cbs/podman-compose.cbs-dev.yaml at main · clyso/cbs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
# CBS - Clyso Build System
# Copyright (C) 2025  Clyso GmbH
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.

services:
  cbs:
    build:
      context: .
      dockerfile: ./container/ContainerFile.cbsd
      target: cbsd-dev-server
    container_name: clyso-cbs-service-dev
    ports:
      - "8080:8080"
    restart: "no"
    privileged: true
    volumes:
      - ./_local/cbs/config/server:/cbs/config
      - ./_local/cbs/data:/cbs/data
      - ./_local/cbs/logs:/cbs/logs

      - ./cbsd:/cbs/server/cbsd
      - ./cbscore:/cbs/server/cbscore
      - ./cbsdcore:/cbs/server/cbsdcore
      - ./cbc:/cbs/server/cbc
      - ./crt:/cbs/server/crt
      - ./pyproject.toml:/cbs/server/pyproject.toml
    security_opt:
      - label=disable
      - seccomp=unconfined
    environment:
      CBS_CONFIG: /cbs/config/cbsd.server.config.yaml
      CBS_DEBUG: 1
      CBS_DEBUG_BUILDS: 1
    depends_on:
      redis:
        condition: service_started

  worker:
    build:
      context: .
      dockerfile: ./container/ContainerFile.cbsd
      target: cbsd-dev-worker
    container_name: clyso-cbs-worker-dev
    privileged: true
    volumes:
      - ./_local/cbs/config/worker:/cbs/config
      - ./cbscore:/cbs/src
      - ./_local/cbs/logs:/cbs/logs

      - ./_local/cbs/scratch:/cbs/scratch
      - ./_local/cbs/scratch/containers:/var/lib/containers
      - ./_local/cbs/scratch/ccache:/cbs/ccache
      - ./components:/cbs/components
      - /dev/fuse:/dev/fuse:rw

      - ./cbsd:/cbs/server/cbsd
      - ./cbscore:/cbs/server/cbscore
      - ./cbsdcore:/cbs/server/cbsdcore
      - ./cbc:/cbs/server/cbc
      - ./crt:/cbs/server/crt
      - ./pyproject.toml:/cbs/server/pyproject.toml
    cap_add:
      - MKNOD
      - SYS_ADMIN
    security_opt:
      - label=disable
      - seccomp=unconfined
    environment:
      CBS_CONFIG: /cbs/config/cbsd.worker.config.yaml
      CBS_DEBUG: 1
    # We require the host network to be able to properly access interfaces
    # such as those of a vpn. This means the cbs worker is not in the same
    # network as the other containers, and must access the redis broker by
    # its external address (in this case, localhost). This must be taken
    # into account when configuring the worker.
    network_mode: host
    healthcheck:
      test: [
          "CMD-SHELL",
          "cd /cbs/server/cbsd && \
          uv run --no-sync celery -A cbslib.worker inspect ping",
        ]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s
      start_interval: 5s
    depends_on:
      - redis

  redis:
    container_name: cbs-redis
    image: docker.io/redis:8.4
    entrypoint: ["redis-server", "--save", "60", "1"]
    ports:
      - "6379:6379"
    volumes:
      - ./_local/cbs/redis:/data
    security_opt:
      - label=disable