gatekeeper/docker-compose.yml at main · Tight-Line/gatekeeper · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Docker Compose for local development and testing
#
# Usage:
#   docker-compose up                        # Build and start server only
#   docker-compose --profile relay up        # Build and start server + relay client
#   docker-compose -f docker-compose.yml \
#     -f docker-compose.monitoring.yml up    # Start with Prometheus + Grafana
#   docker-compose down                      # Stop all services
#
# Using pre-built images (PR builds or releases):
#   GATEKEEPERD_IMAGE=ghcr.io/tight-line/gatekeeperd:pr-123-abc1234 \
#   RELAY_IMAGE=ghcr.io/tight-line/gatekeeper-relay:pr-123-abc1234 \
#   docker-compose --profile relay up
#
# Or set in .env file:
#   GATEKEEPERD_IMAGE=ghcr.io/tight-line/gatekeeperd:0.2.0
#   RELAY_IMAGE=ghcr.io/tight-line/gatekeeper-relay:0.2.0

services:
  # Gatekeeper server
  gatekeeperd:
    image: ${GATEKEEPERD_IMAGE:-}
    build:
      context: .
      dockerfile: Dockerfile
    ports:
      - "8080:8080"    # HTTP
      - "9090:9090"    # Metrics
    environment:
      - GATEKEEPERD_CONFIG
    configs:
      - source: server-config
        target: /etc/gatekeeper/config.yaml
    command: ["-config", "/etc/gatekeeper/config.yaml", "-listen", ":8080"]

  # Mock backend for testing webhook delivery
  mock-backend:
    image: hashicorp/http-echo:latest
    command: ["-text", '{"status":"ok"}']
    ports:
      - "8081:5678"

  # Gatekeeper relay client (optional, use --profile relay)
  gatekeeper-relay:
    image: ${RELAY_IMAGE:-}
    build:
      context: .
      dockerfile: Dockerfile.relay
    profiles:
      - relay
    environment:
      - GATEKEEPER_RELAY_CONFIG
      - RELAY_TOKEN=${RELAY_TOKEN:-test-relay-token}
    configs:
      - source: relay-config
        target: /etc/gatekeeper-relay/config.yaml
    command: ["-config", "/etc/gatekeeper-relay/config.yaml"]
    depends_on:
      - gatekeeperd
      - mock-backend

configs:
  server-config:
    content: |
      global:
        log_level: debug
        metrics_port: 9090

      routes:
        - hostname: localhost
          path: /webhook
          verifier: noop
          destination: http://mock-backend:5678

        - hostname: localhost
          path: /relay
          verifier: noop
          relay_token: "${RELAY_TOKEN}"

      verifiers:
        noop:
          type: noop

  relay-config:
    content: |
      server: http://gatekeeperd:8080
      max_consecutive_failures: 10

      channels:
        - name: test
          token: "${RELAY_TOKEN}"
          destination: http://mock-backend:5678