scipro/compose-branch-deploy.yaml

services:
  scipro:
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
    depends_on:
      db:
        condition: service_healthy
      oauth2:
        condition: service_started
    environment:
      - JDBC_DATABASE_URL=jdbc:mariadb://db:3306/scipro
      - JDBC_DATABASE_USERNAME=scipro
      - JDBC_DATABASE_PASSWORD=scipro
      - OAUTH2_AUTHORIZATION_URI=https://oauth2-${VHOST}/authorize
      - OAUTH2_TOKEN_URI=https://oauth2-${VHOST}/exchange
      - OAUTH2_USER_INFO_URI=https://oauth2-${VHOST}/introspect
      - OAUTH2_CLIENT_ID=scipro_client
      - OAUTH2_CLIENT_SECRET=scipro_secret
      - OAUTH2_RESOURCE_SERVER_ID=scipro_api_client
      - OAUTH2_RESOURCE_SERVER_SECRET=scipro_api_secret
      - OAUTH2_RESOURCE_SERVER_INTROSPECTION_URI=https://oauth2-${VHOST}/introspect
      - OAUTH2_GS_AUTHORIZATION_URI=https://oauth2-gs-${VHOST}
      - OAUTH2_GS_CLIENT_REDIRECT_URI=https://${VHOST}/oauth/callback
    networks:
      - traefik
      - internal
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.rule=Host(`${VHOST}`)"
      - "traefik.http.routers.${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"

  db:
    image: mariadb:10.11
    restart: unless-stopped
    networks:
      - internal
    environment:
      MARIADB_ROOT_PASSWORD: root
      MARIADB_DATABASE: scipro
      MARIADB_USER: scipro
      MARIADB_PASSWORD: scipro
    healthcheck:
      test: ["CMD", "healthcheck.sh", "--connect"]
      start_period: 10s
      interval: 10s
      timeout: 5s
      retries: 6

  oauth2:
    build:
      context: https://github.com/dsv-su/toker.git
      dockerfile: embedded.Dockerfile
    restart: unless-stopped
    environment:
      - CLIENT_ID=scipro_client
      - CLIENT_SECRET=scipro_secret
      - CLIENT_REDIRECT_URI=https://${VHOST}/login/oauth2/code/scipro
      - RESOURCE_SERVER_ID=scipro_api_client
      - RESOURCE_SERVER_SECRET=scipro_api_secret
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.oauth2-${COMPOSE_PROJECT_NAME}.rule=Host(`oauth2-${VHOST}`)"
      - "traefik.http.routers.oauth2-${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"

  oauth2-gs:
      build:
        context: https://github.com/dsv-su/toker.git
        dockerfile: embedded.Dockerfile
      restart: unless-stopped
      environment:
        - CLIENT_ID=scipro_client
        - CLIENT_SECRET=scipro_secret
        - CLIENT_REDIRECT_URI=https://${VHOST}/oauth/callback
        - RESOURCE_SERVER_ID=scipro_api_client
        - RESOURCE_SERVER_SECRET=scipro_api_secret
        - CLIENT_SCOPES=grade:read grade:write
      networks:
        - traefik
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.oauth2-gs-${COMPOSE_PROJECT_NAME}.rule=Host(`oauth2-gs-${VHOST}`)"
        - "traefik.http.routers.oauth2-gs-${COMPOSE_PROJECT_NAME}.tls.certresolver=letsencrypt"

networks:
  traefik:
    name: traefik
    external: true
  internal:
    name: ${COMPOSE_PROJECT_NAME}_internal