dhis2-core icon indicating copy to clipboard operation
dhis2-core copied to clipboard

Published 20 hours ago verified publisher icon dhis2

chore: update docker-compose.yml

Open michael-markevich opened this issue 2 years ago • 6 comments

Based on the security assessment results (https://dhis2.atlassian.net/browse/SEC-48), I suggest updating the docker-compose.yml to move the composer configuration to the production setup. This includes using the official Postgis repository, an additional health check and security options, and a clean setup without a demo database and debugging.

The current docker-compose.yml can still be used for development purposes.

michael-markevich avatar Oct 02 '23 10:10 michael-markevich

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar Oct 02 '23 10:10 sonarqubecloud[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 66.24%. Comparing base (c63dbd2) to head (c3d3404). Report is 2424 commits behind head on master.

Additional details and impacted files 
@@             Coverage Diff              @@
##             master   #15286      +/-   ##
============================================
+ Coverage     65.83%   66.24%   +0.40%     
- Complexity    30925    31254     +329     
============================================
  Files          3483     3485       +2     
  Lines        129139   129791     +652     
  Branches      15046    15145      +99     
============================================
+ Hits          85015    85975     +960     
+ Misses        37076    36735     -341     
- Partials       7048     7081      +33
Flag Coverage Δ
integration 49.79% <ø> (+0.06%) :arrow_up:
integration-h2 32.42% <ø> (+0.35%) :arrow_up:
unit 30.34% <ø> (+0.18%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

see 261 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 8a79344...c3d3404. Read the comment docs.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

codecov[bot] avatar Oct 02 '23 10:10 codecov[bot]

I would recommend creating a copy of the original docker compose file and naming it docker-compose.production.yml and make that the target of your updates.

Having both docker compose files in this PR make sense as we want to apply some of these changes to the original as well.

tonsV2 avatar Oct 17 '23 04:10 tonsV2

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar Nov 06 '23 15:11 sonarqubecloud[bot]

@tonsV2 @radnov @Philip-Larsen-Donnelly I updated the MR based on the feedback you provided. Here are some comments on the chosen approach:

  1. Docker manuals recommend using the merge functionality (https://docs.docker.com/compose/multiple-compose-files/merge/) to create various configurations/environments. This allows us to avoid duplicating the same configuration in multiple files.
  2. Following their logic and preferred new (since 2021) naming scheme, compose.yaml contains the production configuration of DHIS2, and compose.override.yaml contains overrides for the development environment.
  3. I didn't touch the password-related part but added .env.example file according to @tonsV2 suggestion.

In a nutshell, if both files are present, calling docker compose up will deploy a development build (as a result of merging two YAML files). If only compose.yaml is present (or specified explicitly with -f option), the production setup is deployed.

michael-markevich avatar Nov 06 '23 15:11 michael-markevich

This PR has not seen any activity in the last 5 months. The PR will be closed in 30 days if the stale label is not removed.

Please note that this is an automated message and we might very well be the reason why there has not been any activity lately.

Please remove the stale label if you would like to continue working on the PR. Make sure that you have requested a review by a dev or a team https://github.com/orgs/dhis2/teams.

github-actions[bot] avatar May 24 '24 00:05 github-actions[bot]

This PR has not seen any activity in the last 5 months. The PR will be closed in 30 days if the stale label is not removed.

Please note that this is an automated message and we might very well be the reason why there has not been any activity lately.

Please remove the stale label if you would like to continue working on the PR. Make sure that you have requested a review by a dev or a team https://github.com/orgs/dhis2/teams.

github-actions[bot] avatar Dec 23 '24 00:12 github-actions[bot]