMD", "pg_isready", "--dbname=postgres"] interval: 1m30s timeout: 5s start_period: 5s @@ -144,15 +161,18 @@ services: restart: unless-stopped shm_size: 128mb volumes: + - type: bind + source: ./infrastructure/configs/postgres/postgresql.conf + target: /etc/postgresql/postgresql.conf + read_only: true + bind: + selinux: Z - type: volume source: postgres_data target: /var/lib/postgresql/data pgadmin: image: docker.io/dpage/pgadmin4:9 - configs: - - source: pgadmin_servers_config - target: /pgadmin4/servers.json depends_on: postgres: restart: false @@ -164,7 +184,7 @@ services: - path: ./infrastructure/configs/pgadmin/.env required: false healthcheck: - test: [ "CMD", "wget", "-O", "-", "http://localhost:80/misc/ping" ] + test: ["CMD", "wget", "-O", "-", "http://localhost:80/misc/ping"] interval: 1m30s timeout: 5s start_period: 5s @@ -184,24 +204,26 @@ services: restart: unless-stopped shm_size: 4mb volumes: + - type: bind + source: ./infrastructure/configs/pgadmin/servers.json + target: /pgadmin4/servers.json + read_only: true + bind: + selinux: Z - type: volume source: pgadmin_data target: /var/lib/pgadmin - read_only: false redis: image: docker.io/redis:8-alpine command: redis-server /usr/local/etc/redis/redis.conf - configs: - - source: redis_config - target: /usr/local/etc/redis/redis.conf env_file: - path: ./infrastructure/configs/redis/.env.template required: true - path: ./infrastructure/configs/redis/.env required: false healthcheck: - test: [ "CMD", "redis-cli", "ping" ] + test: ["CMD", "redis-cli", "ping"] interval: 1m30s timeout: 5s start_period: 5s @@ -212,10 +234,15 @@ services: restart: unless-stopped shm_size: 4mb volumes: + - type: bind + source: ./infrastructure/configs/redis/redis.conf + target: /usr/local/etc/redis/redis.conf + read_only: true + bind: + selinux: Z - type: volume source: redis_data target: /data - read_only: false networks: default: @@ -227,25 +254,7 @@ networks: internal: false external: false - volumes: postgres_data: pgadmin_data: redis_data: - - -configs: - backend_config: - file: ./infrastructure/configs/backend/config.toml - alembic_config: - file: alembic.ini - postgres_config: - file: ./infrastructure/configs/postgres/postgresql.conf - pgadmin_servers_config: - file: ./infrastructure/configs/pgadmin/servers.json - redis_config: - file: ./infrastructure/configs/redis/redis.conf - -secrets: - firebase: - file: ./infrastructure/configs/backend/firebase.json