From bbfd03e9fd56c9aca949cd75942de0786199def0 Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sat, 5 Jul 2025 01:57:33 -0400
Subject: [PATCH] Make docker compose .ymls consistent with ci workflow

---
 .forgejo/workflows/ci.yml | 23 +++++++++++++++--------
 docker-compose.prod.yml   |  1 +
 docker-compose.test.yml   | 30 +++---------------------------
 3 files changed, 19 insertions(+), 35 deletions(-)

diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml
index 6ca7b07..4b397f9 100644
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@@ -7,7 +7,7 @@ on:
     branches: [ main ]
 
 env:
-  REGISTRY: ${{ secrets.CI_HOST }}:80
+  REGISTRY: ${{ secrets.CI_HOST }}:443
   IMAGE_NAME: ${{ secrets.APP_NAME || 'sharenet' }}
 
 jobs:
@@ -23,7 +23,7 @@ jobs:
 
     - name: Setup DinD Environment
       run: |
-                # Check if DinD container already exists and is running
+        # Check if DinD container already exists and is running
         if ! docker ps --format "table {{.Names}}" | grep -q "^ci-dind$"; then
           echo "Starting new DinD container..."
           # Start DinD container for isolated CI operations
@@ -40,10 +40,11 @@ jobs:
           
           # Copy Harbor certificate to DinD container
           docker cp /etc/ssl/registry/registry.crt ci-dind:/usr/local/share/ca-certificates/
+          docker exec ci-dind chown root:root /usr/local/share/ca-certificates/registry.crt
           docker exec ci-dind update-ca-certificates
           
-          # Login to Harbor registry
-          echo "${{ secrets.HARBOR_CI_PASSWORD }}" | docker exec -i ci-dind docker login ${{ secrets.CI_HOST }}:80 -u ${{ secrets.HARBOR_CI_USER }} --password-stdin
+          # Login to Harbor registry (using HTTPS port 443)
+          echo "${{ secrets.HARBOR_CI_PASSWORD }}" | docker exec -i ci-dind docker login ${{ secrets.CI_HOST }}:443 -u ${{ secrets.HARBOR_CI_USER }} --password-stdin
           
           echo "DinD container setup complete"
         else
@@ -54,6 +55,12 @@ jobs:
 
     - name: Setup Containerized Testing Environment
       run: |
+        # Copy docker-compose.test.yml to DinD container
+        docker cp docker-compose.test.yml ci-dind:/workspace/
+        docker cp backend ci-dind:/workspace/
+        docker cp frontend ci-dind:/workspace/
+        docker cp scripts ci-dind:/workspace/
+        
         # Start testing environment using dedicated compose file inside DinD
         docker exec ci-dind docker compose -f /workspace/docker-compose.test.yml up -d
         
@@ -186,7 +193,7 @@ jobs:
       run: |
         # Create environment file for this deployment
         echo "IMAGE_TAG=${{ github.sha }}" > .env
-        echo "REGISTRY=${{ secrets.CI_HOST }}:5000" >> .env
+        echo "REGISTRY=${{ secrets.CI_HOST }}:443" >> .env
         echo "IMAGE_NAME=${{ secrets.APP_NAME || 'sharenet' }}" >> .env
         echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD || 'your_secure_password_here' }}" >> .env
         echo "POSTGRES_USER=${{ secrets.POSTGRES_USER || 'sharenet' }}" >> .env
@@ -200,9 +207,9 @@ jobs:
 
     - name: Configure Docker for Harbor access
       run: |
-        # Configure Docker to access Harbor registry on CI Linode
-        echo '{"insecure-registries": ["${{ secrets.CI_HOST }}:80"]}' | sudo tee /etc/docker/daemon.json
-        sudo systemctl restart docker
+        # Configure Docker to access Harbor registry on CI Linode (using HTTPS)
+        # The Harbor certificate should already be installed on the production server
+        # as described in the CI guide Step 13
         
         # Wait for Docker to be ready
         timeout 30 bash -c 'until docker info; do sleep 1; done'
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index eea82b0..2a9fddb 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -67,6 +67,7 @@ services:
       - "443:443"
     volumes:
       - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      # SSL certificates directory (optional - create nginx/ssl/ for SSL support)
       - ./nginx/ssl:/etc/nginx/ssl:ro
     depends_on:
       - frontend
diff --git a/docker-compose.test.yml b/docker-compose.test.yml
index 7ea569b..fdc1cc7 100644
--- a/docker-compose.test.yml
+++ b/docker-compose.test.yml
@@ -1,26 +1,6 @@
 version: '3.8'
 
 services:
-  # DinD container for isolated Docker operations
-  dind:
-    image: docker:dind
-    container_name: ci-cd-test-dind
-    privileged: true
-    restart: unless-stopped
-    environment:
-      DOCKER_TLS_CERTDIR: ""
-    ports:
-      - "2375:2375"
-    volumes:
-      - /var/lib/docker
-    healthcheck:
-      test: ["CMD", "docker", "version"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    networks:
-      - ci-cd-test-network
-
   # PostgreSQL for testing
   postgres:
     image: postgres:15-alpine
@@ -46,12 +26,9 @@ services:
     container_name: ci-cd-test-rust
     restart: unless-stopped
     volumes:
-      - ./backend:/workspace/backend
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /workspace/backend:/workspace/backend
     working_dir: /workspace/backend
     depends_on:
-      dind:
-        condition: service_healthy
       postgres:
         condition: service_healthy
     networks:
@@ -64,11 +41,10 @@ services:
     container_name: ci-cd-test-node
     restart: unless-stopped
     volumes:
-      - ./frontend:/workspace/frontend
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /workspace/frontend:/workspace/frontend
     working_dir: /workspace/frontend
     depends_on:
-      dind:
+      postgres:
         condition: service_healthy
     networks:
       - ci-cd-test-network