-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ClamAV in Containers (#15965) * use clamav container for local development and review instances * rubocop formatting & CODEOWNERS * fix Dockerfile * update CODEOWNERS and docker-compose version for review instances * change docker-compose verions for review * fix review ports * update github workflows to match k8s * update github workflows * update code_checks for docker compose for tests * add bundle exec to setup db step in audit service tags * reset db in docker compose review & update audit service tag docker services * remove clamd and freshclam from procfile * add sidekiq enterprise license to test env var * set sidekiq license to docker build args * update makefile to work with new docker services * add clamav host & port to settings * add restart services to docker-compose review * Added virus scan to uploads spec (#16393) * Added virus scan to uploads spec * Fixing Virus scan spec * resolve merge conflict * change directory from /app to /srv/vets-api/src * use previous master version for RI + clam containers * add USER_ID to RI docker-compose * set working directory back to app * minor clean up with new line EOF & remove k8s deploy related code * update makefile up command with foreman * fix docker-compose clamav new line * more cleanup and rubocop formatting * remove redis ports from docker-compose test * update redis port * revert docker-compose test to original master * update api service name to web * rubocop formatting * add Procfile to CODEOWNERS * update CODEOWNERS * add secret and pki volumes back to RI * add some settings in review docker-compose * fix merge conflict mistake in Dockerfile * update dockerfile ruby version --------- Co-authored-by: Rachal Cassity <[email protected]> * delete code checks yml --------- Co-authored-by: Rachal Cassity <[email protected]>
- Loading branch information
1 parent
b5d4e44
commit 06cd3fb
Showing
13 changed files
with
99 additions
and
86 deletions.
There are no files selected for viewing
Validating CODEOWNERS rules …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,2 @@ | ||
web: bundle exec puma -p 3000 -C ./config/puma.rb | ||
job: bundle exec sidekiq -q critical,4 -q tasker,3 -q default,2 -q low,1 | ||
freshclam: /usr/bin/freshclam -d --config-file=config/freshclam.conf | ||
clamd: /usr/sbin/clamd -c config/clamd.conf |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,6 @@ | ||
# frozen_string_literal: true | ||
|
||
## If running clamav natively | ||
# ENV['CLAMD_UNIX_SOCKET'] = '/usr/local/etc/clamav/clamd.sock' | ||
|
||
## Comment the following out (everything below) if you are running clamav natively | ||
|
||
## If running via docker | ||
if Rails.env.development? | ||
ENV['CLAMD_TCP_HOST'] = 'clamav' | ||
ENV['CLAMD_TCP_PORT'] = '3310' | ||
ENV['CLAMD_TCP_HOST'] = Settings.clamav.host | ||
ENV['CLAMD_TCP_PORT'] = Settings.clamav.port | ||
end | ||
|
||
# ## If running hybrid | ||
# if Rails.env.development? | ||
# ENV["CLAMD_TCP_HOST"] = "0.0.0.0" | ||
# ENV["CLAMD_TCP_PORT"] = "33100" | ||
# end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
version: '3.4' # test commit | ||
version: '3.4' | ||
services: | ||
clamav: | ||
volumes: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,55 +1,70 @@ | ||
version: '3.4' | ||
|
||
x-app: &common | ||
build: | ||
args: | ||
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: "${BUNDLE_ENTERPRISE__CONTRIBSYS__COM}" | ||
USER_ID: ${VETS_API_USER_ID} | ||
context: . | ||
environment: | ||
RAILS_ENV: development | ||
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: "${BUNDLE_ENTERPRISE__CONTRIBSYS__COM}" | ||
"Settings.database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_development}?pool=4" | ||
"Settings.test_database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_test}" | ||
"Settings.redis.app_data.url": "redis://redis:6379" | ||
"Settings.redis.sidekiq.url": "redis://redis:6379" | ||
"Settings.redis.rails_cache.url": "redis://redis:6379" | ||
"Settings.saml_ssoe.idp_metadata_file": "config/ssoe_idp_sqa_metadata_isam.xml" | ||
"Settings.betamocks.cache_dir": "config/vets-api-mockdata" | ||
image: vets-api:${DOCKER_IMAGE:-latest} | ||
restart: unless-stopped | ||
volumes: | ||
- "../vets-api-mockdata:/cache" | ||
- ../.secret:/srv/vets-api/secret:cached | ||
- ../.pki:/srv/vets-api/pki:cached | ||
- shared-vol:/tmp | ||
working_dir: /app | ||
depends_on: | ||
- clamav | ||
- postgres | ||
- redis | ||
links: | ||
- clamav | ||
- postgres | ||
- redis | ||
|
||
services: | ||
clamav: | ||
image: clamav/clamav | ||
restart: unless-stopped | ||
ports: | ||
- 3310:3310 | ||
volumes: | ||
- shared-vol:/vets-api | ||
redis: | ||
image: redis:6.2-alpine | ||
restart: unless-stopped | ||
ports: | ||
- 6379:6379 | ||
postgres: | ||
image: mdillon/postgis:11-alpine | ||
command: postgres -c shared_preload_libraries=pg_stat_statements -c pg_stat_statements.track=all -c max_connections=200 | ||
environment: | ||
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-password}" | ||
POSTGRES_USER: "${POSTGRES_USER:-postgres}" | ||
volumes: | ||
- db-data:/var/lib/postgresql/data:cached | ||
PGDATA: /tmp | ||
image: postgis/postgis:14-3.3-alpine | ||
ports: | ||
- "54320:5432" | ||
restart: unless-stopped | ||
vets-api: | ||
build: | ||
context: . | ||
target: development | ||
args: | ||
sidekiq_license: "${BUNDLE_ENTERPRISE__CONTRIBSYS__COM}" | ||
userid: "${VETS_API_USER_ID}" | ||
command: > | ||
bash -c "bundle exec rake db:migrate || bundle exec rake db:setup db:migrate | ||
&& touch tmp/caching-dev.txt && foreman start -m all=1,clamd=0,freshclam=0" | ||
image: "vets-api:${DOCKER_IMAGE:-latest}" | ||
- 5432:5432 | ||
volumes: | ||
- .:/srv/vets-api/src:cached | ||
- dev_bundle:/usr/local/bundle | ||
- ../.secret:/srv/vets-api/secret:cached | ||
- ../.pki:/srv/vets-api/pki:cached | ||
- ./data:/var/lib/postgresql/data:cached | ||
web: | ||
<<: *common | ||
command: bash -c "bundle exec rake db:migrate || bundle exec rake db:reset db:migrate && bundle exec rails s -b 0.0.0.0" | ||
ports: | ||
- "3000:3000" | ||
environment: | ||
"Settings.database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_development}?pool=4" | ||
"Settings.test_database_url": "postgis://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-password}@${POSTGRES_HOST:-postgres}:${POSTGRES_PORT:-5432}/${POSTGRES_DATABASE:-vets_api_test}?pool=4" | ||
"Settings.redis.app_data.url": "redis://redis:6379" | ||
"Settings.redis.sidekiq.url": "redis://redis:6379" | ||
"Settings.redis.rails_cache.url": "redis://redis:6379" | ||
"Settings.binaries.clamdscan": "clamscan" # Not running a separate process within the container for clamdscan, so we use clamscan which requires no daemon | ||
POSTGRES_HOST: "${POSTGRES_HOST:-postgres}" | ||
POSTGRES_PORT: "${POSTGRES_PORT:-5432}" | ||
POSTGRES_USER: "${POSTGRES_USER:-postgres}" | ||
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-password}" | ||
PUMA_THREADS: "${PUMA_THREADS:-4}" | ||
depends_on: | ||
- postgres | ||
- redis | ||
links: | ||
- postgres | ||
- redis | ||
restart: unless-stopped | ||
- 3000:3000 | ||
worker: | ||
<<: *common | ||
command: bundle exec sidekiq -q critical,4 -q tasker,3 -q default,2 -q low,1 | ||
|
||
volumes: | ||
db-data: | ||
dev_bundle: | ||
shared-vol: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters