root: move docker files to lifecycle/containers and change docker-compose to compose (#16624)

.github/actions/setup/action.yml

@@ -50,13 +50,13 @@ runs:
       if: ${{ contains(inputs.dependencies, 'runtime') }}
       uses: AndreKurait/docker-cache@0fe76702a40db986d9663c24954fc14c6a6031b7
       with:
-        key: docker-images-${{ runner.os }}-${{ hashFiles('.github/actions/setup/docker-compose.yml', 'Makefile') }}-${{ inputs.postgresql_version }}
+        key: docker-images-${{ runner.os }}-${{ hashFiles('.github/actions/setup/compose.yml', 'Makefile') }}-${{ inputs.postgresql_version }}
     - name: Setup dependencies
       if: ${{ contains(inputs.dependencies, 'runtime') }}
       shell: bash
       run: |
         export PSQL_TAG=${{ inputs.postgresql_version }}
-        docker compose -f .github/actions/setup/docker-compose.yml up -d
+        docker compose -f .github/actions/setup/compose.yml up -d
         cd web && npm i
     - name: Generate config
       if: ${{ contains(inputs.dependencies, 'python') }}

.github/actions/setup/compose.yml

@@ -11,11 +11,6 @@ services:
     ports:
       - 5432:5432
     restart: always
-  redis:
-    image: docker.io/library/redis:7
-    ports:
-      - 6379:6379
-    restart: always
   s3:
     container_name: s3
     image: docker.io/zenko/cloudserver

.github/workflows/_reusable-docker-build-single.yml

@@ -85,6 +85,7 @@ jobs:
         id: push
         with:
           context: .
+          file: lifecycle/container/Dockerfile
           push: ${{ steps.ev.outputs.shouldPush == 'true' }}
           secrets: |
             GEOIPUPDATE_ACCOUNT_ID=${{ secrets.GEOIPUPDATE_ACCOUNT_ID }}

.github/workflows/ci-main-daily.yml

@@ -24,5 +24,5 @@ jobs:
           dir="/tmp/authentik/${{ matrix.version }}"
           mkdir -p $dir
           cd $dir
-          wget https://${{ matrix.version }}.goauthentik.io/docker-compose.yml
+          wget https://${{ matrix.version }}.goauthentik.io/compose.yml
           ${current}/scripts/test_docker.sh

.github/workflows/ci-main.yml

@@ -199,7 +199,7 @@ jobs:
         uses: ./.github/actions/setup
       - name: Setup e2e env (chrome, etc)
         run: |
-          docker compose -f tests/e2e/docker-compose.yml up -d --quiet-pull
+          docker compose -f tests/e2e/compose.yml up -d --quiet-pull
       - id: cache-web
         uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v4
         with:

.github/workflows/ci-outpost.yml

@@ -114,7 +114,7 @@ jobs:
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
         with:
           tags: ${{ steps.ev.outputs.imageTags }}
-          file: ${{ matrix.type }}.Dockerfile
+          file: lifecycle/container/${{ matrix.type }}.Dockerfile
           push: ${{ steps.ev.outputs.shouldPush == 'true' }}
           build-args: |
             GIT_BUILD_HASH=${{ steps.ev.outputs.sha }}

.github/workflows/release-publish.yml

@@ -121,7 +121,7 @@ jobs:
           build-args: |
             VERSION=${{ github.ref }}
           tags: ${{ steps.ev.outputs.imageTags }}
-          file: ${{ matrix.type }}.Dockerfile
+          file: lifecycle/container/${{ matrix.type }}.Dockerfile
           platforms: linux/amd64,linux/arm64
           context: .
       - uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3

.gitignore

@@ -211,4 +211,4 @@ source_docs/
 /vendor/
 
 ### Docker ###
-docker-compose.override.yml
+compose.override.yml

CODEOWNERS

@@ -16,10 +16,8 @@ go.sum                                  @goauthentik/backend
 # Infrastructure
 .github/                                @goauthentik/infrastructure
 lifecycle/aws/                          @goauthentik/infrastructure
-Dockerfile                              @goauthentik/infrastructure
-*Dockerfile                             @goauthentik/infrastructure
+lifecycle/container/                    @goauthentik/infrastructure
 .dockerignore                           @goauthentik/infrastructure
-docker-compose.yml                      @goauthentik/infrastructure
 Makefile                                @goauthentik/infrastructure
 .editorconfig                           @goauthentik/infrastructure
 CODEOWNERS                              @goauthentik/infrastructure

Makefile

@@ -148,7 +148,7 @@ gen-build:  ## Extract the schema from the database
 		uv run ak spectacular --file schema.yml
 
 gen-compose:
-	uv run scripts/generate_docker_compose.py
+	uv run scripts/generate_compose.py
 
 gen-changelog:  ## (Release) generate the changelog based from the commits since the last tag
 	git log --pretty=format:" - %s" $(shell git describe --tags $(shell git rev-list --tags --max-count=1))...$(shell git branch --show-current) | sort > changelog.md
@@ -156,7 +156,7 @@ gen-changelog:  ## (Release) generate the changelog based from the commits since
 
 gen-diff:  ## (Release) generate the changelog diff between the current schema and the last tag
 	git show $(shell git describe --tags $(shell git rev-list --tags --max-count=1)):schema.yml > schema-old.yml
-	docker compose -f scripts/api/docker-compose.yml run --rm --user "${UID}:${GID}" diff \
+	docker compose -f scripts/api/compose.yml run --rm --user "${UID}:${GID}" diff \
 		--markdown \
 		/local/diff.md \
 		/local/schema-old.yml \
@@ -179,7 +179,7 @@ gen-clean-go:  ## Remove generated API client for Go
 gen-clean: gen-clean-ts gen-clean-go gen-clean-py  ## Remove generated API clients
 
 gen-client-ts: gen-clean-ts  ## Build and install the authentik API for Typescript into the authentik UI Application
-	docker compose -f scripts/api/docker-compose.yml run --rm --user "${UID}:${GID}" gen \
+	docker compose -f scripts/api/compose.yml run --rm --user "${UID}:${GID}" gen \
 		generate \
 		-i /local/schema.yml \
 		-g typescript-fetch \
@@ -300,7 +300,7 @@ docs-api-clean: ## Clean generated API documentation
 
 docker:  ## Build a docker image of the current source tree
 	mkdir -p ${GEN_API_TS}
-	DOCKER_BUILDKIT=1 docker build . --progress plain --tag ${DOCKER_IMAGE}
+	DOCKER_BUILDKIT=1 docker build . -f lifecycle/container/Dockerfile --progress plain --tag ${DOCKER_IMAGE}
 
 test-docker:
 	BUILD=true ${PWD}/scripts/test_docker.sh

scripts/generate_compose.py

@@ -77,5 +77,5 @@ base = {
     },
 }
 
-with open("docker-compose.yml", "w") as _compose:
+with open("lifecycle/container/compose.yml", "w") as _compose:
     safe_dump(base, _compose)

scripts/test_docker.sh

@@ -5,29 +5,29 @@ hash="$(git rev-parse HEAD || openssl rand -base64 36 | sha256sum)"
 AUTHENTIK_IMAGE="xghcr.io/goauthentik/server"
 AUTHENTIK_TAG="$(echo "$hash" | cut -c1-15)"
 
-if [ -f .env ]; then
+if [ -f lifecycle/container/.env ]; then
     echo "Existing .env file, aborting"
     exit 1
 fi
 
-echo PG_PASS="$(openssl rand -base64 36 | tr -d '\n')" >.env
-echo AUTHENTIK_SECRET_KEY="$(openssl rand -base64 60 | tr -d '\n')" >>.env
+echo PG_PASS="$(openssl rand -base64 36 | tr -d '\n')" >lifecycle/container/.env
+echo AUTHENTIK_SECRET_KEY="$(openssl rand -base64 60 | tr -d '\n')" >>lifecycle/container/.env
 export COMPOSE_PROJECT_NAME="authentik-test-${AUTHENTIK_TAG}"
 
 if [[ -v BUILD ]]; then
-    echo AUTHENTIK_IMAGE="${AUTHENTIK_IMAGE}" >>.env
-    echo AUTHENTIK_TAG="${AUTHENTIK_TAG}" >>.env
+    echo AUTHENTIK_IMAGE="${AUTHENTIK_IMAGE}" >>lifecycle/container/.env
+    echo AUTHENTIK_TAG="${AUTHENTIK_TAG}" >>lifecycle/container/.env
 
     # Ensure buildx is installed
     docker buildx install
     # For release builds we have an empty client here as we use the NPM package
     mkdir -p ./gen-ts-api
-    touch .env
+    touch lifecycle/container/.env
 
     docker build -t "${AUTHENTIK_IMAGE}:${AUTHENTIK_TAG}" .
 fi
 
-docker compose up --no-start
-docker compose start postgresql
-docker compose run -u root server test-all
-docker compose down -v
+docker compose -f lifecycle/container/compose.yml up --no-start
+docker compose -f lifecycle/container/compose.yml start postgresql
+docker compose -f lifecycle/container/compose.yml run -u root server test-all
+docker compose -f lifecycle/container/compose.yml down -v

website/.gitignore

@@ -28,7 +28,7 @@ yarn-debug.log*
 yarn-error.log*
 
 !integrations/**/media
-**/static/docker-compose.yml
+**/static/compose.yml
 **/static/releases.gen.json
 **/static/schema.yml
 api/reference

website/Dockerfile

@@ -17,7 +17,7 @@ RUN --mount=type=bind,target=/work/website/package.json,src=./website/package.js
 COPY ./website /work/website/
 COPY ./blueprints /work/blueprints/
 COPY ./schema.yml /work/
-COPY ./docker-compose.yml /work/
+COPY ./lifecycle/container/compose.yml /work/lifecycle/container/
 COPY ./SECURITY.md /work/
 
 RUN npm run build

website/docs/developer-docs/setup/debugging.md

@@ -32,7 +32,7 @@ A local clone of the authentik repository is required to be able to set breakpoi
 
 The debug port needs to be accessible on the local machine. By default, this is port 9901. Additionally, the container being debugged must be started as `root`, because additional dependencies need to be installed on startup.
 
-When running in Docker Compose, a file `docker-compose.override.yml` can be created next to the authentik docker-compose.yml file to expose the port, change the user, and enable debug mode.
+When running in Docker Compose, a file `compose.override.yml` can be created next to the authentik `compose.yml` file to expose the port, change the user, and enable debug mode.
 
 ```yaml
 services:

website/docs/developer-docs/setup/frontend-dev-environment.md

@@ -17,12 +17,6 @@ If you're focusing solely on frontend development, you can create a minimal deve
 - [Docker Compose](https://docs.docker.com/compose/) (Compose v2)
 - [Make](https://www.gnu.org/software/make/) (3 or later)
 
-:::info
-
-Depending on platform, some native dependencies might be required. On macOS, run `brew install node@24`, and for Docker `brew install --cask docker`
-
-:::
-
 ### Instructions
 
 1. Clone the Git repo to your development machine and navigate to the authentik directory.
@@ -32,21 +26,21 @@ Depending on platform, some native dependencies might be required. On macOS, run
     cd authentik
     ```
 
-2. From the cloned repository, follow the Docker Compose [installation instructions](../../install-config/install/docker-compose.mdx).
-
-3. Create a `.env` file in the root of the repository to configure the Docker Compose environment.
+2. Run the following to create a `.env` file in the `lifecycle/container` directory of the repository to configure the Docker Compose environment.
 
     ```shell
-    AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
-    AUTHENTIK_TAG=gh-next
-    AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-next
-    AUTHENTIK_LOG_LEVEL=debug
-    GIT_BUILD_HASH="dev"
+    echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./lifecycle/container/.env
+    echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./lifecycle/container/.env
+    echo "AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server" >> ./lifecycle/container/.env
+    echo "AUTHENTIK_TAG=gh-next" >> ./lifecycle/container/.env
+    echo "AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-next" >> ./lifecycle/container/.env
+    echo "AUTHENTIK_LOG_LEVEL=debug" >> ./lifecycle/container/.env
+    echo "GIT_BUILD_HASH="dev"" >> ./lifecycle/container/.env
     ```
 
-4. Create a Docker Compose override file (`docker-compose.override.yml`) in the same directory as the `docker-compose.yml`. This will override the volume configurations for the local configuration file (`local.env.yml`) and mount the directory for the frontend code (`web`) into the docker containers. By creating this file in the root of the repository, Docker will automatically mount the web files generated by the build process. The `local.env.yml` mount is optional, but allows you to override the default configuration.
+3. Create a Docker Compose override file (`compose.override.yml`) in the root of the repository. This will override the volume configurations for the local configuration file (`local.env.yml`) and mount the directory for the frontend code (`web`) into the docker containers. Docker will automatically mount the web files generated by the build process. The `local.env.yml` mount is optional, but allows you to override the default configuration.
 
-    ```yaml title="docker-compose.override.yml"
+    ```yaml title="compose.override.yml"
     services:
         server:
             volumes:
@@ -54,17 +48,17 @@ Depending on platform, some native dependencies might be required. On macOS, run
                 - ./local.env.yml:/local.env.yml
     ```
 
-5. From the repository root, run the front-end build script. This will install the npm packages needed to run the frontend project and start the project in watch mode.
+4. From the repository root, run the front-end build script. This will install the npm packages needed to run the frontend project and start the project in watch mode.
 
     ```shell
     make node-install
     make web-watch
     ```
 
-6. In a new terminal, navigate to the cloned repository root and start the backend containers with Docker Compose.
+5. In a new terminal, navigate to the cloned repository root and start the backend containers with Docker Compose.
 
     ```shell
-    docker compose up
+    docker compose -f lifecycle/container/compose.yml up -d
     ```
 
 You can now access authentik on http://localhost:9000 (or https://localhost:9443).

website/docs/developer-docs/setup/full-dev-environment.mdx

@@ -46,7 +46,7 @@ authentik depends on several external services:
 The easiest way to set up these services is using the provided Docker Compose configuration:
 
 ```shell
-docker compose -f scripts/docker-compose.yml up -d
+docker compose -f scripts/compose.yml up -d
 ```
 
 ## 3. Installing platform-specific dependencies
@@ -179,7 +179,7 @@ When `AUTHENTIK_DEBUG` is set to `true` (the default for the development environ
 Start the E2E test services with the following command:
 
 ```shell
-docker compose -f tests/e2e/docker-compose.yml up -d
+docker compose -f tests/e2e/compose.yml up -d
 ```
 
 You can then view the Selenium Chrome browser via http://localhost:7900/ using the password: `secret`.

website/docs/docusaurus.config.esm.mjs

@@ -34,7 +34,7 @@ const releaseEnvironment = prepareReleaseEnvironment();
 
 const files = [
     // ---
-    resolve(authentikModulePath, "docker-compose.yml"),
+    resolve(authentikModulePath, "lifecycle/container/compose.yml"),
 ];
 
 await Promise.all(

website/docs/install-config/install/docker-compose.mdx

@@ -1,5 +1,5 @@
 ---
-title: Docker Compose installation
+title: Compose installation
 ---
 
 This installation method is for test setups and small-scale production setups.
@@ -7,8 +7,8 @@ This installation method is for test setups and small-scale production setups.
 ## Requirements
 
 - A host with at least 2 CPU cores and 2 GB of RAM
-- Docker
-- Docker Compose (Compose v2, see [instructions for upgrade](https://docs.docker.com/compose/migrate/))
+- Podman or Docker
+- Podman or Docker Compose (Compose v2, see [instructions for upgrade](https://docs.docker.com/compose/migrate/))
 
 ## Video
 
@@ -24,7 +24,7 @@ This installation method is for test setups and small-scale production setups.
 
 ## Preparation
 
-To download the latest `docker-compose.yml` open your terminal and navigate to the directory of your choice.
+To download the latest `compose.yml` open your terminal and navigate to the directory of your choice.
 Run the following command:
 
 import TabItem from "@theme/TabItem";
@@ -34,12 +34,12 @@ import Tabs from "@theme/Tabs";
 <Tabs groupId="OS">
     <TabItem value="Linux" label="Linux" default>
         ```shell
-        wget https://docs.goauthentik.io/docker-compose.yml
+        wget https://docs.goauthentik.io/compose.yml
         ```
     </TabItem>
     <TabItem value="macOS" label="macOS">
         ```shell
-        curl -O https://docs.goauthentik.io/docker-compose.yml
+        curl -O https://docs.goauthentik.io/compose.yml
         ```
     </TabItem>
 </Tabs>
@@ -83,7 +83,7 @@ docker compose pull
 docker compose up -d
 ```
 
-The `docker-compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `docker-compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../../../releases/).
+The `compose.yml` file statically references the latest version available at the time of downloading the compose file. Each time you upgrade to a newer version of authentik, you download a new `compose.yml` file, which points to the latest available version. For more information, refer to the **Upgrading** section in the [Release Notes](../../../releases/).
 
 To start the initial setup, navigate to `http://<your server's IP or hostname>:9000/if/flow/initial-setup/`.
 

website/docs/install-config/upgrade.mdx

@@ -33,9 +33,9 @@ import Tabs from "@theme/Tabs";
   <TabItem value="docker-compose" label="Docker Compose" default>
     In your terminal, navigate to your installation directory and follow these steps:
 
-    #### 1. Retrieve latest `docker-compose.yml` file
+    #### 1. Retrieve latest `compose.yml` file
 
-    Download the `docker-compose.yml` file using either `wget -O docker-compose.yml https://docs.goauthentik.io/docker-compose.yml` or `curl -O https://docs.goauthentik.io/docker-compose.yml` or a similar process.
+    Download the `compose.yml` file using either `wget -O compose.yml https://docs.goauthentik.io/compose.yml` or `curl -O https://docs.goauthentik.io/compose.yml` or a similar process.
 
     **2. Run upgrade commands**
 

website/docs/sys-mgmt/certificates.md

@@ -129,7 +129,7 @@ You can configure the certificate used by authentik's core webserver, which allo
 
 ### Let's Encrypt integration
 
-To use Let's Encrypt certificates with Certbot in Docker Compose deployments, create or edit the `docker-compose.override.yml` file in the same directory as your authentik Docker Compose file. The example below demonstrates the use of the AWS Route 53 DNS plugin:
+To use Let's Encrypt certificates with Certbot in Docker Compose deployments, create or edit the `compose.override.yml` file in the same directory as your authentik Docker Compose file. The example below demonstrates the use of the AWS Route 53 DNS plugin:
 
 ```yaml
 services:

website/docs/sys-mgmt/ops/geoip.mdx

@@ -61,7 +61,8 @@ Sign up for a free MaxMind account [here](https://www.maxmind.com/en/geolite2/si
     {label: 'Kubernetes', value: 'kubernetes'},
   ]}>
   <TabItem value="docker-compose">
-Add the following block to a `docker-compose.override.yml` file in the same folder as the authentik docker-compose file:
+
+Add the following block to a `compose.override.yml` file in the same folder as the authentik docker-compose file:
 
 ```yaml
 services:

website/docs/troubleshooting/postgres/upgrade_docker.md

@@ -28,7 +28,7 @@ If you use Docker volumes: `docker volume rm -f authentik_database`.
 
 If your data is a file path: `rm -rf /path/to/v12-data`
 
-### Modify your docker-compose.yml file
+### Modify your compose.yml file
 
 Update the PostgreSQL service image from `docker.io/library/postgres:12-alpine` to `docker.io/library/postgres:16-alpine`.