110 lines
2.9 KiB
YAML
110 lines
2.9 KiB
YAML
version: '3.8'
|
|
services:
|
|
app:
|
|
image: adelyao/sipintar-app:latest
|
|
working_dir: /app
|
|
ports:
|
|
- "3000:3000"
|
|
# environment:
|
|
# # DATABASE_URL: /run/secrets/db_url
|
|
# # DATABASE_URL_FILE: /run/secrets/db_url
|
|
# DATABASE_URL: "mysql://sipintar_user:$$(cat /run/secrets/db_password)@sipintar_mysql:3306/sipintar_school"
|
|
depends_on:
|
|
- db
|
|
networks:
|
|
- sipintar-overlay
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.5'
|
|
memory: 350M
|
|
reservations:
|
|
cpus: '0.1'
|
|
memory: 100M
|
|
restart_policy:
|
|
condition: on-failure
|
|
command: ["sh", "-c", "export DATABASE_URL=$$(cat /run/secrets/db_url) && npm run start"] #nanti tambahin biar prisma langsung di run
|
|
secrets:
|
|
- db_url
|
|
|
|
sipintar_mysql:
|
|
image: mysql:5.7
|
|
environment:
|
|
MYSQL_DATABASE: sipintar_school
|
|
MYSQL_USER: sipintar_user
|
|
MYSQL_PASSWORD_FILE: /run/secrets/db_password
|
|
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
|
|
volumes:
|
|
- mysql_data:/var/lib/mysql
|
|
- ./setup-database.sql:/docker-entrypoint-initdb.d/setup-database.sql
|
|
networks:
|
|
- sipintar-overlay
|
|
healthcheck:
|
|
test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-p$$(cat /run/secrets/db_root_password)"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 10
|
|
start_period: 40s
|
|
deploy:
|
|
restart_policy:
|
|
condition: on-failure
|
|
resources:
|
|
limits:
|
|
cpus: '0.5'
|
|
memory: 350M
|
|
reservations:
|
|
cpus: '0.1'
|
|
memory: 100M
|
|
secrets:
|
|
- db_password
|
|
- db_root_password
|
|
- db_url
|
|
|
|
|
|
scanner:
|
|
image: aquasec/trivy:latest
|
|
working_dir: /app
|
|
environment:
|
|
TRIVY_SEVERITY: "CRITICAL,HIGH"
|
|
TRIVY_IGNORE_UNFIXED: "true"
|
|
TRIVY_OUTPUT: "/app/trivy-report.json"
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock
|
|
- ./trivy-results:/tmp/trivy-results
|
|
command: ["image", "-q", "--format", "json", "--severity", "CRITICAL,HIGH", "app", "--output", "/tmp/trivy-results/trivy-report.json"]
|
|
networks:
|
|
- sipintar-overlay
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '0.5'
|
|
memory: 350M
|
|
reservations:
|
|
cpus: '0.1'
|
|
memory: 100M
|
|
|
|
secrets:
|
|
db_password:
|
|
file: ./secrets/db_password.txt
|
|
db_root_password:
|
|
file: ./secrets/db_root_password.txt
|
|
db_url:
|
|
file: ./secrets/db_url.txt
|
|
|
|
volumes:
|
|
mysql_data:
|
|
|
|
networks:
|
|
sipintar-overlay:
|
|
driver: overlay
|
|
|
|
#docker-compose -f docker-compose-prod.yml --env-file .env.prod build
|
|
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up -d
|
|
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up (yg ada pilusnya)
|
|
#docker-compose -f docker-compose-prod.yml --env-file .env.prod up --build -d
|
|
#docker stack deploy -c docker-compose-prod.yml sipintar_stack
|
|
|
|
#docker-compose down
|
|
# docker system prune -f
|
|
# docker network prune -f
|