docker-compose.yml

version: '3.9'
services:
  cms:
    container_name: cms
    image: gsatts/usagov-2021:cms-latest
    build:
      context: ./
      dockerfile: .docker/Dockerfile-cms
      args:
        - BUID
        - BGID
        - HOST_ARCH
        - BUILD_ENV
    ports:
      #- 8080:80
      #- 8443:443
      - 80:80
      - 443:443
    networks:
      gsa-gov:
        aliases:
          - beta-local-usagov.apps.internal
          - cms-local-usagov.apps.internal
          - beta-usagov.docker.local
          - cms-usagov.docker.local
    volumes:
      - .:/var/www:delegated
      - ./.docker/src-cms/etc/periodic/1min/generate-static-site:/etc/periodic/1min/generate-static-site:delegated
      #- ./.docker/src-cms/50_xdebug.ini:/etc/php81/conf.d/50_xdebug.ini:delegated
    env_file:
      - ./env.local
    environment:
      COMPOSER_MEMORY_LIMIT: -1
      WWW_HOST: beta-local-usagov.apps.internal
      CF_INSTANCE_INDEX: '1'
      FIX_FILE_PERMS:
      VCAP_APPLICATION: >
        {"name":"cms", "application_id":"docker", "space_name":"local", "application_uris":["beta-local-usagov.apps.internal","cms-local-usagov.apps.internal"]}
      VCAP_SERVICES: >
        { "s3": [{
            "name": "storage",
            "credentials": {
              "access_key_id": "minioadmin",
              "secret_access_key": "miniopass",
              "region": "us-west-1",
              "bucket": "local",
              "fips_endpoint": "minio:9000",
              "endpoint": "minio:9000"
            }
          }],
          "aws-rds": [{
            "name": "database",
            "credentials": {
              "db_name": "drupal",
              "host": "database",
              "password": "mysql",
              "port": "3306",
              "username": "root"
            }
          }],
          "user-provided": [{
            "name": "secrets",
            "credentials": {
              "ADMIN_EMAIL": "secret@example.com",
              "CRON_KEY": "SECRET",
              "HASH_SALT": "SECRET",
              "ROOT_USER_NAME": "root",
              "ROOT_USER_PASS": "root"
            }
          },
          {
            "name": "secauthsecrets",
            "credentials": {
              "SPKEY": "SPKey",
              "SPCRT": "SPCert"
            }
          }]
        }
    depends_on:
      - database
      - minio

  database:
    container_name: database
    image: mariadb:10
    # build:
    #  context: ./
    #  dockerfile: .docker/Dockerfile-mysql
    ports:
      - 3306:3306
    volumes:
      - .:/app:delegated
      - database_data:/var/lib/mysql:delegated
    environment:
      MYSQL_ROOT_PASSWORD: mysql
      MYSQL_DATABASE: drupal
    cap_add:
      - SYS_NICE
    networks:
      - gsa-gov

  minio:
    container_name: minio
    build:
      context: ./
      dockerfile: .docker/Dockerfile-minio
      args:
        - BUILD_ENV
    ports:
      - 9000:9000
      - 9001:9001
    volumes:
      - ./s3:/data
      - ./.docker/src-minio/docker-entrypoint-minio.sh:/docker-entrypoint-minio.sh
      - ./.docker/src-minio/setup-bucket.sh:/setup-bucket.sh
    environment:
      - MINIO_ROOT_USER=minioadmin
      - MINIO_ROOT_PASSWORD=miniopass
      - MINIO_SERVER_URL=https://127.0.0.1:9000
      - MINIO_DOMAIN=minio
    networks:
      gsa-gov:
        aliases:
          - local.minio

  composer:
    container_name: composer
    build:
      context: ./
      dockerfile: .docker/Dockerfile-cms
      target: composer-builder
      args:
        - BUID
        - BGID
        - GITCOMMIT
        - GITBRANCH
        - GITTAG
        - BUILD_ENV
    #command: tail -f /dev/null
    command: echo "Shutting Down on Purpose"
    volumes:
      - .:/var/www:delegated
    env_file:
      - ./env.local

  node:
    container_name: node
    build:
      context: ./
      dockerfile: .docker/Dockerfile-cms
      target: theme-builder
      args:
        - BUID
        - BGID
    command: npm run watch --prefix /var/www/web/themes/custom/usagov
    # command: tail -f /dev/null
    # command: echo "Shutting Down on Purpose"
    volumes:
      - .:/var/www:delegated
    env_file:
      - ./env.local
    networks:
      - gsa-gov


volumes:
  database_data:
#   nfsmount:
#     driver: local
#     driver_opts:
#       type: nfs
#       o: addr=host.docker.internal,rw,nolock,hard,nointr,nfsvers=3,fsc,actimeo=2,tcp
#       device: ":${PWD}"

networks:
  gsa-gov:

# egress:
#     build:
#       context: .docker/src-egress
#       dockerfile: .docker/Dockerfile-egress
#     restart: unless-stopped
#     ports:
#       - "8080:8080"
#     volumes:
#       - .docker/src-egress:/etc/caddy
#     environment:
#       # Solution to get Alpine to run the .profile comes from
#       # https://stackoverflow.com/a/43743532/17138235
#       - ENV=/srv/.profile
#       - https_proxy=https://localhost:8080
#       # Provide the CF env fixtures... more are needed!
#       - PORT=8080
#       # The variables that matter to the app
#       - PROXY_USERNAME=user
#       - PROXY_PASSWORD=pass
#       - PROXY_DENY="*.yahoo.com"
#       - PROXY_ALLOW= |
#         "*.google.com

  # waf:
  #   container_name: waf
  #   image: gsatts/usagov-2021:waf-latest
  #   build:
  #     context: .docker/
  #     dockerfile: Dockerfile-waf
  #   ports:
  #     - 80:80
  #     - 443:443
  #   networks:
  #     gsa-gov:
  #       aliases:
  #         - beta-local.usa.gov
  #         - cms-local.usa.gov
  #   volumes:
  #     - .docker/src-waf/etc/nginx/nginx.conf.tmpl:/etc/nginx/nginx.conf.tmpl:delegated
  #     - .docker/src-waf/etc/nginx/conf.d:/etc/nginx/conf.d:delegated
  #     - .docker/src-waf/etc/nginx/snippets:/etc/nginx/snippets:delegated
  #   environment:
  #      - SERVERNAME=localhost
  #      - PORT=443
  #      - APP_NAME=USAGov
  #      - BLOCKED_NAME=USAGov
  #      - PARANOIA=1
  #      - ANOMALY_INBOUND=5


  # waf:
  #   container_name: waf
  #   image: gsatts/usagov-2021:waf-latest
  #   build:
  #     context: .docker/
  #     dockerfile: Dockerfile-waf
  #   ports:
  #     - 8080:80
  #   depends_on:
  #     - minio
  #   networks:
  #     - gsa-gov
  #   environment:
  #     - SERVERNAME=localhost
  #     - PORT=443
  #     - APP_NAME=USAGov
  #     - BLOCKED_NAME=USAGov
  #     # - IP_ALLOWED=50.81.160.164 100.36.151.190 52.222.122.97/32 52.222.123.172/32 159.142.0.0/16
  #     #############################################
  #     # CRS Variables
  #     #############################################
  #     # Paranoia Level
  #     - PARANOIA=1
  #     # Inbound and Outbound Anomaly Score Threshold
  #     - ANOMALY_INBOUND=5
  #     - ANOMALY_OUTBOUND=4
  #     # Executing Paranoia Level
  #     # - EXECUTING_PARANOIA=2
  #     #######################################################
  #     # Reverse Proxy mode
  #     # (only available if SETPROXY was enabled during the
  #     # parent ModSecurity image)
  #     #######################################################
  #     # PROXYLOCATION: Application Backend of Reverse Proxy
  #     # - PROXYLOCATION=http://app:8000/
  #     #
  #     # If needed: add own httpd-proxy.conf (only available if SETPROXY
  #     # was enabled during build of parent ModSecurity image)
  #     #  - ./httpd-proxy.conf:/usr/local/apache2/conf/extra/httpd-proxy.conf
  #     #######################################################
  #     # Various CRS Variables with Default Values
  #     #######################################################
  #     #- ENFORCE_BODYPROC_URLENCODED=1
  #     #- ALLOWED_METHODS=GET HEAD POST OPTIONS
  #     #- ALLOWED_REQUEST_CONTENT_TYPE=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/soap+xml|application/x-amf|application/json|application/octet-stream|text/plain
  #     #- ALLOWED_REQUEST_CONTENT_TYPE_CHARSET=utf-8|iso-8859-1|iso-8859-15|windows-1252
  #     #- ALLOWED_HTTP_VERSIONS=HTTP/1.0 HTTP/1.1 HTTP/2 HTTP/2.0
  #     #- RESTRICTED_EXTENSIONS=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/
  #     #- RESTRICTED_HEADERS=/proxy/ /lock-token/ /content-range/ /if/
  #     #- STATIC_EXTENSIONS=/.jpg/ /.jpeg/ /.png/ /.gif/ /.js/ /.css/ /.ico/ /.svg/ /.webp/
  #     #######################################################
  #     # CRS Variables with Default Value unlimited
  #     #######################################################
  #     #- MAX_NUM_ARGS=255
  #     #- ARG_NAME_LENGTH=100
  #     #- ARG_LENGTH=400
  #     #- TOTAL_ARG_LENGTH=64000
  #     #- MAX_FILE_SIZE=1048576
  #     #- COMBINED_FILE_SIZES=1048576
  #     #######################################################
  #     # Volumes for ModSecurity Tuning
  #     #######################################################
  #     # volumes:
  #     #   - ./src-waf/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
  #     #   - ./src-waf/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf:/etc/modsecurity.d/owasp-crs/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf
  #     #######################################################
  #     # Add TLS server certificate and key
  #     # (only available if SETPROXY was enabled during the
  #     # parent ModSecurity image)
  #     #######################################################
  #     #  - ./server.crt:/usr/local/apache2/conf/server.crt
  #     #  - ./server.key:/usr/local/apache2/conf/server.key