stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Orchestrator decomposition: replace JobEngine with release-orchestrator + workflow services

Browse Source 
- Remove jobengine and jobengine-worker containers from docker-compose
- Create release-orchestrator service (120 endpoints) with full auth, tenant, and infrastructure DI
- Wire workflow engine to PostgreSQL with definition store (wf_definitions table)
- Deploy 4 canonical workflow definitions on startup (release-promotion, scan-execution, advisory-refresh, compliance-sweep)
- Fix workflow definition JSON to match canonical contract schema (set-state, call-transport, decision)
- Add WorkflowClient to release-orchestrator for starting workflow instances on promotion
- Add WorkflowTriggerClient + endpoint to scheduler for triggering workflows from system schedules
- Update gateway routes from jobengine.stella-ops.local to release-orchestrator.stella-ops.local
- Remove Platform.Database dependency on JobEngine.Infrastructure
- Fix workflow csproj duplicate Content items (EmbeddedResource + SDK default)
- System-managed schedules with source column, SystemScheduleBootstrap, inline edit UI

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-07 09:57:42 +03:00
parent 1b11e4aafc
commit 9d47cabc37
72 changed files with 7781 additions and 4480 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
devops/compose/docker-compose.stella-ops.yml
View File

@@ -855,8 +855,10 @@ services:
CONCELIER_AUTHORITY__RESILIENCE__OFFLINECACHETOLERANCE: "${AUTHORITY_OFFLINE_CACHE_TOLERANCE:-00:30:00}"
Router__Enabled: "${CONCELIER_ROUTER_ENABLED:-true}"
Router__Messaging__ConsumerGroup: "concelier"
CONCELIER_IMPORT__STAGINGROOT: "/var/lib/concelier/import"
volumes:
- concelier-jobs:/var/lib/concelier/jobs
- ${STELLAOPS_AIRGAP_IMPORT_DIR:-./airgap-import}:/var/lib/concelier/import:ro
- *cert-volume
- *ca-bundle
ports:
@@ -1173,16 +1175,16 @@ services:
- riskengine-worker.stella-ops.local
labels: *release-labels
# --- Slot 17: Orchestrator -------------------------------------------------
jobengine:
<<: *resources-heavy
image: stellaops/orchestrator:dev
container_name: stellaops-jobengine
# --- Slot 48: Release Orchestrator ------------------------------------------
release-orchestrator:
<<: *resources-medium
image: stellaops/release-orchestrator:dev
container_name: stellaops-release-orchestrator
restart: unless-stopped
depends_on: *depends-infra
environment:
ASPNETCORE_URLS: "http://+:8080"
<<: [*kestrel-cert, *router-microservice-defaults, *gc-heavy]
<<: [*kestrel-cert, *router-microservice-defaults, *gc-medium]
ConnectionStrings__Default: *postgres-connection
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
Authority__ResourceServer__Authority: "https://authority.stella-ops.local/"
@@ -1194,43 +1196,28 @@ services:
Authority__ResourceServer__BypassNetworks__2: "::1/128"
Authority__ResourceServer__BypassNetworks__3: "0.0.0.0/0"
Authority__ResourceServer__BypassNetworks__4: "::/0"
Router__Enabled: "${ORCHESTRATOR_ROUTER_ENABLED:-true}"
Router__Messaging__ConsumerGroup: "jobengine"
Router__Enabled: "${RELEASE_ORCHESTRATOR_ROUTER_ENABLED:-true}"
Router__Messaging__ConsumerGroup: "release-orchestrator"
volumes:
- *cert-volume
- *ca-bundle
ports:
- "127.1.0.17:80:80"
- "127.1.0.47:80:8080"
networks:
stellaops:
aliases:
- jobengine.stella-ops.local
- orchestrator.stella-ops.local
- release-orchestrator.stella-ops.local
frontdoor: {}
healthcheck:
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/80'"]
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/8080'"]
<<: *healthcheck-tcp
labels: *release-labels
jobengine-worker:
<<: *resources-medium
image: stellaops/orchestrator-worker:dev
container_name: stellaops-jobengine-worker
restart: unless-stopped
depends_on: *depends-infra
environment:
<<: [*kestrel-cert, *gc-medium]
ConnectionStrings__Default: *postgres-connection
ConnectionStrings__Redis: "cache.stella-ops.local:6379"
volumes:
- *cert-volume
healthcheck:
<<: *healthcheck-worker
networks:
stellaops:
aliases:
- jobengine-worker.stella-ops.local
labels: *release-labels
# --- Slot 17: Orchestrator (DECOMPOSED) -------------------------------------
# jobengine and jobengine-worker removed.
# Release endpoints → release-orchestrator service (Slot 47)
# Workflow orchestration → workflow service (Slot 46)
# Scheduler remains in Slot 14 (scheduler-web / scheduler-worker)
# --- Slot 18: TaskRunner ---------------------------------------------------
taskrunner-web:
@@ -2428,6 +2415,37 @@ services:
<<: *healthcheck-tcp
labels: *release-labels
# --- Workflow Engine --------------------------------------------------------
workflow:
<<: *resources-medium
image: stellaops/workflow-web:dev
container_name: stellaops-workflow
restart: unless-stopped
depends_on: *depends-infra
environment:
ASPNETCORE_URLS: "http://+:8080"
<<: [*kestrel-cert, *router-microservice-defaults, *gc-medium]
ConnectionStrings__WorkflowPostgres: *postgres-connection
WorkflowBackend__Provider: "Postgres"
WorkflowBackend__Postgres__SchemaName: "workflow"
WorkflowBackend__Postgres__ConnectionStringName: "WorkflowPostgres"
WorkflowSignalDriver__Provider: "Native"
Router__Enabled: "true"
Router__Messaging__ConsumerGroup: "workflow"
volumes:
- *cert-volume
ports:
- "127.1.0.46:80:8080"
networks:
stellaops:
aliases:
- workflow.stella-ops.local
frontdoor: {}
healthcheck:
test: ["CMD-SHELL", "bash -c 'echo > /dev/tcp/$(hostname)/8080'"]
<<: *healthcheck-tcp
labels: *release-labels
# --- Console (Angular frontend) -------------------------------------------
# web-ui is replaced by router-gateway serving static files from console-dist volume.
# The console-builder init container copies Angular dist to the shared volume.