8598b5d587
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
CI/CD Pipeline / Policy Validation (push) Has been cancelled
CI/CD Pipeline / Test Suite (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
CI/CD Pipeline / Notifications (push) Has been cancelled
Compose Stacks
This folder is for the self-contained local stack (self-signed TLS) and Traefik assets. Remote environments use the shared compose files in infra/base together with infra/scripts/deploy.sh.
Local development (self-signed TLS)
- Copy envs:
cp infra/compose/env.example infra/compose/.envthen set passwords/secrets and the dev domain (defaults tolocal.lan). - Host aliases: add the domain to
/etc/hosts(e.g.127.0.0.1 auth.local.lan api.local.lan grafana.local.lan vault.local.lan minio.local.lan). - Networks:
./infra/scripts/setup-networks.sh(createsapa-frontendandapa-backendused everywhere). - Run:
cd infra/compose && docker compose --env-file .env -f docker-compose.local.yml up -d. - Stop:
docker compose --env-file .env -f docker-compose.local.yml down. - TLS: Traefik mounts
infra/compose/traefik/certs/local.{crt,key}. Regenerate if needed withopenssl req -x509 -newkey rsa:2048 -nodes -keyout infra/compose/traefik/certs/local.key -out infra/compose/traefik/certs/local.crt -days 365 -subj "/CN=*.local.lan".
Cloud / remote (Let’s Encrypt)
- Config lives in
infra/basewith env files ininfra/environments/{development,production}/.env. - Create the same docker networks on the host (
./infra/scripts/setup-networks.sh) so Traefik and services shareapa-frontend/apa-backend. - Deploy on the server:
./infra/scripts/deploy.sh <environment> all(orinfrastructure,monitoring,services). - Certificates: Traefik uses DNS-01 via GoDaddy from the provider env in
infra/base/traefik/config(make sureDOMAIN, ACME email, and provider creds are set in the env file).
Files of note
docker-compose.local.yml– full local stack.traefik/traefik.local.ymlandtraefik/traefik-dynamic.local.yml– static/dynamic Traefik config for local.traefik/certs/– self-signed certs used by the local proxy.env.example– defaults for local.env.