fix: remove $$ escaping from docker-compose files
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Using file() instead of templatefile() so $${VAR} isn't processed.
Changed to ${VAR} for proper docker-compose variable interpolation.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Josh
parent
2ef95ab66b
commit
3ec18d5ec4
2 changed files with 73 additions and 73 deletions
|
|
@ -16,10 +16,10 @@ services:
|
|||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
|
||||
- --certificatesresolvers.cloudflare.acme.email=$${ACME_EMAIL}
|
||||
- --certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}
|
||||
- --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN=$${CF_DNS_API_TOKEN}
|
||||
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- traefik-certs:/letsencrypt
|
||||
|
|
@ -44,9 +44,9 @@ services:
|
|||
environment:
|
||||
- USER_UID=1000
|
||||
- USER_GID=1000
|
||||
- FORGEJO__server__DOMAIN=source.$${DOMAIN}
|
||||
- FORGEJO__server__ROOT_URL=https://source.$${DOMAIN}
|
||||
- FORGEJO__server__SSH_DOMAIN=source.$${DOMAIN}
|
||||
- FORGEJO__server__DOMAIN=source.${DOMAIN}
|
||||
- FORGEJO__server__ROOT_URL=https://source.${DOMAIN}
|
||||
- FORGEJO__server__SSH_DOMAIN=source.${DOMAIN}
|
||||
- FORGEJO__server__SSH_PORT=22
|
||||
- FORGEJO__server__SSH_LISTEN_PORT=2222
|
||||
- FORGEJO__database__DB_TYPE=sqlite3
|
||||
|
|
@ -61,7 +61,7 @@ services:
|
|||
- "2222:2222"
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.forgejo.rule=Host(`source.$${DOMAIN}`)
|
||||
- traefik.http.routers.forgejo.rule=Host(`source.${DOMAIN}`)
|
||||
- traefik.http.routers.forgejo.tls=true
|
||||
- traefik.http.routers.forgejo.tls.certresolver=cloudflare
|
||||
- traefik.http.services.forgejo.loadbalancer.server.port=3000
|
||||
|
|
@ -72,21 +72,21 @@ services:
|
|||
image: woodpeckerci/woodpecker-server:v3
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- WOODPECKER_HOST=https://ci.$${DOMAIN}
|
||||
- WOODPECKER_HOST=https://ci.${DOMAIN}
|
||||
- WOODPECKER_FORGEJO=true
|
||||
- WOODPECKER_FORGEJO_URL=https://source.$${DOMAIN}
|
||||
- WOODPECKER_FORGEJO_URL=https://source.${DOMAIN}
|
||||
- WOODPECKER_OPEN=true
|
||||
- WOODPECKER_FORGEJO_CLIENT=$${WOODPECKER_FORGEJO_CLIENT}
|
||||
- WOODPECKER_FORGEJO_SECRET=$${WOODPECKER_FORGEJO_SECRET}
|
||||
- WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET}
|
||||
- WOODPECKER_ADMIN=$${WOODPECKER_ADMIN}
|
||||
- WOODPECKER_FORGEJO_CLIENT=${WOODPECKER_FORGEJO_CLIENT}
|
||||
- WOODPECKER_FORGEJO_SECRET=${WOODPECKER_FORGEJO_SECRET}
|
||||
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
- WOODPECKER_ADMIN=${WOODPECKER_ADMIN}
|
||||
volumes:
|
||||
- woodpecker-data:/var/lib/woodpecker
|
||||
depends_on:
|
||||
- forgejo
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.woodpecker.rule=Host(`ci.$${DOMAIN}`)
|
||||
- traefik.http.routers.woodpecker.rule=Host(`ci.${DOMAIN}`)
|
||||
- traefik.http.routers.woodpecker.tls=true
|
||||
- traefik.http.routers.woodpecker.tls.certresolver=cloudflare
|
||||
- traefik.http.services.woodpecker.loadbalancer.server.port=8000
|
||||
|
|
@ -98,7 +98,7 @@ services:
|
|||
restart: unless-stopped
|
||||
environment:
|
||||
- WOODPECKER_SERVER=woodpecker:9000
|
||||
- WOODPECKER_AGENT_SECRET=$${WOODPECKER_AGENT_SECRET}
|
||||
- WOODPECKER_AGENT_SECRET=${WOODPECKER_AGENT_SECRET}
|
||||
- WOODPECKER_BACKEND_DOCKER_NETWORK=writekit_ops
|
||||
- WOODPECKER_BACKEND_DOCKER_VOLUMES=/opt/writekit/.ssh:/mnt/ssh:ro
|
||||
- DOCKER_HOST=unix:///var/run/docker.sock
|
||||
|
|
|
|||
|
|
@ -16,10 +16,10 @@ services:
|
|||
- --entrypoints.web.http.redirections.entrypoint.scheme=https
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge=true
|
||||
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
|
||||
- --certificatesresolvers.cloudflare.acme.email=$${ACME_EMAIL}
|
||||
- --certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}
|
||||
- --certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN=$${CF_DNS_API_TOKEN}
|
||||
- CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
- traefik-certs:/letsencrypt
|
||||
|
|
@ -41,7 +41,7 @@ services:
|
|||
environment:
|
||||
- POSTGRES_DB=writekit
|
||||
- POSTGRES_USER=writekit
|
||||
- POSTGRES_PASSWORD=$${PG_PASSWORD}
|
||||
- POSTGRES_PASSWORD=${PG_PASSWORD}
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U writekit"]
|
||||
interval: 5s
|
||||
|
|
@ -55,19 +55,19 @@ services:
|
|||
restart: unless-stopped
|
||||
environment:
|
||||
- OAUTH2_PROXY_PROVIDER=github
|
||||
- OAUTH2_PROXY_CLIENT_ID=$${GITHUB_CLIENT_ID_STAGING}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET_STAGING}
|
||||
- OAUTH2_PROXY_COOKIE_SECRET=$${OAUTH2_PROXY_COOKIE_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_DOMAINS=.$${DOMAIN}
|
||||
- OAUTH2_PROXY_CLIENT_ID=${GITHUB_CLIENT_ID_STAGING}
|
||||
- OAUTH2_PROXY_CLIENT_SECRET=${GITHUB_CLIENT_SECRET_STAGING}
|
||||
- OAUTH2_PROXY_COOKIE_SECRET=${OAUTH2_PROXY_COOKIE_SECRET}
|
||||
- OAUTH2_PROXY_COOKIE_DOMAINS=.${DOMAIN}
|
||||
- OAUTH2_PROXY_EMAIL_DOMAINS=*
|
||||
- OAUTH2_PROXY_GITHUB_USERS=$${OAUTH2_PROXY_ALLOWED_USERS}
|
||||
- OAUTH2_PROXY_GITHUB_USERS=${OAUTH2_PROXY_ALLOWED_USERS}
|
||||
- OAUTH2_PROXY_HTTP_ADDRESS=0.0.0.0:4180
|
||||
- OAUTH2_PROXY_REVERSE_PROXY=true
|
||||
- OAUTH2_PROXY_SET_XAUTHREQUEST=true
|
||||
- OAUTH2_PROXY_PASS_ACCESS_TOKEN=true
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.oauth2-proxy.rule=Host(`auth.staging.$${DOMAIN}`)
|
||||
- traefik.http.routers.oauth2-proxy.rule=Host(`auth.staging.${DOMAIN}`)
|
||||
- traefik.http.routers.oauth2-proxy.tls=true
|
||||
- traefik.http.routers.oauth2-proxy.tls.certresolver=cloudflare
|
||||
- traefik.http.services.oauth2-proxy.loadbalancer.server.port=4180
|
||||
|
|
@ -78,46 +78,46 @@ services:
|
|||
- prod
|
||||
|
||||
writekit-prod:
|
||||
image: $${REGISTRY_URL}/writekit:main
|
||||
image: ${REGISTRY_URL}/writekit:main
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- ENV=prod
|
||||
- DOMAIN=$${DOMAIN}
|
||||
- BASE_URL=https://$${DOMAIN}
|
||||
- DATABASE_URL=postgres://writekit:$${PG_PASSWORD}@postgres:5432/writekit?sslmode=disable
|
||||
- DOMAIN=${DOMAIN}
|
||||
- BASE_URL=https://${DOMAIN}
|
||||
- DATABASE_URL=postgres://writekit:${PG_PASSWORD}@postgres:5432/writekit?sslmode=disable
|
||||
- DATA_DIR=/data
|
||||
- R2_ACCOUNT_ID=$${R2_ACCOUNT_ID}
|
||||
- R2_ACCESS_KEY_ID=$${R2_ACCESS_KEY_ID}
|
||||
- R2_SECRET_ACCESS_KEY=$${R2_SECRET_ACCESS_KEY}
|
||||
- R2_BUCKET=$${R2_BUCKET}
|
||||
- R2_PUBLIC_URL=$${R2_PUBLIC_URL}
|
||||
- GITHUB_CLIENT_ID=$${GITHUB_CLIENT_ID}
|
||||
- GITHUB_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET}
|
||||
- GOOGLE_CLIENT_ID=$${GOOGLE_CLIENT_ID}
|
||||
- GOOGLE_CLIENT_SECRET=$${GOOGLE_CLIENT_SECRET}
|
||||
- DISCORD_CLIENT_ID=$${DISCORD_CLIENT_ID}
|
||||
- DISCORD_CLIENT_SECRET=$${DISCORD_CLIENT_SECRET}
|
||||
- SESSION_SECRET=$${SESSION_SECRET}
|
||||
- LEMON_API_KEY=$${LEMON_API_KEY}
|
||||
- LEMON_STORE_ID=$${LEMON_STORE_ID}
|
||||
- LEMON_WEBHOOK_SECRET=$${LEMON_WEBHOOK_SECRET}
|
||||
- WISE_API_KEY=$${WISE_API_KEY}
|
||||
- WISE_PROFILE_ID=$${WISE_PROFILE_ID}
|
||||
- R2_ACCOUNT_ID=${R2_ACCOUNT_ID}
|
||||
- R2_ACCESS_KEY_ID=${R2_ACCESS_KEY_ID}
|
||||
- R2_SECRET_ACCESS_KEY=${R2_SECRET_ACCESS_KEY}
|
||||
- R2_BUCKET=${R2_BUCKET}
|
||||
- R2_PUBLIC_URL=${R2_PUBLIC_URL}
|
||||
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID}
|
||||
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET}
|
||||
- GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
|
||||
- GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
|
||||
- DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}
|
||||
- DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}
|
||||
- SESSION_SECRET=${SESSION_SECRET}
|
||||
- LEMON_API_KEY=${LEMON_API_KEY}
|
||||
- LEMON_STORE_ID=${LEMON_STORE_ID}
|
||||
- LEMON_WEBHOOK_SECRET=${LEMON_WEBHOOK_SECRET}
|
||||
- WISE_API_KEY=${WISE_API_KEY}
|
||||
- WISE_PROFILE_ID=${WISE_PROFILE_ID}
|
||||
- IMAGINARY_URL=http://imaginary:9000
|
||||
volumes:
|
||||
- tenants-prod:/data
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.writekit-prod-platform.rule=Host(`$${DOMAIN}`)
|
||||
- traefik.http.routers.writekit-prod-platform.rule=Host(`${DOMAIN}`)
|
||||
- traefik.http.routers.writekit-prod-platform.tls=true
|
||||
- traefik.http.routers.writekit-prod-platform.tls.certresolver=cloudflare
|
||||
- traefik.http.routers.writekit-prod-platform.service=writekit-prod
|
||||
- traefik.http.routers.writekit-prod-blogs.rule=HostRegexp(`^(?!staging\.).+\.$${DOMAIN}$$`)
|
||||
- traefik.http.routers.writekit-prod-blogs.rule=HostRegexp(`^(?!staging\.).+\.${DOMAIN}$$`)
|
||||
- traefik.http.routers.writekit-prod-blogs.priority=10
|
||||
- traefik.http.routers.writekit-prod-blogs.tls=true
|
||||
- traefik.http.routers.writekit-prod-blogs.tls.certresolver=cloudflare
|
||||
- traefik.http.routers.writekit-prod-blogs.tls.domains[0].main=$${DOMAIN}
|
||||
- traefik.http.routers.writekit-prod-blogs.tls.domains[0].sans=*.$${DOMAIN}
|
||||
- traefik.http.routers.writekit-prod-blogs.tls.domains[0].main=${DOMAIN}
|
||||
- traefik.http.routers.writekit-prod-blogs.tls.domains[0].sans=*.${DOMAIN}
|
||||
- traefik.http.routers.writekit-prod-blogs.service=writekit-prod
|
||||
- traefik.http.services.writekit-prod.loadbalancer.server.port=8080
|
||||
depends_on:
|
||||
|
|
@ -127,47 +127,47 @@ services:
|
|||
- prod
|
||||
|
||||
writekit-staging:
|
||||
image: $${REGISTRY_URL}/writekit:dev
|
||||
image: ${REGISTRY_URL}/writekit:dev
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- ENV=staging
|
||||
- DOMAIN=staging.$${DOMAIN}
|
||||
- BASE_URL=https://staging.$${DOMAIN}
|
||||
- DATABASE_URL=postgres://writekit:$${PG_PASSWORD}@postgres:5432/writekit_staging?sslmode=disable
|
||||
- DOMAIN=staging.${DOMAIN}
|
||||
- BASE_URL=https://staging.${DOMAIN}
|
||||
- DATABASE_URL=postgres://writekit:${PG_PASSWORD}@postgres:5432/writekit_staging?sslmode=disable
|
||||
- DATA_DIR=/data
|
||||
- R2_ACCOUNT_ID=$${R2_ACCOUNT_ID}
|
||||
- R2_ACCESS_KEY_ID=$${R2_ACCESS_KEY_ID}
|
||||
- R2_SECRET_ACCESS_KEY=$${R2_SECRET_ACCESS_KEY}
|
||||
- R2_BUCKET=$${R2_BUCKET}
|
||||
- R2_PUBLIC_URL=$${R2_PUBLIC_URL}
|
||||
- GITHUB_CLIENT_ID=$${GITHUB_CLIENT_ID_STAGING}
|
||||
- GITHUB_CLIENT_SECRET=$${GITHUB_CLIENT_SECRET_STAGING}
|
||||
- GOOGLE_CLIENT_ID=$${GOOGLE_CLIENT_ID}
|
||||
- GOOGLE_CLIENT_SECRET=$${GOOGLE_CLIENT_SECRET}
|
||||
- DISCORD_CLIENT_ID=$${DISCORD_CLIENT_ID}
|
||||
- DISCORD_CLIENT_SECRET=$${DISCORD_CLIENT_SECRET}
|
||||
- SESSION_SECRET=$${SESSION_SECRET_STAGING}
|
||||
- LEMON_API_KEY=$${LEMON_API_KEY_STAGING}
|
||||
- LEMON_STORE_ID=$${LEMON_STORE_ID}
|
||||
- LEMON_WEBHOOK_SECRET=$${LEMON_WEBHOOK_SECRET_STAGING}
|
||||
- WISE_API_KEY=$${WISE_API_KEY_STAGING}
|
||||
- WISE_PROFILE_ID=$${WISE_PROFILE_ID_STAGING}
|
||||
- R2_ACCOUNT_ID=${R2_ACCOUNT_ID}
|
||||
- R2_ACCESS_KEY_ID=${R2_ACCESS_KEY_ID}
|
||||
- R2_SECRET_ACCESS_KEY=${R2_SECRET_ACCESS_KEY}
|
||||
- R2_BUCKET=${R2_BUCKET}
|
||||
- R2_PUBLIC_URL=${R2_PUBLIC_URL}
|
||||
- GITHUB_CLIENT_ID=${GITHUB_CLIENT_ID_STAGING}
|
||||
- GITHUB_CLIENT_SECRET=${GITHUB_CLIENT_SECRET_STAGING}
|
||||
- GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}
|
||||
- GOOGLE_CLIENT_SECRET=${GOOGLE_CLIENT_SECRET}
|
||||
- DISCORD_CLIENT_ID=${DISCORD_CLIENT_ID}
|
||||
- DISCORD_CLIENT_SECRET=${DISCORD_CLIENT_SECRET}
|
||||
- SESSION_SECRET=${SESSION_SECRET_STAGING}
|
||||
- LEMON_API_KEY=${LEMON_API_KEY_STAGING}
|
||||
- LEMON_STORE_ID=${LEMON_STORE_ID}
|
||||
- LEMON_WEBHOOK_SECRET=${LEMON_WEBHOOK_SECRET_STAGING}
|
||||
- WISE_API_KEY=${WISE_API_KEY_STAGING}
|
||||
- WISE_PROFILE_ID=${WISE_PROFILE_ID_STAGING}
|
||||
- IMAGINARY_URL=http://imaginary:9000
|
||||
volumes:
|
||||
- tenants-staging:/data
|
||||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.writekit-staging-platform.rule=Host(`staging.$${DOMAIN}`)
|
||||
- traefik.http.routers.writekit-staging-platform.rule=Host(`staging.${DOMAIN}`)
|
||||
- traefik.http.routers.writekit-staging-platform.tls=true
|
||||
- traefik.http.routers.writekit-staging-platform.tls.certresolver=cloudflare
|
||||
- traefik.http.routers.writekit-staging-platform.middlewares=staging-auth
|
||||
- traefik.http.routers.writekit-staging-platform.service=writekit-staging
|
||||
- traefik.http.routers.writekit-staging-blogs.rule=HostRegexp(`^.+\.staging\.$${DOMAIN}$$`)
|
||||
- traefik.http.routers.writekit-staging-blogs.rule=HostRegexp(`^.+\.staging\.${DOMAIN}$$`)
|
||||
- traefik.http.routers.writekit-staging-blogs.priority=20
|
||||
- traefik.http.routers.writekit-staging-blogs.tls=true
|
||||
- traefik.http.routers.writekit-staging-blogs.tls.certresolver=cloudflare
|
||||
- traefik.http.routers.writekit-staging-blogs.tls.domains[0].main=staging.$${DOMAIN}
|
||||
- traefik.http.routers.writekit-staging-blogs.tls.domains[0].sans=*.staging.$${DOMAIN}
|
||||
- traefik.http.routers.writekit-staging-blogs.tls.domains[0].main=staging.${DOMAIN}
|
||||
- traefik.http.routers.writekit-staging-blogs.tls.domains[0].sans=*.staging.${DOMAIN}
|
||||
- traefik.http.routers.writekit-staging-blogs.middlewares=staging-auth
|
||||
- traefik.http.routers.writekit-staging-blogs.service=writekit-staging
|
||||
- traefik.http.services.writekit-staging.loadbalancer.server.port=8080
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue