worker/docker-compose.yml at main · go-vela/worker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# SPDX-License-Identifier: Apache-2.0

version: '3'
services:

  # The `worker` compose service hosts the Vela build daemon.
  #
  # This component is used for pulling builds from the FIFO
  # queue and executing them based off their configuration.
  #
  # https://go-vela.github.io/docs/administration/worker/
  worker:
    build:
      context: .
      dockerfile: ${VELA_WORKER_DOCKERFILE:-Dockerfile}
    container_name: worker
    image: worker:local
    networks:
      - vela
    environment:
      EXECUTOR_DRIVER: linux
      QUEUE_DRIVER: redis
      # comment the line below to source Redis address from server
      QUEUE_ADDR: 'redis://redis:6379'
      VELA_BUILD_LIMIT: 3
      VELA_BUILD_TIMEOUT: 30m
      VELA_LOG_LEVEL: trace
      VELA_RUNTIME_DRIVER: docker
      VELA_RUNTIME_PRIVILEGED_IMAGES: 'target/vela-docker'
      VELA_EXECUTOR_ENFORCE_TRUSTED_REPOS: 'true'
      VELA_SERVER_ADDR: 'http://server:8080'
      # comment the VELA_SERVER_SECRET line below to use registration flow
      VELA_SERVER_SECRET: 'zB7mrKDTZqNeNTD8z47yG4DHywspAh'
      WORKER_ADDR: 'http://worker:8080'
      WORKER_CHECK_IN: 2m
      VELA_EXECUTOR_OUTPUTS_IMAGE: 'alpine:latest'
    restart: always
    ports:
      - "8081:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock"
    depends_on:
      - server

  # The `server` compose service hosts the Vela server and API.
  #
  # This component is used for processing web requests and
  # managing resources in the database and publishing
  # builds to the FIFO queue.
  #
  # https://go-vela.github.io/docs/administration/server/
  server:
    container_name: server
    image: ${VELA_SERVER_IMAGE:-target/vela-server:latest}
    networks:
      - vela
    environment:
      CACHE_DRIVER: redis
      CACHE_ADDR: 'redis://redis:6379'
      CACHE_INSTALL_TOKEN_KEY: df4b22849583a95cf1d581f234e3249f0ab96bc69ca9dc90da3dfaff173d8b6a
      DATABASE_DRIVER: postgres
      DATABASE_ADDR: 'postgres://vela:zB7mrKDTZqNeNTD8z47yG4DHywspAh@postgres:5432/vela?sslmode=disable'
      DATABASE_COMPRESSION_LEVEL: 3
      DATABASE_ENCRYPTION_KEY: 'C639A572E14D5075C526FDDD43E4ECF6'
      QUEUE_DRIVER: redis
      QUEUE_ADDR: 'redis://redis:6379'
      QUEUE_PRIVATE_KEY: 'tCIevHOBq6DdN5SSBtteXUusjjd0fOqzk2eyi0DMq04NewmShNKQeUbbp3vkvIckb4pCxc+vxUo+mYf/vzOaSg=='
      SCM_DRIVER: github
      SCM_CONTEXT: 'continuous-integration/vela'
      SECRET_VAULT: 'true'
      SECRET_VAULT_ADDR: 'http://vault:8200'
      SECRET_VAULT_TOKEN: vela
      VELA_ADDR: 'http://localhost:8080'
      VELA_WEBUI_ADDR: 'http://localhost:8888'
      VELA_LOG_LEVEL: trace
      # comment the line below to use registration flow
      VELA_SECRET: 'zB7mrKDTZqNeNTD8z47yG4DHywspAh'
      QUEUE_PUBLIC_KEY: 'DXsJkoTSkHlG26d75LyHJG+KQsXPr8VKPpmH/78zmko='
      VELA_SERVER_PRIVATE_KEY: 'F534FF2A080E45F38E05DC70752E6787'
      VELA_USER_REFRESH_TOKEN_DURATION: 90m
      VELA_USER_ACCESS_TOKEN_DURATION: 60m
      VELA_WORKER_AUTH_TOKEN_DURATION: 3m
      VELA_DISABLE_WEBHOOK_VALIDATION: 'true'
      VELA_ENABLE_SECURE_COOKIE: 'false'
      VELA_REPO_ALLOWLIST: '*'
      VELA_SCHEDULE_ALLOWLIST: '*'
      VELA_OTEL_TRACING_ENABLE: true
      VELA_OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4318
      VELA_OTEL_TRACING_SAMPLER_RATELIMIT_PER_SECOND: 100
      VELA_STORAGE_ENABLE: true
      VELA_STORAGE_DRIVER: minio
      VELA_STORAGE_ADDRESS: 'http://minio:9001' # Address of the MinIO server
      VELA_STORAGE_ACCESS_KEY: minioadmin
      VELA_STORAGE_SECRET_KEY: minioadmin
      VELA_STORAGE_USE_SSL: 'false'
      VELA_STORAGE_BUCKET: vela
    env_file:
      - .env
    restart: always
    ports:
      - '8080:8080'
    depends_on:
      - postgres
      - redis
      - vault

  # The `ui` compose service hosts the Vela UI.
  #
  # This component is used for providing a user-friendly
  # interface for triggering actions in the Vela system.
  #
  # https://go-vela.github.io/docs/administration/ui/
  ui:
    container_name: ui
    image: target/vela-ui:latest
    networks:
      - vela
    env_file:
      - .env
    restart: always
    ports:
      - '8888:80'
    depends_on:
      - server

  # The `redis` compose service hosts the Redis database.
  #
  # This component is used for publishing builds to a FIFO queue.
  #
  # https://redis.io/
  redis:
    container_name: redis
    image: redis:7-alpine
    networks:
      - vela
    ports:
      - '6379:6379'

  # The `postgres` compose service hosts the Postgresql database.
  #
  # This component is used for storing data at rest.
  #
  # https://www.postgresql.org/
  postgres:
    container_name: postgres
    image: postgres:15-alpine
    networks:
      - vela
    environment:
      POSTGRES_DB: vela
      POSTGRES_PASSWORD: 'zB7mrKDTZqNeNTD8z47yG4DHywspAh'
      POSTGRES_USER: vela
    ports:
      - '5432:5432'

  # The `vault` compose service hosts the HashiCorp Vault instance.
  #
  # This component is used for storing sensitive data like secrets.
  #
  # https://www.vaultproject.io/
  vault:
    image: hashicorp/vault:latest
    container_name: vault
    command: server -dev
    networks:
      - vela
    environment:
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
      VAULT_DEV_ROOT_TOKEN_ID: vela
    ports:
      - '8200:8200'
    cap_add:
      - IPC_LOCK

  # The `minio` compose service hosts the MinIO server instance.
  #
  # This component is used for storing build artifacts.
  #
  # https://min.io/
  minio:
    container_name: minio
    image: minio/minio
    restart: always
    ports:
      - '9001:9001'
      - '9002:9002'
    networks:
      - vela
    environment:
      - MINIO_ROOT_USER=minioadmin
      - MINIO_ROOT_PASSWORD=minioadmin
    command: minio server --address ":9001" --console-address ":9002" /data

  # The `minio-setup` compose service is used for setting up the MinIO server instance.
  #
  # This component is used for creating the bucket and setting permissions.
  minio-setup:
    image: minio/mc
    container_name: minio-setup
    depends_on:
      - minio
    networks:
      - vela
    entrypoint: >
      /bin/sh -c '
      until mc alias set local http://minio:9001 minioadmin minioadmin; do sleep 1; done;
      mc mb --ignore-existing local/vela;
      mc anonymous set none local/vela;
      '
    restart: "no"

networks:
  vela: