interlockSim/docker-compose.yml at develop · bedaHovorka/interlockSim · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#
#      Brno University of Technology
#      Faculty of Information Technology
#
#      BSc Thesis       2006/2007
#
#      Railway Interlocking Simulator
#
#      Dockerization: 2025
#      Optimized: 2026-01 (BuildKit cache mounts)
#      Security fix: 2026-06 (BuildKit secrets for GitHub Packages token)
#
#      Docker Compose orchestration for interlockSim project
#
#      Usage:
#        # Build services:
#        docker compose build app        # Build app (kDisco downloaded from GitHub Packages)
#        docker compose build text       # Build LaTeX thesis
#
#        # Run GUI editor (requires X11):
#        docker compose up app
#
#        # Run simulation with example:
#        docker compose run app java -jar interlockSim.jar example shuntingLoop 60
#
#        # Run simulation with custom XML:
#        docker compose run -v $(pwd)/myfile.xml:/app/myfile.xml app java -jar interlockSim.jar sim myfile.xml
#
#      GitHub Packages authentication:
#        Set GITHUB_ACTOR and GITHUB_TOKEN and EXPORT them before building. The
#        token is passed to the build as a BuildKit secret (secrets.environment
#        below) so it never appears in the resolved RUN command, image layers, or
#        docker history. Because the secret provider reads the *process* env (not
#        .env, which compose only auto-loads for ${VAR} interpolation), a .env
#        file alone is NOT enough -- export it first:
#
#            set -a; source .env; set +a
#            docker compose up --build
#
#        A non-exported .env yields an empty token and a 401 from GitHub Packages.
#

services:
  # Build and run Java application with GUI support
  # kDisco is automatically downloaded from GitHub Packages or uses local Maven cache
  app:
    build:
      context: .
      dockerfile: Dockerfile
      target: runner
      args:
        # Non-sensitive cache hint only
        BUILDKIT_INLINE_CACHE: 1
      secrets:
        # GitHub Packages credentials for kDisco dependency.
        # Values are read from host environment variables and mounted as BuildKit
        # secrets at /run/secrets/github_actor and /run/secrets/github_token.
        - github_actor
        - github_token
    image: interlocksim:latest
    environment:
      # Pass host DISPLAY to container for X11 forwarding
      - DISPLAY=${DISPLAY:-host.docker.internal:0}
      # Pass X11 authentication
      - XAUTHORITY=/tmp/.docker.xauth
    volumes:
      # Mount X11 socket for GUI display
      - /tmp/.X11-unix:/tmp/.X11-unix:rw
      # Mount X11 authentication file
      - ${XAUTHORITY:-$HOME/.Xauthority}:/tmp/.docker.xauth:ro
      # Mount local directory to extract artifacts
      - ./artifacts/app:/artifacts
      # Optional: mount XML files for simulation
      # - ./src/main/resources:/app/xml:ro
    network_mode: host
    container_name: interlocksim-app
    # Allow X11 forwarding
    security_opt:
      - seccomp:unconfined
    # Optional: uncomment to keep container running for debugging
    # stdin_open: true
    # tty: true

  # Native fast-sim CLI binary (no JVM, minimal image)
  # Usage:
  #   docker compose build fast-sim
  #   docker compose run fast-sim example shuntingLoop 60
  fast-sim:
    build:
      context: .
      dockerfile: Dockerfile.fast-sim
      args:
        # Non-sensitive cache hint only
        BUILDKIT_INLINE_CACHE: 1
      secrets:
        # GitHub Packages credentials for kDisco dependency (see app service above).
        - github_actor
        - github_token
    image: interlocksim-fast-sim:latest
    container_name: interlocksim-fast-sim
    command: ["example", "shuntingLoop", "60"]

  # Build LaTeX thesis with Czech language tools
  text:
    build:
      context: .
      dockerfile: text/Dockerfile
      args:
        BUILDKIT_INLINE_CACHE: 1
    image: interlocksim-text:latest
    volumes:
      # Mount local directory to extract artifacts
      - ./artifacts/text:/artifacts
    container_name: interlocksim-text-build
    # Optional: uncomment to see more detailed build output
    # stdin_open: true
    # tty: true

# Explicit network for clarity (optional)
networks:
  default:
    name: interlocksim-network

# BuildKit secrets: map host environment variables to secret IDs used in Dockerfiles.
# The values are mounted at runtime and are not persisted in the image.
secrets:
  github_actor:
    environment: GITHUB_ACTOR
  github_token:
    environment: GITHUB_TOKEN

# Note: BuildKit cache mounts are managed in Dockerfiles, not here
# Runtime volumes can be added here if needed in the future
volumes: {}