{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://stella-ops.org/schemas/deployment-service-list.schema.json", "title": "StellaOps Deployment Service List Schema", "description": "Schema for deployment service list, compose configuration, and version pins. Unblocks COMPOSE-44-001 through 45-003 (7 tasks).", "type": "object", "definitions": { "ServiceDefinition": { "type": "object", "description": "Service definition for deployment", "required": ["service_id", "name", "image", "version"], "properties": { "service_id": { "type": "string", "pattern": "^[a-z][a-z0-9-]*$", "description": "Unique service identifier (kebab-case)" }, "name": { "type": "string", "description": "Human-readable service name" }, "description": { "type": "string" }, "image": { "type": "string", "description": "Container image (without tag)" }, "version": { "type": "string", "pattern": "^[0-9]+\\.[0-9]+\\.[0-9]+(-[a-z0-9.]+)?$", "description": "Service version (semver)" }, "digest": { "type": "string", "pattern": "^sha256:[a-f0-9]{64}$", "description": "Image digest for pinning" }, "port": { "type": "integer", "minimum": 1, "maximum": 65535, "description": "Primary service port" }, "health_check": { "$ref": "#/definitions/HealthCheck" }, "dependencies": { "type": "array", "items": { "type": "string" }, "description": "Service IDs this service depends on" }, "environment": { "type": "object", "additionalProperties": { "$ref": "#/definitions/EnvVarDefinition" } }, "volumes": { "type": "array", "items": { "$ref": "#/definitions/VolumeMount" } }, "secrets": { "type": "array", "items": { "$ref": "#/definitions/SecretReference" } }, "resources": { "$ref": "#/definitions/ResourceLimits" }, "replicas": { "$ref": "#/definitions/ReplicaConfig" }, "labels": { "type": "object", "additionalProperties": { "type": "string" } }, "annotations": { "type": "object", "additionalProperties": { "type": "string" } } } }, "HealthCheck": { "type": "object", "description": "Health check configuration", "properties": { "endpoint": { "type": "string", "default": "/health" }, "port": { "type": "integer" }, "interval_seconds": { "type": "integer", "default": 30 }, "timeout_seconds": { "type": "integer", "default": 10 }, "retries": { "type": "integer", "default": 3 }, "start_period_seconds": { "type": "integer", "default": 60 } } }, "EnvVarDefinition": { "type": "object", "description": "Environment variable definition", "properties": { "description": { "type": "string" }, "required": { "type": "boolean", "default": false }, "default": { "type": "string" }, "secret": { "type": "boolean", "default": false, "description": "Whether this is a secret value" }, "example": { "type": "string" } } }, "VolumeMount": { "type": "object", "description": "Volume mount configuration", "required": ["name", "mount_path"], "properties": { "name": { "type": "string" }, "mount_path": { "type": "string" }, "read_only": { "type": "boolean", "default": false }, "type": { "type": "string", "enum": ["persistent", "ephemeral", "config", "secret"], "default": "persistent" }, "size": { "type": "string", "pattern": "^[0-9]+(Mi|Gi|Ti)$", "description": "Volume size (e.g., 10Gi)" } } }, "SecretReference": { "type": "object", "description": "Secret reference", "required": ["name"], "properties": { "name": { "type": "string" }, "key": { "type": "string" }, "env_var": { "type": "string", "description": "Environment variable to inject secret" }, "mount_path": { "type": "string", "description": "File path to mount secret" } } }, "ResourceLimits": { "type": "object", "description": "Resource limits and requests", "properties": { "cpu_request": { "type": "string", "pattern": "^[0-9]+(m)?$", "description": "CPU request (e.g., 100m, 1)" }, "cpu_limit": { "type": "string", "pattern": "^[0-9]+(m)?$" }, "memory_request": { "type": "string", "pattern": "^[0-9]+(Mi|Gi)$", "description": "Memory request (e.g., 256Mi)" }, "memory_limit": { "type": "string", "pattern": "^[0-9]+(Mi|Gi)$" } } }, "ReplicaConfig": { "type": "object", "description": "Replica configuration", "properties": { "min": { "type": "integer", "minimum": 0, "default": 1 }, "max": { "type": "integer", "minimum": 1, "default": 1 }, "target_cpu_utilization": { "type": "integer", "minimum": 1, "maximum": 100, "description": "Target CPU utilization for autoscaling" } } }, "DeploymentProfile": { "type": "object", "description": "Deployment profile (dev/staging/prod)", "required": ["profile_id", "name"], "properties": { "profile_id": { "type": "string", "enum": ["dev", "staging", "production", "airgap"] }, "name": { "type": "string" }, "description": { "type": "string" }, "service_overrides": { "type": "object", "additionalProperties": { "$ref": "#/definitions/ServiceOverride" } }, "global_environment": { "type": "object", "additionalProperties": { "type": "string" } }, "network_policy": { "$ref": "#/definitions/NetworkPolicy" }, "security_context": { "$ref": "#/definitions/SecurityContext" } } }, "ServiceOverride": { "type": "object", "description": "Service-specific overrides for a profile", "properties": { "enabled": { "type": "boolean", "default": true }, "replicas": { "$ref": "#/definitions/ReplicaConfig" }, "resources": { "$ref": "#/definitions/ResourceLimits" }, "environment": { "type": "object", "additionalProperties": { "type": "string" } } } }, "NetworkPolicy": { "type": "object", "description": "Network policy configuration", "properties": { "egress_allowed": { "type": "boolean", "default": true }, "allowed_external_hosts": { "type": "array", "items": { "type": "string" }, "description": "Allowed external hosts for egress" }, "internal_only_services": { "type": "array", "items": { "type": "string" }, "description": "Services not exposed externally" } } }, "SecurityContext": { "type": "object", "description": "Security context configuration", "properties": { "run_as_non_root": { "type": "boolean", "default": true }, "read_only_root_filesystem": { "type": "boolean", "default": true }, "drop_capabilities": { "type": "array", "items": { "type": "string" }, "default": ["ALL"] }, "add_capabilities": { "type": "array", "items": { "type": "string" } } } }, "ServiceList": { "type": "object", "description": "Complete service list for deployment", "required": ["list_id", "version", "services"], "properties": { "list_id": { "type": "string" }, "version": { "type": "string" }, "updated_at": { "type": "string", "format": "date-time" }, "services": { "type": "array", "items": { "$ref": "#/definitions/ServiceDefinition" } }, "profiles": { "type": "array", "items": { "$ref": "#/definitions/DeploymentProfile" } }, "dependencies": { "$ref": "#/definitions/ExternalDependencies" }, "observability": { "$ref": "#/definitions/ObservabilityConfig" } } }, "ExternalDependencies": { "type": "object", "description": "External dependencies (databases, queues, etc.)", "properties": { "mongodb": { "$ref": "#/definitions/MongoDbConfig" }, "postgres": { "$ref": "#/definitions/PostgresConfig" }, "redis": { "$ref": "#/definitions/RedisConfig" }, "rabbitmq": { "$ref": "#/definitions/RabbitMqConfig" }, "s3": { "$ref": "#/definitions/S3Config" } } }, "MongoDbConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "version": { "type": "string", "default": "7.0" }, "replica_set": { "type": "boolean", "default": false } } }, "PostgresConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "version": { "type": "string", "default": "16" } } }, "RedisConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "version": { "type": "string", "default": "7" }, "cluster": { "type": "boolean", "default": false } } }, "RabbitMqConfig": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "version": { "type": "string", "default": "3.13" } } }, "S3Config": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "provider": { "type": "string", "enum": ["minio", "aws", "gcs", "azure"], "default": "minio" } } }, "ObservabilityConfig": { "type": "object", "description": "Observability stack configuration", "properties": { "metrics": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "endpoint": { "type": "string", "default": "/metrics" }, "port": { "type": "integer", "default": 9090 } } }, "tracing": { "type": "object", "properties": { "enabled": { "type": "boolean", "default": true }, "otlp_endpoint": { "type": "string" }, "sampling_rate": { "type": "number", "minimum": 0, "maximum": 1, "default": 0.1 } } }, "logging": { "type": "object", "properties": { "level": { "type": "string", "enum": ["trace", "debug", "info", "warn", "error"], "default": "info" }, "format": { "type": "string", "enum": ["json", "text"], "default": "json" } } } } } }, "properties": { "service_list": { "$ref": "#/definitions/ServiceList" } }, "examples": [ { "service_list": { "list_id": "stellaops-2025.10", "version": "2025.10.0", "updated_at": "2025-12-06T10:00:00Z", "services": [ { "service_id": "concelier", "name": "Concelier", "description": "Vulnerability advisory ingestion and merge engine", "image": "ghcr.io/stellaops/concelier", "version": "2025.10.0", "digest": "sha256:abc123def456789012345678901234567890123456789012345678901234abcd", "port": 8080, "health_check": { "endpoint": "/health", "interval_seconds": 30 }, "dependencies": ["mongodb", "redis"], "resources": { "cpu_request": "100m", "cpu_limit": "1000m", "memory_request": "256Mi", "memory_limit": "1Gi" } }, { "service_id": "scanner", "name": "Scanner", "description": "Container scanning with SBOM generation", "image": "ghcr.io/stellaops/scanner", "version": "2025.10.0", "port": 8081, "dependencies": ["concelier", "s3"] }, { "service_id": "findings-ledger", "name": "Findings Ledger", "description": "Vulnerability findings storage", "image": "ghcr.io/stellaops/findings-ledger", "version": "2025.10.0", "port": 8082, "dependencies": ["postgres", "redis"] } ], "profiles": [ { "profile_id": "dev", "name": "Development", "description": "Local development profile", "global_environment": { "ASPNETCORE_ENVIRONMENT": "Development", "LOG_LEVEL": "Debug" } }, { "profile_id": "production", "name": "Production", "description": "Production deployment profile", "security_context": { "run_as_non_root": true, "read_only_root_filesystem": true, "drop_capabilities": ["ALL"] } } ], "dependencies": { "mongodb": { "enabled": true, "version": "7.0" }, "postgres": { "enabled": true, "version": "16" }, "redis": { "enabled": true, "version": "7" } } } } ] }