-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathdocker-compose.yaml
More file actions
65 lines (65 loc) · 2.73 KB
/
docker-compose.yaml
File metadata and controls
65 lines (65 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
include:
- ../aou-common/aou-common-compose.yaml
services:
app:
container_name: "application-server"
build:
context: .
additional_contexts:
load-envs: service:aou-common-load-envs
restart: always
ports:
- "80:80"
volumes:
- .:/workspace:cached
- sas-data:/data
# SAS startup script — invoked via PRE_DEPLOY_SCRIPT before SAS
# services start. Must NOT mount at /tmp/pre_deploy.sh because
# the entrypoint overwrites that path with the env var content.
- ./sas-startup.sh:/opt/sas/aou/sas-startup.sh:ro
# Fallback license mount for manual GCE testing without Mikey Secrets.
# With Mikey Secrets, the entrypoint wrapper populates /sasinside/ from
# the SAS_LICENSE_PATH file descriptor instead.
- ./sasinside:/sasinside
tmpfs:
- /data/workspace:uid=1002,gid=1100
environment:
HOST_AUTH: ""
SAS_DEBUG: "0"
SASLICENSEFILE: "SASLicense.jwt"
GOMEMLIMIT: "20MiB"
PRE_DEPLOY_SCRIPT: "bash /opt/sas/aou/sas-startup.sh"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CORS_ALLOWEDORIGINS: "-Dsas.commons.web.security.cors.allowedOrigins=*"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CORS_ALLOWCREDENTIALS: "-Dsas.commons.web.security.cors.allowCredentials=false"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CORS_ALLOWEDHEADERS: "-Dsas.commons.web.security.cors.allowedHeaders=*"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CORS_ALLOWEDMETHODS: "-Dsas.commons.web.security.cors.allowedMethods=OPTIONS,POST,PUT,GET,DELETE,HEAD,PATCH"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CSRF: "-Dsas.commons.web.security.csrf.enable-csrf=false"
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_CSRF_ALLOWEDURIS: "-Dsas.commons.web.security.csrf.allowedUris=*"
# Use sameSite=None for GCE (HTTPS + cross-origin iframe).
# For local HTTP testing, change to sameSite=Lax.
JAVA_OPTION_SAS_COMMONS_WEB_SECURITY_COOKIES_SAMESITE: "-Dsas.commons.web.security.cookies.sameSite=None"
JAVA_OPTION_SAS_STUDIO_BASICUSER: "-Dsas.studio.basicUser=aou"
JAVA_OPTION_SAS_STUDIO_BASICPASSWORD: "-Dsas.studio.basicPassword=aou"
JAVA_OPTION_SERVER_SERVLET_SESSION_TIMEOUT: "-Dserver.servlet.session.timeout=240m"
networks:
- app-network
depends_on:
- wondershaper
cap_add:
- SYS_ADMIN
devices:
- /dev/fuse
security_opt:
- apparmor:unconfined
wondershaper:
container_name: "wondershaper"
image: "us-west2-docker.pkg.dev/shared-pub-buckets-94mvrf/workbench-artifacts/app-wondershaper@sha256:0438761b165f6f8da90383722278be8cf89607f39cd42c386877fe72f26b3b40"
restart: always
network_mode: "host"
cap_add:
- NET_ADMIN
networks:
app-network:
external: true
volumes:
sas-data: