Concourse CI

• Tool needed for creating keys get from here

• How to generate keys

docker-compose.yml

YAML

services:
  concourse-db:
    image: postgres:17.6-trixie
    environment:
      POSTGRES_DB: concourse
      POSTGRES_PASSWORD: dbpass
      POSTGRES_USER: concourse
      PGDATA: /database
      POSTGRES_HOST_AUTH_METHOD: trust #for healthcheck
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U concourse_user -d concourse"]
      interval: 3s
      timeout: 3s
      retries: 5
    volumes:
      - ./concourse-db:/var/lib/postgresql/data
    restart: unless-stopped

  web:
    image: concourse/concourse:7.14.2
    command: web
    privileged: true
    cgroup: host
    depends_on:
      concourse-db:
        condition: service_healthy
    ports: ["8080:8080"]
    environment:
      CONCOURSE_POSTGRES_HOST: concourse-db
      CONCOURSE_POSTGRES_USER: concourse
      CONCOURSE_POSTGRES_PASSWORD: dbpass
      CONCOURSE_POSTGRES_DATABASE: concourse
      CONCOURSE_EXTERNAL_URL: http://10.0.5x.1xx:8080
      CONCOURSE_ADD_LOCAL_USER: admin:password
      CONCOURSE_MAIN_TEAM_LOCAL_USER: admin
      # instead of relying on the default "detect"
#      CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER: overlay
#      CONCOURSE_CLIENT_SECRET: Y29uY291cnNlLXdlYgo=
#      CONCOURSE_TSA_CLIENT_SECRET: Y29uY291cnNlLXdvcmtlcgo=
      CONCOURSE_CLUSTER_NAME: wolken
#      CONCOURSE_WORKER_CONTAINERD_DNS_SERVER: "10.0.50.123"
#      CONCOURSE_WORKER_RUNTIME: "guardian"
#      CONCOURSE_WORKER_RUNTIME: "containerd"
      CONCOURSE_ENABLE_PIPELINE_INSTANCES: "true"
      CONCOURSE_ENABLE_ACROSS_STEP: "true"
      CONCOURSE_ENABLE_RESOURCE_CAUSALITY: "true"
      CONCOURSE_ENABLE_CACHE_STREAMED_VOLUMES: "true"
      CONCOURSE_SESSION_SIGNING_KEY: /concourse-keys/session_signing_key
      CONCOURSE_TSA_AUTHORIZED_KEYS: /concourse-keys/authorized_worker_keys
      CONCOURSE_TSA_HOST_KEY: /concourse-keys/tsa_host_key
    restart: unless-stopped
    volumes:
    - .:/src
    - ./concourse-keys:/concourse-keys

  worker:
    image: concourse/concourse:7.14.2
    command: worker
    privileged: true
    depends_on: [web]
    cgroup: host
    stop_signal: SIGUSR2
    logging:
      driver: "json-file"
      options:
        max-file: "5"
        max-size: "10m"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock # Allows worker to interact with Docker daemon
      - ./concourse-keys:/concourse-keys
    environment:
      CONCOURSE_RUNTIME: containerd
      CONCOURSE_TSA_PUBLIC_KEY: /concourse-keys/tsa_host_key.pub
      CONCOURSE_TSA_WORKER_PRIVATE_KEY: /concourse-keys/worker_key
      CONCOURSE_LOG_LEVEL: debug
      CONCOURSE_TSA_HOST: web:2222
      CONCOURSE_BIND_IP: 0.0.0.0
      CONCOURSE_BAGGAGECLAIM_BIND_IP: 0.0.0.0
      # avoid using loopbacks
      CONCOURSE_BAGGAGECLAIM_DRIVER: overlay
      # work with docker-compose's dns
      CONCOURSE_CONTAINERD_DNS_PROXY_ENABLE: "true"
      # enable DNS proxy to support Docker's 127.x.x.x DNS server
#      CONCOURSE_GARDEN_DNS_PROXY_ENABLE: "true"
    restart: unless-stopped
    ports:
    - 7777:7777
    - 7788:7788