5a923d968c
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added PackRunApprovalDecisionService to manage approval workflows for pack runs. - Introduced PackRunApprovalDecisionRequest and PackRunApprovalDecisionResult records. - Implemented logic to apply approval decisions and schedule run resumes based on approvals. - Updated related tests to validate approval decision functionality. test: Enhance tests for PackRunApprovalDecisionService - Created PackRunApprovalDecisionServiceTests to cover various approval scenarios. - Added in-memory stores for approvals and states to facilitate testing. - Validated behavior for applying approvals, including handling missing states. test: Add FilesystemPackRunArtifactUploaderTests for artifact uploads - Implemented tests for FilesystemPackRunArtifactUploader to ensure correct file handling. - Verified that missing files are recorded without exceptions and outputs are written as expected. fix: Update PackRunState creation to include plan reference - Modified PackRunState creation logic to include the plan in the state. chore: Refactor service registration in Program.cs - Updated service registrations in Program.cs to include new approval store and dispatcher services. - Ensured proper dependency injection for PackRunApprovalDecisionService. chore: Enhance TaskRunnerServiceOptions for approval store paths - Added ApprovalStorePath and other paths to TaskRunnerServiceOptions for better configuration. chore: Update PackRunWorkerService to handle artifact uploads - Integrated artifact uploading into PackRunWorkerService upon successful run completion. docs: Update TASKS.md for sprint progress - Documented progress on approvals workflow and related tasks in TASKS.md.
StellaOps Concelier & CLI
This repository hosts the StellaOps Concelier service, its plug-in ecosystem, and the
first-party CLI (stellaops-cli). Concelier ingests vulnerability advisories from
authoritative sources, stores them in MongoDB, and exports deterministic JSON and
Trivy DB artefacts. The CLI drives scanner distribution, scan execution, and job
control against the Concelier API.
Quickstart
- Prepare a MongoDB instance and (optionally) install
trivy-db/oras. - Copy
etc/concelier.yaml.sampletoetc/concelier.yamland update the storage + telemetry settings. - Copy
etc/authority.yaml.sampletoetc/authority.yaml, review the issuer, token lifetimes, and plug-in descriptors, then edit the companion manifests underetc/authority.plugins/*.yamlto match your deployment. - Start the web service with
dotnet run --project src/Concelier/StellaOps.Concelier.WebService. - Configure the CLI via environment variables (e.g.
STELLAOPS_BACKEND_URL) and trigger jobs withdotnet run --project src/Cli/StellaOps.Cli -- db merge.
Detailed operator guidance is available in docs/10_CONCELIER_CLI_QUICKSTART.md. API and
command reference material lives in docs/09_API_CLI_REFERENCE.md.
Pipeline note: deployment workflows should template etc/concelier.yaml during CI/CD,
injecting environment-specific Mongo credentials and telemetry endpoints. Upcoming
releases will add Microsoft OAuth (Entra ID) authentication support—track the quickstart
for integration steps once available.
Documentation
docs/README.mdnow consolidates the platform index and points to the updated high-level architecture.- Module architecture dossiers now live under
docs/modules/<module>/. The most relevant here aredocs/modules/concelier/ARCHITECTURE.md(service layout, merge engine, exports) anddocs/modules/cli/ARCHITECTURE.md(command surface, AOT packaging, auth flows). Related services such as the Signer, Attestor, Authority, Scanner, UI, Excititor, Zastava, and DevOps pipeline each have their own dossier in the same hierarchy. - Offline operation guidance moved to
docs/24_OFFLINE_KIT.md, which details bundle composition, verification, and delta workflows. Concelier-specific connector operations stay indocs/modules/concelier/operations/connectors/*.mdwith companion runbooks indocs/modules/concelier/operations/.