temporal/compose.yaml

services:
  db:
    image: postgres:18.0
    environment:
      - POSTGRES_HOST_AUTH_METHOD=trust
      - POSTGRES_USER=temporal
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
      - POSTGRES_DB=temporal
    networks:
      - internal
    volumes:
      - 'postgresql_data:/var/lib/postgresql/data'
    secrets:
      - db_password

  temporal:
    image: temporalio/auto-setup:1.29.0
    depends_on:
      - db
    configs:
      - source: entrypoint
        target: /entrypoint.sh
        mode: 0555
      - source: dynamicconfig # This might be better as a volume
        target: /etc/temporal/config/dynamicconfig/development-sql.yaml
    entrypoint: /entrypoint.sh
    command: "autosetup"
    environment:
      - DB=postgres12
      - DB_PORT=5432
      - POSTGRES_USER=temporal
      - POSTGRES_PWD_FILE=/run/secrets/db_password # entrypoint.sh exports POSTGRES_PWD
      - POSTGRES_SEEDS=db
      - DYNAMIC_CONFIG_FILE_PATH=config/dynamicconfig/development-sql.yaml # What is this
    networks:
      - internal
    secrets:
      - db_password

  admin-tools:
    image: temporalio/admin-tools:1.29
    depends_on:
      - temporal
    networks:
      - internal
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CLI_ADDRESS=temporal:7233

  ui:
    image: temporalio/ui:2.41.0
    depends_on:
      - temporal
    networks:
      - internal
      - proxy
    # entrypoint: ["tail"]
    # command: ["-f", "/dev/null"]
    environment:
      - TEMPORAL_ADDRESS=temporal:7233
      - TEMPORAL_CORS_ORIGINS=https://${DOMAIN}
      - TEMPORAL_AUTH_ENABLED
      - TEMPORAL_AUTH_PROVIDER_URL
      - TEMPORAL_AUTH_ISSUER_URL
      - TEMPORAL_AUTH_CLIENT_ID
      - TEMPORAL_AUTH_CLIENT_SECRET
      - TEMPORAL_AUTH_CALLBACK_URL
      - TEMPORAL_AUTH_SCOPES
      - LOG_LEVEL=debug
    deploy:
      update_config:
        failure_action: rollback
        order: start-first
      labels:
        - "caddy=${DOMAIN}"
        - "caddy.reverse_proxy={{upstreams 8080}}"
        - "caddy.tls.on_demand="

secrets:
  db_password:
    external: true
    name: ${STACK_NAME}_db_password

volumes:
  postgresql_data:

networks:
  proxy:
    external: true
  internal:

configs:
  entrypoint:
    file: entrypoint.sh
  dynamicconfig:
    file: dynamicconfig/development-sql.yaml