docker-compose.mtls.yml

version: '3.3'

services:
  database:
    image: postgres:16.4
    restart: always
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=mysecretpassword
      - POSTGRES_DB=dev_db
    tmpfs:
      - /var/lib/postgresql/data

  milmove:
    depends_on:
      - database
    networks:
      default:
        aliases:
          - primelocal
    image: ${MILMOVE_MTLS_IMAGE:-milmove_mtls:local}
    entrypoint:
      - "/bin/sh"
      - "-c"
      - "/bin/milmove migrate && /bin/generate-test-data --named-scenario='e2e_basic' && /bin/milmove serve" # WARNING: This will be deprecated on 11/08/2023.
    environment:
      - CLIENT_AUTH_SECRET_KEY
      - CSRF_AUTH_KEY
      - DB_DEBUG=1
      - DB_ENV=development
      - DB_HOST=database
      - DB_NAME=dev_db
      - DB_PASSWORD=mysecretpassword
      - DB_PASSWORD_LOW_PRIV=mysecretpassword
      - DB_PORT=5432
      - DB_REGION=us-west-2
      - DB_RETRY_INTERVAL=5s
      - DB_SSL_MODE=disable
      - DB_USER=postgres
      - DB_USER_LOW_PRIV=crud
      - DEVLOCAL_AUTH=1
      - DEVLOCAL_CA=/config/tls/devlocal-ca.pem
      - DOD_CA_PACKAGE=/config/tls/milmove-cert-bundle.p7b
      - EIA_KEY=db2522a43820268a41a802a16ae9fd26 # dummy key generated with openssl rand -hex 16
      - ENVIRONMENT=test
      - HTTP_PRIME_SERVER_NAME=primelocal
      - IWS_RBS_ENABLED=1
      - IWS_RBS_HOST
      - LOCAL_STORAGE_ROOT=/tmp
      - LOCAL_STORAGE_WEB_ROOT=storage
      - LOGIN_GOV_ADMIN_CLIENT_ID
      - LOGIN_GOV_CALLBACK_PORT=4000
      - LOGIN_GOV_CALLBACK_PROTOCOL
      - LOGIN_GOV_HOSTNAME
      - LOGIN_GOV_MY_CLIENT_ID
      - LOGIN_GOV_OFFICE_CLIENT_ID
      - LOGIN_GOV_SECRET_KEY
      - MIGRATION_PATH=file:///migrate/schema;file:///migrate/secure
      - MIGRATION_MANIFEST=/migrate/migrations_manifest.txt
      - MOVE_MIL_DOD_CA_CERT
      - MOVE_MIL_DOD_TLS_CERT
      - MOVE_MIL_DOD_TLS_KEY
      - MUTUAL_TLS_ENABLED=1
      - OKTA_CUSTOMER_CLIENT_ID
      - OKTA_ADMIN_CLIENT_ID
      - OKTA_OFFICE_CLIENT_ID
      - OKTA_OFFICE_GROUP_ID
      - OKTA_TENANT_CALLBACK_PORT=4000
      - OKTA_TENANT_CALLBACK_PROTOCOL=http
      - PGPASSWORD=mysecretpassword
      - REDIS_ENABLED=false
      - SERVE_API_PRIME=true
      - SERVE_API_PPTAS=true
      - SERVE_API_SUPPORT=true
      - STORAGE_BACKEND=local
      - TZ=UTC

# use a custom external network to ensure consistent naming in
# circleci and locally
networks:
  default:
    external: true
    name: e2e_mtls