-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcompose.watch-build-server.yml
132 lines (119 loc) · 4.24 KB
/
compose.watch-build-server.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
services:
watch-build:
build:
context: "./images/node"
network: host
cap_add:
# Minimum permissions for Docker User Mirror entrypoint:
- CAP_SETGID # Needed to switch from root to another user.
- CAP_SETUID # Needed to switch from root to another user.
- CAP_SETPCAP # Needed to change permissions when switching users.
- CAP_CHOWN # Needed to write changes to /etc/gshadow and /etc/shadow.
- CAP_DAC_OVERRIDE # Needed for Podman.
cap_drop: ["ALL"]
command: ["run", "watch-build"]
entrypoint: [/entrypoint, --, npm]
environment:
CAPABILITIES: # setpriv --bounding-set options. Must be a subset of cap_add. See https://www.man7.org/linux/man-pages/man1/setpriv.1.html#OPTIONS
CHOWN_LIST: # Set by Docker User Mirror
HOST_MAPPED_GROUP: # Set by Docker User Mirror
HOST_MAPPED_GID: # Set by Docker User Mirror
HOST_MAPPED_USER: # Set by Docker User Mirror
HOST_MAPPED_UID: # Set by Docker User Mirror
SERVICE_NAME: watch-build # Used to filter CHOWN_LIST with Docker User Mirror
healthcheck:
test: ["CMD", "sh", "-c", "[ $(ps | grep nodemon | grep -v grep | wc -l) -ge 1 ]"]
interval: 5s
timeout: 10s
start_period: 30s
start_interval: 2s
security_opt: ["no-new-privileges:true"]
stop_grace_period: 1s
volumes:
# Bind the current directory to the working directory inside the container.
- type: "bind"
source: "./"
target: "/app"
# Rename "docker.npmrc" to ".npmrc"
- type: "bind"
read_only: true
source: "./docker.npmrc"
target: "/app/.npmrc"
# Bind the NPM cache.
- type: "bind"
source: "~/.npm"
target: "/tmp/npm-cache"
bind:
create_host_path: true
# Prepare build directory.
- type: "bind"
source: "./build"
target: "/app/build"
bind:
create_host_path: true
# Use higher performance volumes for intermediate directories.
- type: "volume"
source: build_rollup
target: "/app/build/rollup"
- type: "volume"
source: build_typescript
target: "/app/build/typescript"
- type: "volume"
source: node_modules
target: "/app/node_modules"
working_dir: "/app"
server:
depends_on:
watch-build:
condition: service_healthy
attach: false
build:
context: "./images/node"
network: host
cap_add:
# Minimum permissions for Docker User Mirror entrypoint:
- CAP_SETGID # Needed to switch from root to another user.
- CAP_SETUID # Needed to switch from root to another user.
- CAP_SETPCAP # Needed to change permissions when switching users.
- CAP_CHOWN # Needed to write changes to /etc/gshadow and /etc/shadow.
- CAP_DAC_OVERRIDE # Needed for Podman.
cap_drop: ["ALL"]
command: ["run", "serve-release"]
entrypoint: [/entrypoint, --, npm]
environment:
CAPABILITIES: # setpriv --bounding-set options. Must be a subset of cap_add. See https://www.man7.org/linux/man-pages/man1/setpriv.1.html#OPTIONS
CHOWN_LIST: # Set by Docker User Mirror
HOST_MAPPED_GROUP: # Set by Docker User Mirror
HOST_MAPPED_GID: # Set by Docker User Mirror
HOST_MAPPED_USER: # Set by Docker User Mirror
HOST_MAPPED_UID: # Set by Docker User Mirror
SERVICE_NAME: server # Used to filter CHOWN_LIST with Docker User Mirror
healthcheck:
test: ["CMD", "sh", "-c", "[ $(ps | grep http-server | grep -v npm | grep -v grep | wc -l) -eq 1 ]"]
start_period: 30s
start_interval: 2s
ports: ["127.0.0.1:8080:8080"]
security_opt: ["no-new-privileges:true"]
stop_grace_period: 2s
volumes:
# Bind the release files
- type: "bind"
read_only: true
source: "./build/release"
target: "/app/build/release"
bind:
create_host_path: true
# Bind package data
- type: "bind"
read_only: true
source: "./package.json"
target: "/app/package.json"
- type: "volume"
read_only: true
source: node_modules
target: "/app/node_modules"
working_dir: "/app"
volumes:
build_rollup:
build_typescript:
node_modules: