4 changed files with 55 additions and 4 deletions
--- a/.gitea/workflows/deploy-branch.yaml
+++ b/.gitea/workflows/deploy-branch.yaml
@ -10,7 +10,7 @@ jobs:
        with:
          gitea-token: ${{ secrets.GITEA_TOKEN }}
          ssh-key: ${{ secrets.BRANCH_DEPLOY_KEY }}
-          compose-file: 'compose.yaml'
+          compose-file: 'compose-branch.yaml'
      - name: Post URL to deployment as comment
        uses: actions/github-script@v7
        env:
--- a/compose-branch.yaml
+++ b/compose-branch.yaml
@ -0,0 +1,47 @@
+services:
+  web:
+    extends:
+      file: compose.yaml
+      service: web
+    depends_on:
+      db:
+        condition: service_healthy
+    networks:
+      - blog-network
+      - traefik
+    environment:
+      - OAUTH2_AUTHORIZATION_URI=https://oauth2-${VHOST}/authorize
+      - OAUTH2_TOKEN_URI=https://oauth2-${VHOST}/exchange
+      - OAUTH2_USER_INFO_URI=https://oauth2-${VHOST}/verify
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${VHOST}`)"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.entrypoints=secure"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"
+
+  db:
+    extends:
+      file: compose.yaml
+      service: db
+    networks:
+      - blog-network
+
+  oauth2:
+    extends:
+      file: compose.yaml
+      service: oauth2
+    networks:
+      - traefik
+    environment:
+      CLIENT_REDIRECT_URI: https://${VHOST}/login/oauth2/code/local
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.rule=Host(`oauth2-${VHOST}`)"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.entrypoints=secure"
+      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}-oauth2.tls.certresolver=letsencrypt"
+
+networks:
+  blog-network:
+  traefik:
+    name: traefik
+    external: true
--- a/compose.yaml
+++ b/compose.yaml
@ -8,6 +8,10 @@ services:
    restart: always
    ports:
      - "8080:8080"
+    environment:
+      - OAUTH2_AUTHORIZATION_URI=http://localhost:59999/authorize # exposed port since browser has to access
+      - OAUTH2_TOKEN_URI=http://oauth2:8080/exchange # inside the docker network
+      - OAUTH2_USER_INFO_URI=http://oauth2:8080/verify

  db:
    image: mariadb:latest
--- a/src/main/resources/application-docker.yml
+++ b/src/main/resources/application-docker.yml
@ -8,9 +8,9 @@ spring:
      client:
        provider:
          embedded-toker:
-            authorization-uri: http://localhost:59999/authorize # exposed port since browser has to access
-            token-uri: http://oauth2:8080/exchange # inside the docker network
-            user-info-uri: http://oauth2:8080/verify
+            authorization-uri: ${OAUTH2_AUTHORIZATION_URI}
+            token-uri: ${OAUTH2_TOKEN_URI}
+            user-info-uri: ${OAUTH2_USER_INFO_URI}
            user-name-attribute: sub
        registration:
          local: