# ============================================================================= # STELLA OPS - TESTING STACK # ============================================================================= # Consolidated CI, mock services, and Gitea for integration testing. # Uses different ports to avoid conflicts with development/production services. # # Usage: # docker compose -f devops/compose/docker-compose.testing.yml up -d # # CI infrastructure only: # docker compose -f devops/compose/docker-compose.testing.yml --profile ci up -d # # Mock services only: # docker compose -f devops/compose/docker-compose.testing.yml --profile mock up -d # # Gitea only: # docker compose -f devops/compose/docker-compose.testing.yml --profile gitea up -d # # ============================================================================= x-testing-labels: &testing-labels com.stellaops.profile: "testing" com.stellaops.environment: "ci" networks: testing-net: driver: bridge name: stellaops-testing volumes: # CI volumes ci-postgres-data: name: stellaops-ci-postgres ci-valkey-data: name: stellaops-ci-valkey ci-rustfs-data: name: stellaops-ci-rustfs # Gitea volumes gitea-data: gitea-config: services: # =========================================================================== # CI INFRASTRUCTURE (different ports to avoid conflicts) # =========================================================================== # --------------------------------------------------------------------------- # PostgreSQL 18.1 - Test database (port 5433) # --------------------------------------------------------------------------- postgres-test: image: postgres:18.1-alpine container_name: stellaops-postgres-test profiles: ["ci", "all"] environment: POSTGRES_USER: stellaops_ci POSTGRES_PASSWORD: ci_test_password POSTGRES_DB: stellaops_test POSTGRES_INITDB_ARGS: "--data-checksums" ports: - "${TEST_POSTGRES_PORT:-5433}:5432" volumes: - ci-postgres-data:/var/lib/postgresql/data networks: - testing-net healthcheck: test: ["CMD-SHELL", "pg_isready -U stellaops_ci -d stellaops_test"] interval: 5s timeout: 5s retries: 10 start_period: 10s restart: unless-stopped labels: *testing-labels # --------------------------------------------------------------------------- # Valkey 9.0.1 - Test cache/queue (port 6380) # --------------------------------------------------------------------------- valkey-test: image: valkey/valkey:9.0.1-alpine container_name: stellaops-valkey-test profiles: ["ci", "all"] command: ["valkey-server", "--appendonly", "yes", "--maxmemory", "256mb", "--maxmemory-policy", "allkeys-lru"] ports: - "${TEST_VALKEY_PORT:-6380}:6379" volumes: - ci-valkey-data:/data networks: - testing-net healthcheck: test: ["CMD", "valkey-cli", "ping"] interval: 5s timeout: 5s retries: 5 restart: unless-stopped labels: *testing-labels # --------------------------------------------------------------------------- # RustFS - Test artifact storage (port 8180) # --------------------------------------------------------------------------- rustfs-test: image: registry.stella-ops.org/stellaops/rustfs:2025.09.2 container_name: stellaops-rustfs-test profiles: ["ci", "all"] command: ["serve", "--listen", "0.0.0.0:8080", "--root", "/data"] environment: RUSTFS__LOG__LEVEL: info RUSTFS__STORAGE__PATH: /data ports: - "${TEST_RUSTFS_PORT:-8180}:8080" volumes: - ci-rustfs-data:/data networks: - testing-net restart: unless-stopped labels: *testing-labels # --------------------------------------------------------------------------- # Mock Container Registry (port 5001) # --------------------------------------------------------------------------- mock-registry: image: registry:2 container_name: stellaops-registry-test profiles: ["ci", "all"] ports: - "${TEST_REGISTRY_PORT:-5001}:5000" environment: REGISTRY_STORAGE_DELETE_ENABLED: "true" networks: - testing-net restart: unless-stopped labels: *testing-labels # --------------------------------------------------------------------------- # Sigstore CLI tools (on-demand) # --------------------------------------------------------------------------- rekor-cli: image: ghcr.io/sigstore/rekor-cli:v1.4.3 entrypoint: ["rekor-cli"] command: ["version"] profiles: ["sigstore"] networks: - testing-net labels: *testing-labels cosign: image: ghcr.io/sigstore/cosign:v3.0.4 entrypoint: ["cosign"] command: ["version"] profiles: ["sigstore"] networks: - testing-net labels: *testing-labels # =========================================================================== # MOCK SERVICES (for extended integration testing) # =========================================================================== # --------------------------------------------------------------------------- # Orchestrator mock # --------------------------------------------------------------------------- orchestrator: image: registry.stella-ops.org/stellaops/orchestrator@sha256:97f12856ce870bafd3328bda86833bcccbf56d255941d804966b5557f6610119 container_name: stellaops-orchestrator-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.Orchestrator.WebService.dll"] depends_on: - postgres-test - valkey-test environment: ORCHESTRATOR__STORAGE__DRIVER: "postgres" ORCHESTRATOR__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" ORCHESTRATOR__QUEUE__DRIVER: "valkey" ORCHESTRATOR__QUEUE__VALKEY__URL: "valkey-test:6379" networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # Policy Registry mock # --------------------------------------------------------------------------- policy-registry: image: registry.stella-ops.org/stellaops/policy-registry@sha256:c6cad8055e9827ebcbebb6ad4d6866dce4b83a0a49b0a8a6500b736a5cb26fa7 container_name: stellaops-policy-registry-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.Policy.Engine.dll"] depends_on: - postgres-test environment: POLICY__STORAGE__DRIVER: "postgres" POLICY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # VEX Lens mock # --------------------------------------------------------------------------- vex-lens: image: registry.stella-ops.org/stellaops/vex-lens@sha256:b44e63ecfeebc345a70c073c1ce5ace709c58be0ffaad0e2862758aeee3092fb container_name: stellaops-vex-lens-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.VexLens.dll"] depends_on: - postgres-test environment: VEXLENS__STORAGE__DRIVER: "postgres" VEXLENS__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # Findings Ledger mock # --------------------------------------------------------------------------- findings-ledger: image: registry.stella-ops.org/stellaops/findings-ledger@sha256:71d4c361ba8b2f8b69d652597bc3f2efc8a64f93fab854ce25272a88506df49c container_name: stellaops-findings-ledger-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.Findings.Ledger.WebService.dll"] depends_on: - postgres-test environment: FINDINGSLEDGER__STORAGE__DRIVER: "postgres" FINDINGSLEDGER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # Vuln Explorer API mock # --------------------------------------------------------------------------- vuln-explorer-api: image: registry.stella-ops.org/stellaops/vuln-explorer-api@sha256:7fc7e43a05cbeb0106ce7d4d634612e83de6fdc119aaab754a71c1d60b82841d container_name: stellaops-vuln-explorer-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.VulnExplorer.Api.dll"] depends_on: - findings-ledger networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # Packs Registry mock # --------------------------------------------------------------------------- packs-registry: image: registry.stella-ops.org/stellaops/packs-registry@sha256:1f5e9416c4dc608594ad6fad87c24d72134427f899c192b494e22b268499c791 container_name: stellaops-packs-registry-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.PacksRegistry.dll"] depends_on: - postgres-test environment: PACKSREGISTRY__STORAGE__DRIVER: "postgres" PACKSREGISTRY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" networks: - testing-net labels: *testing-labels # --------------------------------------------------------------------------- # Task Runner mock # --------------------------------------------------------------------------- task-runner: image: registry.stella-ops.org/stellaops/task-runner@sha256:eb5ad992b49a41554f41516be1a6afcfa6522faf2111c08ff2b3664ad2fc954b container_name: stellaops-task-runner-mock profiles: ["mock", "all"] command: ["dotnet", "StellaOps.TaskRunner.WebService.dll"] depends_on: - packs-registry - postgres-test environment: TASKRUNNER__STORAGE__DRIVER: "postgres" TASKRUNNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres-test;Port=5432;Database=stellaops_test;Username=stellaops_ci;Password=ci_test_password" networks: - testing-net labels: *testing-labels # =========================================================================== # GITEA (SCM integration testing) # =========================================================================== # --------------------------------------------------------------------------- # Gitea - Git hosting with package registry # --------------------------------------------------------------------------- gitea: image: gitea/gitea:1.21 container_name: stellaops-gitea-test profiles: ["gitea", "all"] environment: - USER_UID=1000 - USER_GID=1000 # Enable package registry - GITEA__packages__ENABLED=true - GITEA__packages__CHUNKED_UPLOAD_PATH=/data/tmp/package-upload # Enable NuGet - GITEA__packages__NUGET_ENABLED=true # Enable Container registry - GITEA__packages__CONTAINER_ENABLED=true # Database (SQLite for simplicity) - GITEA__database__DB_TYPE=sqlite3 - GITEA__database__PATH=/data/gitea/gitea.db # Server config - GITEA__server__ROOT_URL=http://localhost:${TEST_GITEA_PORT:-3000}/ - GITEA__server__HTTP_PORT=3000 # Disable metrics/telemetry - GITEA__metrics__ENABLED=false # Session config - GITEA__session__PROVIDER=memory # Cache config - GITEA__cache__ADAPTER=memory # Log level - GITEA__log__LEVEL=Warn volumes: - gitea-data:/data - gitea-config:/etc/gitea ports: - "${TEST_GITEA_PORT:-3000}:3000" - "${TEST_GITEA_SSH_PORT:-3022}:22" networks: - testing-net restart: unless-stopped healthcheck: test: ["CMD", "curl", "-f", "http://localhost:3000/api/healthz"] interval: 30s timeout: 10s retries: 3 start_period: 60s labels: *testing-labels