From e7eb75ad1b855089ee75ca5bdaa676c09fc1df2a Mon Sep 17 00:00:00 2001
From: "patrick.tafoya" <patricktafoya@seed-innovations.com>
Date: Mon, 9 Dec 2024 16:15:10 -0700
Subject: [PATCH] BULL-3225-better-startup - POC updates to include a startup
job that runs with proper user permissions.
---
docker/baselines/docker-compose-startup.yml | 19 +++++++++++++++++++
docker/docker-compose-cosmtrek.yml | 3 +++
docker/docker-compose-express.yml | 4 +++-
docker/docker-compose-postgres.yml | 4 ++++
docker/docker-compose-vue.yml | 4 ++++
.../docker-compose-dockerfile-lint.yml | 1 +
.../docker-compose-find-unauthorized.yml | 1 +
.../pipeline-jobs/docker-compose-npm-lint.yml | 1 +
.../docker-compose-npm-unit-tests.yml | 1 +
.../docker-compose-trufflehog.yml | 1 +
formulas/baselines/universal.yml | 4 +++-
11 files changed, 41 insertions(+), 2 deletions(-)
create mode 100644 docker/baselines/docker-compose-startup.yml
diff --git a/docker/baselines/docker-compose-startup.yml b/docker/baselines/docker-compose-startup.yml
new file mode 100644
index 0000000..bb49c7b
--- /dev/null
+++ b/docker/baselines/docker-compose-startup.yml
@@ -0,0 +1,19 @@
+version: "3.6"
+services:
+
+ startup:
+ image: alpine:latest
+ container_name: startup-service
+ working_dir: /local-dev
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
+ volumes:
+ - .:/local-dev # Map the root folder to /local-dev in the container
+ command: >
+ sh -c "chmod +x /local-dev/scripts/setup.sh && /local-dev/scripts/setup.sh"
+ healthcheck:
+ test: [ "CMD", "sh", "-c", "test -d /local-dev/reports" ]
+ interval: 10s
+ timeout: 5s
+ retries: 3
+ start_period: 5s
+ restart: "no"
diff --git a/docker/docker-compose-cosmtrek.yml b/docker/docker-compose-cosmtrek.yml
index e999fac..97de281 100644
--- a/docker/docker-compose-cosmtrek.yml
+++ b/docker/docker-compose-cosmtrek.yml
@@ -3,6 +3,7 @@ services:
xx_project_name_xx-api:
image: cosmtrek/air:v1.49.0
container_name: xx_project_name_xx-api
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
working_dir: /app
env_file:
- .env
@@ -26,6 +27,8 @@ services:
depends_on:
db:
condition: service_healthy
+ startup:
+ condition: service_healthy
healthcheck:
# due to the way the api authorizes requests, we expect a 401
test: /opt/healthcheck/healthcheck.sh http://localhost:$$PORT/api/docs 401
diff --git a/docker/docker-compose-express.yml b/docker/docker-compose-express.yml
index cf013ef..3bbc6be 100644
--- a/docker/docker-compose-express.yml
+++ b/docker/docker-compose-express.yml
@@ -6,10 +6,10 @@ services:
context: .
dockerfile: Dockerfile.be.dev
container_name: xx_project_name_xx-api
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
volumes:
- ./xx_project_name_xx-api:/app
- /app/node_modules
- user: node
command: bash -c "npm run dev"
environment:
# container internal port (not exposed to host)
@@ -27,6 +27,8 @@ services:
depends_on:
db:
condition: service_healthy
+ startup:
+ condition: service_healthy
healthcheck:
test: curl -f http://localhost:$$PORT/api/health
timeout: 10s
diff --git a/docker/docker-compose-postgres.yml b/docker/docker-compose-postgres.yml
index 0172177..b6d7454 100644
--- a/docker/docker-compose-postgres.yml
+++ b/docker/docker-compose-postgres.yml
@@ -3,6 +3,7 @@ services:
db:
image: postgres:11-alpine
container_name: xx_project_name_xx-db
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: /postgres-entrypoint.sh
command: >
-c ssl=on
@@ -19,6 +20,9 @@ services:
- xx_project_name_xx-net
ports:
- "5432:5432"
+ depends_on:
+ startup:
+ condition: service_healthy
healthcheck:
test: >
pg_isready -d $$POSTGRES_DB -U $$POSTGRES_USER
diff --git a/docker/docker-compose-vue.yml b/docker/docker-compose-vue.yml
index 8e5563c..58e3558 100644
--- a/docker/docker-compose-vue.yml
+++ b/docker/docker-compose-vue.yml
@@ -5,6 +5,7 @@ services:
context: .
dockerfile: Dockerfile.ui.dev
container_name: xx_project_name_xx-ui
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
volumes:
- ./xx_project_name_xx-ui:/home/node
- /home/node/node_modules
@@ -18,6 +19,9 @@ services:
tty: true
networks:
- xx_project_name_xx-net
+ depends_on:
+ startup:
+ condition: service_healthy
healthcheck:
test: curl -f http://localhost:$$PORT
timeout: 10s
diff --git a/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml b/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
index 9e93110..5c44ee9 100644
--- a/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
+++ b/docker/pipeline-jobs/docker-compose-dockerfile-lint.yml
@@ -3,6 +3,7 @@ services:
dockerfile-lint<<subProject>>:
image: registry1.dso.mil/ironbank/opensource/hadolint/hadolint:v2.12.0
container_name: dockerfile-lint<<subProject>>
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/dockerfile-lint/entrypoint.sh"]
working_dir: /local-dev
environment:
diff --git a/docker/pipeline-jobs/docker-compose-find-unauthorized.yml b/docker/pipeline-jobs/docker-compose-find-unauthorized.yml
index f72e1b2..e69691e 100644
--- a/docker/pipeline-jobs/docker-compose-find-unauthorized.yml
+++ b/docker/pipeline-jobs/docker-compose-find-unauthorized.yml
@@ -3,6 +3,7 @@ services:
find-unauthorized<<subProject>>:
image: registry1.dso.mil/ironbank/opensource/python:v3.12.5
container_name: find-unauthorized<<subProject>>
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/find-unauthorized/entrypoint.sh"]
working_dir: /local-dev
environment:
diff --git a/docker/pipeline-jobs/docker-compose-npm-lint.yml b/docker/pipeline-jobs/docker-compose-npm-lint.yml
index 991f0fd..5bf0ba8 100644
--- a/docker/pipeline-jobs/docker-compose-npm-lint.yml
+++ b/docker/pipeline-jobs/docker-compose-npm-lint.yml
@@ -3,6 +3,7 @@ services:
npm-lint<<subProject>>:
image: registry1.dso.mil/ironbank/opensource/nodejs/nodejs20:20.11
container_name: npm-lint<<subProject>>
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/npm-lint/entrypoint.sh"]
working_dir: /local-dev
environment:
diff --git a/docker/pipeline-jobs/docker-compose-npm-unit-tests.yml b/docker/pipeline-jobs/docker-compose-npm-unit-tests.yml
index 86ba911..5790711 100644
--- a/docker/pipeline-jobs/docker-compose-npm-unit-tests.yml
+++ b/docker/pipeline-jobs/docker-compose-npm-unit-tests.yml
@@ -3,6 +3,7 @@ services:
npm-unit-tests<<subProject>>:
image: registry1.dso.mil/ironbank/opensource/nodejs/nodejs20:20.11
container_name: npm-unit-tests<<subProject>>
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/npm-unit-tests/entrypoint.sh"]
working_dir: /local-dev
environment:
diff --git a/docker/pipeline-jobs/docker-compose-trufflehog.yml b/docker/pipeline-jobs/docker-compose-trufflehog.yml
index b97ab45..6e3def2 100644
--- a/docker/pipeline-jobs/docker-compose-trufflehog.yml
+++ b/docker/pipeline-jobs/docker-compose-trufflehog.yml
@@ -3,6 +3,7 @@ services:
trufflehog<<subProject>>:
image: registry1.dso.mil/ironbank/opensource/trufflehog/trufflehog3:3.0.10
container_name: trufflehog<<subProject>>
+ user: "${UID:-1000}:${GID:-1000}" # Default to 1000:1000 if UID/GID not set
entrypoint: ["/local-dev/${BASE_SCRIPTS_DIR}/trufflehog/entrypoint.sh"]
working_dir: /local-dev
environment:
diff --git a/formulas/baselines/universal.yml b/formulas/baselines/universal.yml
index e121ca4..8f23f36 100644
--- a/formulas/baselines/universal.yml
+++ b/formulas/baselines/universal.yml
@@ -3,6 +3,8 @@ pipeline:
subProject: ''
exclusions: ''
pipelineJobs:
+ startup:
+ composeFile: docker/baselines/docker-compose-startup.yml
trufflehog:
composeFile: docker/pipeline-jobs/docker-compose-trufflehog.yml
dockerfile-lint:
@@ -26,4 +28,4 @@ getLocalDevDirs:
getLocalDevFiles:
- from: scripts/setup.sh
- to: scripts/setup.sh
\ No newline at end of file
+ to: scripts/setup.sh
--
GitLab