# This docker-compose file is only used for running integration tests and generating docs. As such we're making some
# allowances with regards to ignoring kics-scan checks.
# kics-scan ignore

name: gcp-cloud-run-app-testing

services:
  test:
    image: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform:1.6
    entrypoint: ["bash", "-c"]
    environment:
      # This unsets the GOOGLE_APPLICATION_CREDENTIALS as it is not required but the logan-terraform images sets it.
      - GOOGLE_APPLICATION_CREDENTIALS=
      - GOOGLE_IMPERSONATE_SERVICE_ACCOUNT=terraform-deploy@infra-testing-int-e2395220.iam.gserviceaccount.com
    volumes:
      - .:/workdir:rw
      - ~/.config/gcloud/application_default_credentials.json:/root/.config/gcloud/application_default_credentials.json:ro
    cap_drop:
      - "ALL"
  terraform-docs:
    image: quay.io/terraform-docs/terraform-docs:0.17.0
    entrypoint: ["."]
    working_dir: /workdir
    volumes:
      - .:/workdir:rw
    cap_drop:
      - "ALL"