# syntax=docker/dockerfile:1.4 # StellaOps Platform Image - Build Once, Deploy Everywhere # Builds ALL crypto plugins unconditionally for runtime selection # ============================================================================ # Stage 1: SDK Build - Build ALL Projects and Crypto Plugins # ============================================================================ FROM mcr.microsoft.com/dotnet/sdk:10.0-preview AS build WORKDIR /src # Copy solution and project files for dependency restore COPY Directory.Build.props Directory.Build.targets nuget.config ./ COPY src/StellaOps.sln ./src/ # Copy all crypto plugin projects COPY src/__Libraries/StellaOps.Cryptography/ ./src/__Libraries/StellaOps.Cryptography/ COPY src/__Libraries/StellaOps.Cryptography.DependencyInjection/ ./src/__Libraries/StellaOps.Cryptography.DependencyInjection/ COPY src/__Libraries/StellaOps.Cryptography.PluginLoader/ ./src/__Libraries/StellaOps.Cryptography.PluginLoader/ # Crypto plugins - ALL built unconditionally COPY src/__Libraries/StellaOps.Cryptography.Plugin.OfflineVerification/ ./src/__Libraries/StellaOps.Cryptography.Plugin.OfflineVerification/ # Note: Additional crypto plugins can be added here when available: # COPY src/__Libraries/StellaOps.Cryptography.Plugin.eIDAS/ ./src/__Libraries/StellaOps.Cryptography.Plugin.eIDAS/ # COPY src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/ ./src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/ # COPY src/__Libraries/StellaOps.Cryptography.Plugin.SM/ ./src/__Libraries/StellaOps.Cryptography.Plugin.SM/ # Copy all module projects COPY src/Authority/ ./src/Authority/ COPY src/Signer/ ./src/Signer/ COPY src/Attestor/ ./src/Attestor/ COPY src/Concelier/ ./src/Concelier/ COPY src/Scanner/ ./src/Scanner/ COPY src/AirGap/ ./src/AirGap/ COPY src/Excititor/ ./src/Excititor/ COPY src/Policy/ ./src/Policy/ COPY src/Scheduler/ ./src/Scheduler/ COPY src/Notify/ ./src/Notify/ COPY src/Zastava/ ./src/Zastava/ COPY src/Gateway/ ./src/Gateway/ COPY src/Cli/ ./src/Cli/ # Copy shared libraries COPY src/__Libraries/ ./src/__Libraries/ # Restore dependencies RUN dotnet restore src/StellaOps.sln # Build entire solution (Release configuration) RUN dotnet build src/StellaOps.sln --configuration Release --no-restore # Publish all web services and libraries # This creates /app/publish with all assemblies including crypto plugins RUN dotnet publish src/Authority/StellaOps.Authority.WebService/StellaOps.Authority.WebService.csproj \ --configuration Release --no-build --output /app/publish/authority RUN dotnet publish src/Signer/StellaOps.Signer.WebService/StellaOps.Signer.WebService.csproj \ --configuration Release --no-build --output /app/publish/signer RUN dotnet publish src/Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj \ --configuration Release --no-build --output /app/publish/attestor RUN dotnet publish src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj \ --configuration Release --no-build --output /app/publish/concelier RUN dotnet publish src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj \ --configuration Release --no-build --output /app/publish/scanner RUN dotnet publish src/Excititor/StellaOps.Excititor.WebService/StellaOps.Excititor.WebService.csproj \ --configuration Release --no-build --output /app/publish/excititor RUN dotnet publish src/Policy/StellaOps.Policy.WebService/StellaOps.Policy.WebService.csproj \ --configuration Release --no-build --output /app/publish/policy RUN dotnet publish src/Scheduler/StellaOps.Scheduler.WebService/StellaOps.Scheduler.WebService.csproj \ --configuration Release --no-build --output /app/publish/scheduler RUN dotnet publish src/Notify/StellaOps.Notify.WebService/StellaOps.Notify.WebService.csproj \ --configuration Release --no-build --output /app/publish/notify RUN dotnet publish src/Zastava/StellaOps.Zastava.WebService/StellaOps.Zastava.WebService.csproj \ --configuration Release --no-build --output /app/publish/zastava RUN dotnet publish src/Gateway/StellaOps.Gateway.WebService/StellaOps.Gateway.WebService.csproj \ --configuration Release --no-build --output /app/publish/gateway RUN dotnet publish src/AirGap/StellaOps.AirGap.Importer/StellaOps.AirGap.Importer.csproj \ --configuration Release --no-build --output /app/publish/airgap-importer RUN dotnet publish src/AirGap/StellaOps.AirGap.Exporter/StellaOps.AirGap.Exporter.csproj \ --configuration Release --no-build --output /app/publish/airgap-exporter RUN dotnet publish src/Cli/StellaOps.Cli/StellaOps.Cli.csproj \ --configuration Release --no-build --output /app/publish/cli # Copy crypto plugin manifest COPY etc/crypto-plugins-manifest.json /app/publish/etc/ # ============================================================================ # Stage 2: Runtime Base - Contains ALL Crypto Plugins # ============================================================================ FROM mcr.microsoft.com/dotnet/aspnet:10.0-preview AS runtime-base WORKDIR /app # Install dependencies for crypto providers # PostgreSQL client for Authority/Concelier/etc RUN apt-get update && apt-get install -y \ postgresql-client \ && rm -rf /var/lib/apt/lists/* # Copy all published assemblies (includes all crypto plugins) COPY --from=build /app/publish /app/ # Expose common ports (these can be overridden by docker-compose) EXPOSE 8080 8443 # Labels LABEL com.stellaops.image.type="platform" LABEL com.stellaops.image.variant="all-plugins" LABEL com.stellaops.crypto.plugins="offline-verification" # Additional plugins will be added as they become available: # LABEL com.stellaops.crypto.plugins="offline-verification,eidas,cryptopro,sm" # Health check placeholder (can be overridden per service) HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD curl -f http://localhost:8080/health || exit 1 # ============================================================================ # Service-Specific Final Stages # ============================================================================ # Authority Service FROM runtime-base AS authority WORKDIR /app/authority ENTRYPOINT ["dotnet", "StellaOps.Authority.WebService.dll"] # Signer Service FROM runtime-base AS signer WORKDIR /app/signer ENTRYPOINT ["dotnet", "StellaOps.Signer.WebService.dll"] # Attestor Service FROM runtime-base AS attestor WORKDIR /app/attestor ENTRYPOINT ["dotnet", "StellaOps.Attestor.WebService.dll"] # Concelier Service FROM runtime-base AS concelier WORKDIR /app/concelier ENTRYPOINT ["dotnet", "StellaOps.Concelier.WebService.dll"] # Scanner Service FROM runtime-base AS scanner WORKDIR /app/scanner ENTRYPOINT ["dotnet", "StellaOps.Scanner.WebService.dll"] # Excititor Service FROM runtime-base AS excititor WORKDIR /app/excititor ENTRYPOINT ["dotnet", "StellaOps.Excititor.WebService.dll"] # Policy Service FROM runtime-base AS policy WORKDIR /app/policy ENTRYPOINT ["dotnet", "StellaOps.Policy.WebService.dll"] # Scheduler Service FROM runtime-base AS scheduler WORKDIR /app/scheduler ENTRYPOINT ["dotnet", "StellaOps.Scheduler.WebService.dll"] # Notify Service FROM runtime-base AS notify WORKDIR /app/notify ENTRYPOINT ["dotnet", "StellaOps.Notify.WebService.dll"] # Zastava Service FROM runtime-base AS zastava WORKDIR /app/zastava ENTRYPOINT ["dotnet", "StellaOps.Zastava.WebService.dll"] # Gateway Service FROM runtime-base AS gateway WORKDIR /app/gateway ENTRYPOINT ["dotnet", "StellaOps.Gateway.WebService.dll"] # AirGap Importer (CLI tool) FROM runtime-base AS airgap-importer WORKDIR /app/airgap-importer ENTRYPOINT ["dotnet", "StellaOps.AirGap.Importer.dll"] # AirGap Exporter (CLI tool) FROM runtime-base AS airgap-exporter WORKDIR /app/airgap-exporter ENTRYPOINT ["dotnet", "StellaOps.AirGap.Exporter.dll"] # CLI Tool FROM runtime-base AS cli WORKDIR /app/cli ENTRYPOINT ["dotnet", "StellaOps.Cli.dll"] # ============================================================================ # Build Instructions # ============================================================================ # Build platform image: # docker build -f deploy/docker/Dockerfile.platform --target runtime-base -t stellaops/platform:latest . # # Build specific service: # docker build -f deploy/docker/Dockerfile.platform --target authority -t stellaops/authority:latest . # docker build -f deploy/docker/Dockerfile.platform --target scanner -t stellaops/scanner:latest . # # The platform image contains ALL crypto plugins. # Regional selection happens at runtime via configuration (see Dockerfile.crypto-profile).