enrich the setup. setup fixes. minimize the consolidation plan

2026-02-26 08:46:06 +02:00
parent 63c70a6d37
commit 4fe8eb56ae
26 changed files with 1568 additions and 646 deletions
--- a/devops/runtime-assets/Dockerfile.runtime-assets
+++ b/devops/runtime-assets/Dockerfile.runtime-assets
@@ -0,0 +1,55 @@
+# ---------------------------------------------------------------------------
+# Dockerfile.runtime-assets
+#
+# Lightweight data image that packages runtime assets (ML models, JDK, Ghidra,
+# certificates) into named volumes for Stella Ops services.
+#
+# Usage:
+#   1. Acquire assets first:
+#      ./devops/runtime-assets/acquire.sh --all
+#
+#   2. Build the data image:
+#      docker build -f devops/runtime-assets/Dockerfile.runtime-assets \
+#        -t stellaops/runtime-assets:latest .
+#
+#   3. Use in docker-compose (see docker-compose.runtime-assets.yml)
+#
+# The image runs a one-shot copy to populate named volumes, then exits.
+# Services mount the same volumes read-only.
+# ---------------------------------------------------------------------------
+
+FROM busybox:1.37 AS base
+
+LABEL org.opencontainers.image.title="stellaops-runtime-assets"
+LABEL org.opencontainers.image.description="Runtime data assets for Stella Ops (ML models, certificates, tools)"
+LABEL org.opencontainers.image.vendor="stella-ops.org"
+
+# ---------------------------------------------------------------------------
+# ML Models
+# ---------------------------------------------------------------------------
+COPY src/AdvisoryAI/StellaOps.AdvisoryAI/models/ /data/models/
+
+# ---------------------------------------------------------------------------
+# Certificates and trust bundles
+# ---------------------------------------------------------------------------
+COPY etc/trust-profiles/assets/ /data/certificates/trust-profiles/
+COPY etc/authority/keys/ /data/certificates/authority/
+
+# ---------------------------------------------------------------------------
+# License attribution (required by Apache-2.0 and MIT)
+# ---------------------------------------------------------------------------
+COPY NOTICE.md /data/licenses/NOTICE.md
+COPY third-party-licenses/ /data/licenses/third-party/
+
+# ---------------------------------------------------------------------------
+# Manifest for verification
+# ---------------------------------------------------------------------------
+COPY devops/runtime-assets/manifest.yaml /data/manifest.yaml
+
+# ---------------------------------------------------------------------------
+# Entrypoint: copy assets to volume mount points, then exit
+# ---------------------------------------------------------------------------
+COPY devops/runtime-assets/init-volumes.sh /init-volumes.sh
+RUN chmod +x /init-volumes.sh
+
+ENTRYPOINT ["/init-volumes.sh"]