wip

camunda · Jan 10, 2025 · 3936d4b · 3936d4b
1 parent 95c9509
commit 3936d4b
Show file tree

Hide file tree

Showing 7 changed files with 162 additions and 46 deletions.
diff --git a/.github/workflows/docker-compose-test-e2e-full-setup.yaml b/.github/workflows/docker-compose-test-e2e-full-setup.yaml
@@ -50,7 +50,7 @@ jobs:
             compose-args: "-f docker-compose-web-modeler.yaml"
             e2e-test-enabled: false
           # Camunda 8.4
-          - name: ⭐ Camunda 8.4 ⭐
+          - name: Camunda 8.4 ⭐
             camunda-version: "8.4"
             compose-args: "-f docker-compose.yaml"
             e2e-test-enabled: false
@@ -63,7 +63,7 @@ jobs:
             compose-args: "-f docker-compose-web-modeler.yaml"
             e2e-test-enabled: false
           # Camunda 8.5
-          - name: ⭐ Camunda 8.5 ⭐
+          - name: Camunda 8.5 ⭐
             camunda-version: "8.5"
             compose-args: "-f docker-compose.yaml"
             e2e-test-enabled: false
@@ -73,27 +73,30 @@ jobs:
             e2e-test-enabled: false
           - name: Camunda 8.5 - Web Modeler
             camunda-version: "8.5"
-            compose-args: "-f docker-compose-web-modeler.yaml"
+            compose-args: "-f docker-compose.yaml -f docker-compose-web-modeler.yaml"
             e2e-test-enabled: false
           # Camunda 8.6
-          - name: ⭐ Camunda 8.6 ⭐
+          - name: Camunda 8.6 ⭐
             camunda-version: "8.6"
           - name: Camunda 8.6 - Core
             camunda-version: "8.6"
             compose-args: "-f docker-compose-core.yaml"
           - name: Camunda 8.6 - Web Modeler
             camunda-version: "8.6"
-            compose-args: "-f docker-compose-web-modeler.yaml"
+            compose-args: |
+              --profile identity --profile orchestration -- \
+              -f docker-compose.yaml -f docker-compose-web-modeler.yaml \
             e2e-test-enabled: false
           # Camunda Alpha
-          - name: ⭐ Camunda Alpha ⭐
+          - name: Camunda Alpha ⭐
             camunda-version: "alpha"
             compose-args: "-f docker-compose.yaml"
           - name: Camunda Alpha - Core
             camunda-version: "alpha"
             compose-args: "-f docker-compose-core.yaml"
           - name: Camunda Alpha - Web Modeler
             camunda-version: "alpha"
+            deps-compose-args: "--profile identity --profile orchestration"
             compose-args: "-f docker-compose-web-modeler.yaml"
             e2e-test-enabled: false
         exclude: ${{ fromJson(needs.init.outputs.unchanged-versions) }}

diff --git a/.github/workflows/docker-compose-test-e2e-template.yaml b/.github/workflows/docker-compose-test-e2e-template.yaml
@@ -7,6 +7,9 @@ on:
         description: Camunda minor version in format x.y
         required: true
         type: string
+      deps-compose-args:
+        description: Arguments supplied to Docker Compose dependencies
+        type: string
       compose-args:
         description: Arguments supplied to Docker Compose
         required: true
@@ -43,6 +46,9 @@ jobs:
         run: |
           echo "Workflow Inputs:"
           echo "${GITHUB_CONTEXT}"
+      - name: ℹ️ Print Docker Compose version ℹ️
+        run: |
+          docker compose version
       - name: disable and stop mono-xsp4.service
         run: |
           sudo systemctl stop mono-xsp4.service || true
@@ -63,6 +69,13 @@ jobs:
       #
       # Docker Compose.
 
+      - name: Bring up containers dependencies
+        if: inputs.deps-compose-args
+        working-directory: ${{ env.COMPOSE_WORKING_DIRECTORY }}
+        run: |
+          docker compose ${{ inputs.deps-compose-args }} \
+            up --quiet-pull -d
+
       - name: Bring up containers
         working-directory: ${{ env.COMPOSE_WORKING_DIRECTORY }}
         run: |

diff --git a/docker-compose/versions/camunda-8.5/.env b/docker-compose/versions/camunda-8.5/.env
@@ -27,6 +27,7 @@ KEYCLOAK_SERVER_VERSION=21.1.2
 MAILPIT_VERSION=v1.18.7
 POSTGRES_VERSION=14.5-alpine
 HOST=localhost
+KEYCLOAK_HOST=localhost
 
 ## Configuration ##
 # By default the zeebe api is public, when setting this to `identity` a valid zeebe client token is required

diff --git a/docker-compose/versions/camunda-8.5/docker-compose.yaml b/docker-compose/versions/camunda-8.5/docker-compose.yaml
@@ -20,7 +20,7 @@ services:
       - "8088:8080"
     environment: # https://docs.camunda.io/docs/self-managed/zeebe-deployment/configuration/environment-variables/
       - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_MODE=${ZEEBE_AUTHENTICATION_MODE}
-      - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:8080/auth/realms/camunda-platform
+      - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_ISSUERBACKENDURL=http://keycloak:18080/auth/realms/camunda-platform
       - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_AUDIENCE=zeebe-api
       - ZEEBE_BROKER_GATEWAY_SECURITY_AUTHENTICATION_IDENTITY_BASEURL=http://identity:8084
       - ZEEBE_BROKER_GATEWAY_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
@@ -57,21 +57,21 @@ services:
       - ZEEBE_CLIENT_ID=${ZEEBE_CLIENT_ID}
       - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
       - ZEEBE_TOKEN_AUDIENCE=zeebe-api
-      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token
+      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
       - CAMUNDA_OPERATE_ELASTICSEARCH_URL=http://elasticsearch:9200
       - CAMUNDA_OPERATE_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
       # For more information regarding configuration with Identity see:
       # https://docs.camunda.io/docs/self-managed/operate-deployment/authentication/#identity
       - SPRING_PROFILES_ACTIVE=identity-auth
       - CAMUNDA_OPERATE_IDENTITY_BASEURL=http://identity:8084
-      - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform
-      - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
+      - CAMUNDA_OPERATE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+      - CAMUNDA_OPERATE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
       - CAMUNDA_OPERATE_IDENTITY_CLIENTID=operate
       - CAMUNDA_OPERATE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_OPERATE_IDENTITY_AUDIENCE=operate-api
       - CAMUNDA_OPERATE_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
-      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform
-      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
       - CAMUNDA_OPERATE_IDENTITY_RESOURCEPERMISSIONSENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
       - management.endpoints.web.exposure.include=health
       - management.endpoint.health.probes.enabled=true
@@ -103,21 +103,21 @@ services:
       - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
       - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
       - ZEEBE_TOKEN_AUDIENCE=zeebe-api
-      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token
+      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
       - CAMUNDA_TASKLIST_ELASTICSEARCH_URL=http://elasticsearch:9200
       - CAMUNDA_TASKLIST_ZEEBEELASTICSEARCH_URL=http://elasticsearch:9200
       # For more information regarding configuration with Identity see:
       # https://docs.camunda.io/docs/self-managed/tasklist-deployment/authentication/#identity
       - SPRING_PROFILES_ACTIVE=identity-auth
       - CAMUNDA_TASKLIST_IDENTITY_BASEURL=http://identity:8084
-      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform
-      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
+      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+      - CAMUNDA_TASKLIST_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
       - CAMUNDA_TASKLIST_IDENTITY_CLIENTID=tasklist
       - CAMUNDA_TASKLIST_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_TASKLIST_IDENTITY_AUDIENCE=tasklist-api
       - CAMUNDA_TASKLIST_MULTITENANCY_ENABLED=${MULTI_TENANCY_ENABLED}
-      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:8080/auth/realms/camunda-platform
-      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/certs
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://keycloak:18080/auth/realms/camunda-platform
+      - SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/certs
       - CAMUNDA_TASKLIST_IDENTITY_RESOURCE_PERMISSIONS_ENABLED=${RESOURCE_AUTHORIZATIONS_ENABLED}
       - management.endpoints.web.exposure.include=health
       - management.endpoint.health.probes.enabled=true
@@ -151,9 +151,9 @@ services:
       - ZEEBE_CLIENT_SECRET=${ZEEBE_CLIENT_SECRET}
       - ZEEBE_CLIENT_CONFIG_PATH=/tmp/zeebe_auth_cache
       - ZEEBE_TOKEN_AUDIENCE=zeebe-api
-      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:8080/auth/realms/camunda-platform/protocol/openid-connect/token
+      - ZEEBE_AUTHORIZATION_SERVER_URL=http://keycloak:18080/auth/realms/camunda-platform/protocol/openid-connect/token
       - CAMUNDA_OPERATE_CLIENT_URL=http://operate:8080
-      - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
+      - CAMUNDA_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
       - CAMUNDA_IDENTITY_CLIENT_ID=connectors
       - CAMUNDA_IDENTITY_CLIENT_SECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_IDENTITY_TYPE=KEYCLOAK
@@ -185,8 +185,8 @@ services:
       - SPRING_PROFILES_ACTIVE=ccsm
       - CAMUNDA_OPTIMIZE_ZEEBE_ENABLED=true
       - CAMUNDA_OPTIMIZE_ENTERPRISE=false
-      - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${HOST}:18080/auth/realms/camunda-platform
-      - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:8080/auth/realms/camunda-platform
+      - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_URL=http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
+      - CAMUNDA_OPTIMIZE_IDENTITY_ISSUER_BACKEND_URL=http://keycloak:18080/auth/realms/camunda-platform
       - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTID=optimize
       - CAMUNDA_OPTIMIZE_IDENTITY_CLIENTSECRET=XALaRPl5qwTEItdwCMiPS62nVpKs7dL7
       - CAMUNDA_OPTIMIZE_IDENTITY_AUDIENCE=optimize-api
@@ -219,8 +219,8 @@ services:
     environment: # https://docs.camunda.io/docs/self-managed/identity/deployment/configuration-variables/
       SERVER_PORT: 8084
       IDENTITY_RETRY_DELAY_SECONDS: 30
-      KEYCLOAK_URL: http://keycloak:8080/auth
-      IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:8080/auth/realms/camunda-platform
+      KEYCLOAK_URL: http://keycloak:18080/auth
+      IDENTITY_AUTH_PROVIDER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform
       IDENTITY_DATABASE_HOST: postgres
       IDENTITY_DATABASE_PORT: 5432
       IDENTITY_DATABASE_NAME: bitnami_keycloak
@@ -303,16 +303,17 @@ services:
     volumes:
       - keycloak-theme:/opt/bitnami/keycloak/themes/identity
     ports:
-      - "18080:8080"
+      - "18080:18080"
     environment:
+      KEYCLOAK_HTTP_PORT: 18080
       KEYCLOAK_HTTP_RELATIVE_PATH: /auth
       KEYCLOAK_DATABASE_HOST: postgres
       KEYCLOAK_DATABASE_PASSWORD: "#3]O?4RGj)DE7Z!9SA5"
       KEYCLOAK_ADMIN_USER: admin
       KEYCLOAK_ADMIN_PASSWORD: admin
     restart: on-failure
     healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost:8080/auth" ]
+      test: [ "CMD", "curl", "-f", "http://localhost:18080/auth" ]
       interval: 30s
       timeout: 15s
       retries: 5

diff --git a/docker-compose/versions/camunda-8.6/docker-compose-web-modeler.yaml b/docker-compose/versions/camunda-8.6/docker-compose-web-modeler.yaml
@@ -23,14 +23,17 @@ services:
       - modeler
     volumes:
       - postgres-web:/var/lib/postgresql/data
+    profiles:
+      - ''
+      - web-modeler-standalone
 
   modeler-websockets:
     container_name: modeler-websockets
     image: registry.camunda.cloud/web-modeler-ee/modeler-websockets:${CAMUNDA_WEB_MODELER_VERSION}
     ports:
       - "8060:8060"
     healthcheck:
-      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up" ]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8060/up"]
       interval: 5s
       timeout: 15s
       retries: 30
@@ -42,12 +45,15 @@ services:
       PUSHER_APP_SECRET: modeler-app-secret
     networks:
       - modeler
+    profiles:
+      - ''
+      - web-modeler-standalone
 
-  mailpit:
+  modeler-mailpit:
     # If you want to use your own SMTP server, you can remove this container
     # and configure RESTAPI_MAIL_HOST, RESTAPI_MAIL_PORT, REST_API_MAIL_USER,
     # REST_API_MAIL_PASSWORD and RESTAPI_MAIL_ENABLE_TLS in modeler-restapi
-    container_name: mailpit
+    container_name: modeler-mailpit
     image: axllent/mailpit:${MAILPIT_VERSION}
     ports:
       - "1025:1025"
@@ -57,6 +63,9 @@ services:
       interval: 30s
     networks:
       - modeler
+    profiles:
+      - ''
+      - web-modeler-standalone
 
   # Modeler containers
   modeler-restapi:
@@ -66,10 +75,10 @@ services:
     depends_on:
       modeler-db:
         condition: service_healthy
-      mailpit:
+      modeler-mailpit:
         condition: service_started
     healthcheck:
-      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness" ]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8091/health/readiness"]
       interval: 5s
       timeout: 15s
       retries: 30
@@ -89,13 +98,16 @@ services:
       RESTAPI_OAUTH2_TOKEN_ISSUER: http://${KEYCLOAK_HOST}:18080/auth/realms/camunda-platform
       RESTAPI_OAUTH2_TOKEN_ISSUER_BACKEND_URL: http://keycloak:18080/auth/realms/camunda-platform
       RESTAPI_SERVER_URL: http://localhost:8070
-      RESTAPI_MAIL_HOST: mailpit
+      RESTAPI_MAIL_HOST: modeler-mailpit
       RESTAPI_MAIL_PORT: 1025
       RESTAPI_MAIL_ENABLE_TLS: "false"
       RESTAPI_MAIL_FROM_ADDRESS: "[email protected]"
     networks:
-    - modeler
-    - camunda-platform
+      - modeler
+      - camunda-platform
+    profiles:
+      - ''
+      - web-modeler-standalone
 
   modeler-webapp:
     container_name: modeler-webapp
@@ -106,7 +118,7 @@ services:
       modeler-restapi:
         condition: service_healthy
     healthcheck:
-      test: [ "CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness" ]
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8071/health/readiness"]
       interval: 5s
       timeout: 15s
       retries: 30
@@ -133,6 +145,9 @@ services:
     networks:
       - modeler
       - camunda-platform
+    profiles:
+      - ''
+      - web-modeler-standalone
 
 networks:
   camunda-platform: