part #2
This commit is contained in:
master
@@ -51,10 +51,11 @@ using StellaOps.Scanner.Worker.Processing.Entropy;
|
||||
using StellaOps.Scanner.Worker.Processing.Secrets;
|
||||
using StellaOps.Scanner.Worker.Processing.ServiceSecurity;
|
||||
using StellaOps.Scanner.Worker.Processing.Surface;
|
||||
using StellaOps.Worker.Health;
|
||||
using System.Diagnostics;
|
||||
using System.IO;
|
||||
|
||||
var builder = Host.CreateApplicationBuilder(args);
|
||||
var builder = WebApplication.CreateSlimBuilder(args);
|
||||
|
||||
builder.Services.AddOptions<ScannerWorkerOptions>()
|
||||
.BindConfiguration(ScannerWorkerOptions.SectionName)
|
||||
@@ -92,6 +93,7 @@ builder.Services.AddSingleton(new DeterminismContext(
|
||||
workerOptions.Determinism.FilterLogs,
|
||||
workerOptions.Determinism.ConcurrencyLimit));
|
||||
builder.Services.AddSingleton<IDeterministicRandomProvider>(_ => new DeterministicRandomProvider(workerOptions.Determinism.RngSeed));
|
||||
builder.Services.AddSingleton<DeterministicRandomService>();
|
||||
builder.Services.AddScannerCache(builder.Configuration);
|
||||
builder.Services.AddSurfaceEnvironment(options =>
|
||||
{
|
||||
@@ -173,8 +175,21 @@ else
|
||||
{
|
||||
builder.Services.TryAddSingleton<IRubyPackageInventoryStore, NullRubyPackageInventoryStore>();
|
||||
builder.Services.TryAddSingleton<IBunPackageInventoryStore, NullBunPackageInventoryStore>();
|
||||
// Provide fallback registrations for services used by unconditionally-registered components
|
||||
builder.Services.TryAddSingleton(new StellaOps.Scanner.Storage.ScannerStorageOptions());
|
||||
builder.Services.TryAddSingleton<StellaOps.Scanner.Storage.ObjectStore.IArtifactObjectStore, NullArtifactObjectStore>();
|
||||
}
|
||||
|
||||
// Unwrap IOptions<ScannerStorageOptions> to concrete type for classes that take it directly (e.g. ReplayBundleFetcher)
|
||||
builder.Services.TryAddSingleton(sp =>
|
||||
{
|
||||
var opts = sp.GetService<Microsoft.Extensions.Options.IOptions<StellaOps.Scanner.Storage.ScannerStorageOptions>>();
|
||||
return opts?.Value ?? new StellaOps.Scanner.Storage.ScannerStorageOptions();
|
||||
});
|
||||
|
||||
// Ensure IEpssProvider is available even without storage (null fallback)
|
||||
builder.Services.TryAddSingleton<StellaOps.Scanner.Core.Epss.IEpssProvider, NullEpssProvider>();
|
||||
|
||||
builder.Services.TryAddSingleton<IScanJobSource, NullScanJobSource>();
|
||||
builder.Services.TryAddSingleton<IPluginCatalogGuard, RestartOnlyPluginGuard>();
|
||||
builder.Services.AddSingleton<IOSAnalyzerPluginCatalog, OsAnalyzerPluginCatalog>();
|
||||
@@ -260,9 +275,22 @@ if (workerOptions.Secrets.Enabled)
|
||||
builder.Services.AddOptions<StellaOps.Scanner.Core.Configuration.PoEConfiguration>()
|
||||
.BindConfiguration("PoE")
|
||||
.ValidateOnStart();
|
||||
// SubgraphExtractor dependencies (null defaults for environments without richgraph/vulnsurface infra)
|
||||
builder.Services.TryAddSingleton<StellaOps.Scanner.Reachability.IRichGraphStore, NullRichGraphStore>();
|
||||
builder.Services.TryAddSingleton<StellaOps.Scanner.Reachability.IEntryPointResolver, NullEntryPointResolver>();
|
||||
builder.Services.TryAddSingleton<StellaOps.Scanner.Reachability.IVulnSurfaceService, NullVulnSurfaceService>();
|
||||
builder.Services.AddSingleton<StellaOps.Scanner.Reachability.IReachabilityResolver, StellaOps.Scanner.Reachability.SubgraphExtractor>();
|
||||
// PoEArtifactGenerator dependency (null default for environments without signing infra)
|
||||
builder.Services.TryAddSingleton<StellaOps.Attestor.IDsseSigningService, NullDsseSigningService>();
|
||||
// PoEEmissionOptions is a positional record without parameterless ctor - configure explicitly
|
||||
builder.Services.AddSingleton(Microsoft.Extensions.Options.Options.Create(StellaOps.Attestor.PoEEmissionOptions.Default));
|
||||
builder.Services.AddSingleton<StellaOps.Attestor.IProofEmitter, StellaOps.Attestor.PoEArtifactGenerator>();
|
||||
builder.Services.AddSingleton<StellaOps.Signals.Storage.IPoECasStore, StellaOps.Signals.Storage.PoECasStore>();
|
||||
// PoECasStore needs a string casRoot parameter - use factory
|
||||
builder.Services.AddSingleton<StellaOps.Signals.Storage.IPoECasStore>(sp =>
|
||||
new StellaOps.Signals.Storage.PoECasStore(
|
||||
Environment.GetEnvironmentVariable("POE_CAS_ROOT") ?? "/tmp/poe-cas",
|
||||
sp.GetRequiredService<ILogger<StellaOps.Signals.Storage.PoECasStore>>(),
|
||||
sp.GetService<TimeProvider>()));
|
||||
builder.Services.AddSingleton<StellaOps.Scanner.Worker.Orchestration.PoEOrchestrator>();
|
||||
builder.Services.AddSingleton<IScanStageExecutor, StellaOps.Scanner.Worker.Processing.PoE.PoEGenerationStageExecutor>();
|
||||
|
||||
@@ -356,21 +384,25 @@ builder.Logging.Configure(options =>
|
||||
| ActivityTrackingOptions.ParentId;
|
||||
});
|
||||
|
||||
var host = builder.Build();
|
||||
builder.Services.AddWorkerHealthChecks();
|
||||
|
||||
var app = builder.Build();
|
||||
|
||||
// Fail fast if surface configuration is invalid at startup.
|
||||
using (var scope = host.Services.CreateScope())
|
||||
using (var scope = app.Services.CreateScope())
|
||||
{
|
||||
var services = scope.ServiceProvider;
|
||||
var env = services.GetRequiredService<ISurfaceEnvironment>();
|
||||
var runner = services.GetRequiredService<ISurfaceValidatorRunner>();
|
||||
await runner.EnsureAsync(
|
||||
SurfaceValidationContext.Create(services, "Scanner.Worker.Startup", env.Settings),
|
||||
host.Services.GetRequiredService<IHostApplicationLifetime>().ApplicationStopping)
|
||||
app.Services.GetRequiredService<IHostApplicationLifetime>().ApplicationStopping)
|
||||
.ConfigureAwait(false);
|
||||
}
|
||||
|
||||
await host.RunAsync();
|
||||
app.MapWorkerHealthEndpoints();
|
||||
|
||||
await app.RunAsync();
|
||||
|
||||
// Make Program class file-scoped to prevent it from being exposed to referencing assemblies
|
||||
file sealed partial class Program;
|
||||
|
||||
Reference in New Issue
Block a user