stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
79a214d2595955be5e142452bec36baa1ddeb67f
git.stella-ops.org/devops/compose/docker-compose.integrations.yml
master 2fef38b093 Add Vault, Consul, eBPF connector plugins and thorough integration e2e tests 
Backend:
- Add SecretsManager=9 type, Vault=550 and Consul=551 providers to IntegrationEnums
- Create VaultConnectorPlugin (GET /v1/sys/health), ConsulConnectorPlugin
  (GET /v1/status/leader), EbpfAgentConnectorPlugin (GET /api/v1/health)
- Register all 3 plugins in Program.cs and WebService.csproj
- Extend Concelier JobRegistrationExtensions with 20 additional advisory
  source connectors (ghsa, kev, epss, debian, ubuntu, alpine, suse, etc.)
- Add connector project references to Concelier WebService.csproj so
  Type.GetType() can resolve job classes at runtime
- Fix job kind names to match SourceDefinitions IDs (jpcert not jvn,
  oracle not vndr-oracle, etc.)

Infrastructure:
- Add Consul service to docker-compose.integrations.yml (127.1.2.8:8500)
- Add runtime-host nginx fixture to docker-compose.integration-fixtures.yml
  (127.1.1.9:80)

Frontend:
- Mirror SecretsManager/Vault/Consul enum additions in integration.models.ts
- Fix Secrets tab route type from RepoSource to SecretsManager
- Add SecretsManager to parseType() and TYPE_DISPLAY_NAMES

E2E tests (117/117 passing):
- vault-consul-secrets.e2e.spec.ts: compose health, probes, CRUD, UI
- runtime-hosts.e2e.spec.ts: fixture probe, CRUD, hosts tab
- advisory-sync.e2e.spec.ts: 21 sources sync accepted, catalog, management
- ui-onboarding-wizard.e2e.spec.ts: wizard steps for registry/scm/ci
- ui-integration-detail.e2e.spec.ts: detail tabs, health data
- ui-crud-operations.e2e.spec.ts: search, sort, delete
- helpers.ts: shared configs, API helpers, screenshot util
- Updated playwright.integrations.config.ts with reporter and CI retries

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-31 14:39:08 +03:00

379 lines
14 KiB
YAML
Raw Blame History

# =============================================================================
# STELLA OPS - THIRD-PARTY INTEGRATION SERVICES
# =============================================================================
# Real 3rd-party services for local integration testing.
# These are NOT mocks — they are fully functional instances.
#
# Prerequisites:
# The main stellaops network must exist (started via docker-compose.stella-ops.yml).
#
# Usage:
# # Start all integration services
# docker compose -f devops/compose/docker-compose.integrations.yml up -d
#
# # Start specific services only
# docker compose -f devops/compose/docker-compose.integrations.yml up -d gitea jenkins vault
#
# # Start integration services + mock fixtures together
# docker compose \
# -f devops/compose/docker-compose.integrations.yml \
# -f devops/compose/docker-compose.integration-fixtures.yml \
# up -d
#
# Hosts file entries (add to C:\Windows\System32\drivers\etc\hosts):
# 127.1.2.1 gitea.stella-ops.local
# 127.1.2.2 jenkins.stella-ops.local
# 127.1.2.3 nexus.stella-ops.local
# 127.1.2.4 vault.stella-ops.local
# 127.1.2.5 registry.stella-ops.local
# 127.1.2.6 minio.stella-ops.local
# 127.1.2.7 gitlab.stella-ops.local
# 127.1.2.8 consul.stella-ops.local
#
# Default credentials (all services):
# See the environment variables below or docs/integrations/LOCAL_SERVICES.md
# =============================================================================
networks:
stellaops:
external: true
name: stellaops
volumes:
gitea-data:
name: stellaops-gitea-data
gitea-db:
name: stellaops-gitea-db
jenkins-data:
name: stellaops-jenkins-data
nexus-data:
name: stellaops-nexus-data
vault-data:
name: stellaops-vault-data
registry-data:
name: stellaops-registry-data
minio-data:
name: stellaops-minio-data
gitlab-config:
name: stellaops-gitlab-config
gitlab-data:
name: stellaops-gitlab-data
gitlab-logs:
name: stellaops-gitlab-logs
services:
# ===========================================================================
# GITEA — Lightweight Git SCM + CI (Gitea Actions)
# ===========================================================================
# Integration type: SCM (Gitea provider)
# URL: http://gitea.stella-ops.local:3000
# Admin: stellaops / Stella2026!
# API: http://gitea.stella-ops.local:3000/api/v1
# ===========================================================================
gitea:
image: gitea/gitea:1.22-rootless
container_name: stellaops-gitea
restart: unless-stopped
ports:
- "127.1.2.1:3000:3000"
- "127.1.2.1:2222:2222"
environment:
- GITEA__database__DB_TYPE=sqlite3
- GITEA__server__ROOT_URL=http://gitea.stella-ops.local:3000
- GITEA__server__DOMAIN=gitea.stella-ops.local
- GITEA__server__HTTP_PORT=3000
- GITEA__server__SSH_PORT=2222
- GITEA__server__SSH_DOMAIN=gitea.stella-ops.local
- GITEA__service__DISABLE_REGISTRATION=false
- GITEA__service__REQUIRE_SIGNIN_VIEW=false
- GITEA__actions__ENABLED=true
- GITEA__api__ENABLE_SWAGGER=true
- GITEA__security__INSTALL_LOCK=true
- GITEA__security__SECRET_KEY=stellaops-dev-secret-key-2026
- GITEA__security__INTERNAL_TOKEN=stellaops-internal-token-2026-dev
volumes:
- gitea-data:/var/lib/gitea
- gitea-db:/var/lib/gitea/db
networks:
stellaops:
aliases:
- gitea.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://localhost:3000/api/v1/version || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 30s
labels:
com.stellaops.integration: "scm"
com.stellaops.provider: "gitea"
com.stellaops.profile: "integrations"
# ===========================================================================
# JENKINS — CI/CD Pipeline Server
# ===========================================================================
# Integration type: CI/CD (Jenkins provider)
# URL: http://jenkins.stella-ops.local:8080
# Admin: admin / Stella2026!
# API: http://jenkins.stella-ops.local:8080/api/json
# ===========================================================================
jenkins:
image: jenkins/jenkins:lts-jdk21
container_name: stellaops-jenkins
restart: unless-stopped
ports:
- "127.1.2.2:8080:8080"
- "127.1.2.2:50000:50000"
environment:
- JENKINS_OPTS=--prefix=/
- JAVA_OPTS=-Djenkins.install.runSetupWizard=false -Dhudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION=true
volumes:
- jenkins-data:/var/jenkins_home
networks:
stellaops:
aliases:
- jenkins.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8080/api/json || exit 1"]
interval: 30s
timeout: 10s
retries: 5
start_period: 120s
labels:
com.stellaops.integration: "ci-cd"
com.stellaops.provider: "jenkins"
com.stellaops.profile: "integrations"
# ===========================================================================
# NEXUS — Repository Manager (Docker Registry + npm/Maven/NuGet/PyPI)
# ===========================================================================
# Integration type: Registry (Nexus provider)
# URL: http://nexus.stella-ops.local:8081
# Admin: admin / (initial password in /nexus-data/admin.password)
# Docker registry: nexus.stella-ops.local:8082 (hosted)
# Docker proxy: nexus.stella-ops.local:8083 (Docker Hub proxy)
# ===========================================================================
nexus:
image: sonatype/nexus3:3.75.0
container_name: stellaops-nexus
restart: unless-stopped
ports:
- "127.1.2.3:8081:8081" # Nexus UI + API
- "127.1.2.3:8082:8082" # Docker hosted registry
- "127.1.2.3:8083:8083" # Docker proxy registry
environment:
- INSTALL4J_ADD_VM_PARAMS=-Xms512m -Xmx1g -XX:MaxDirectMemorySize=512m
volumes:
- nexus-data:/nexus-data
networks:
stellaops:
aliases:
- nexus.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8081/service/rest/v1/status || exit 1"]
interval: 30s
timeout: 10s
retries: 10
start_period: 120s
labels:
com.stellaops.integration: "registry"
com.stellaops.provider: "nexus"
com.stellaops.profile: "integrations"
# ===========================================================================
# HASHICORP VAULT — Secrets Management
# ===========================================================================
# Integration type: Secrets (Vault provider)
# URL: http://vault.stella-ops.local:8200
# Root token: stellaops-dev-root-token-2026
# API: http://vault.stella-ops.local:8200/v1/sys/health
# ===========================================================================
vault:
image: hashicorp/vault:1.18
container_name: stellaops-vault
restart: unless-stopped
ports:
- "127.1.2.4:8200:8200"
environment:
- VAULT_DEV_ROOT_TOKEN_ID=stellaops-dev-root-token-2026
- VAULT_DEV_LISTEN_ADDRESS=0.0.0.0:8200
- VAULT_ADDR=http://127.0.0.1:8200
- VAULT_API_ADDR=http://vault.stella-ops.local:8200
cap_add:
- IPC_LOCK
volumes:
- vault-data:/vault/data
networks:
stellaops:
aliases:
- vault.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:8200/v1/sys/health || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "secrets"
com.stellaops.provider: "vault"
com.stellaops.profile: "integrations"
# ===========================================================================
# DOCKER REGISTRY — OCI Distribution Registry v2
# ===========================================================================
# Integration type: Registry (Docker Hub / generic OCI)
# URL: http://registry.stella-ops.local:5000
# API: http://registry.stella-ops.local:5000/v2/
# No auth (dev mode) — push/pull freely
# ===========================================================================
docker-registry:
image: registry:2.8
container_name: stellaops-docker-registry
restart: unless-stopped
ports:
- "127.1.2.5:5000:5000"
environment:
- REGISTRY_STORAGE_DELETE_ENABLED=true
- REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin=['*']
- REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods=['HEAD','GET','OPTIONS','DELETE']
volumes:
- registry-data:/var/lib/registry
networks:
stellaops:
aliases:
- oci-registry.stella-ops.local
- docker-registry.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:5000/v2/ || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 5s
labels:
com.stellaops.integration: "registry"
com.stellaops.provider: "docker-registry"
com.stellaops.profile: "integrations"
# ===========================================================================
# MINIO — S3-compatible Object Storage
# ===========================================================================
# Integration type: Storage / Evidence / Airgap bundles
# Console: http://minio.stella-ops.local:9001
# API: http://minio.stella-ops.local:9000
# Access key: stellaops
# Secret key: Stella2026!
# ===========================================================================
minio:
image: minio/minio:RELEASE.2025-02-28T09-55-16Z
container_name: stellaops-minio
restart: unless-stopped
ports:
- "127.1.2.6:9000:9000" # S3 API
- "127.1.2.6:9001:9001" # Console UI
environment:
- MINIO_ROOT_USER=stellaops
- MINIO_ROOT_PASSWORD=Stella2026!
- MINIO_BROWSER_REDIRECT_URL=http://minio.stella-ops.local:9001
command: server /data --console-address ":9001"
volumes:
- minio-data:/data
networks:
stellaops:
aliases:
- minio.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "mc ready local || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "storage"
com.stellaops.provider: "s3"
com.stellaops.profile: "integrations"
# ===========================================================================
# HASHICORP CONSUL — Service Discovery & KV Configuration
# ===========================================================================
# Integration type: Secrets Manager (Consul provider)
# URL: http://consul.stella-ops.local:8500
# No auth (dev mode)
# API: http://consul.stella-ops.local:8500/v1/status/leader
# ===========================================================================
consul:
image: hashicorp/consul:1.19
container_name: stellaops-consul
restart: unless-stopped
ports:
- "127.1.2.8:8500:8500"
command: agent -dev -client=0.0.0.0
networks:
stellaops:
aliases:
- consul.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "consul members || exit 1"]
interval: 15s
timeout: 5s
retries: 5
start_period: 10s
labels:
com.stellaops.integration: "secrets"
com.stellaops.provider: "consul"
com.stellaops.profile: "integrations"
# ===========================================================================
# GITLAB CE — Full Git SCM + CI/CD + Container Registry (optional, heavy)
# ===========================================================================
# Integration type: SCM (GitLab provider) + CI/CD (GitLab CI) + Registry
# URL: http://gitlab.stella-ops.local:8929
# Admin: root / Stella2026!
# Container Registry: gitlab.stella-ops.local:5050
# Requires: ~4 GB RAM, ~2 min startup
#
# Profile: heavy — only start when explicitly requested:
# docker compose -f docker-compose.integrations.yml up -d gitlab
# ===========================================================================
gitlab:
image: gitlab/gitlab-ce:17.8.1-ce.0
container_name: stellaops-gitlab
restart: unless-stopped
ports:
- "127.1.2.7:8929:8929" # HTTP
- "127.1.2.7:2224:22" # SSH
- "127.1.2.7:5050:5050" # Container Registry
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'http://gitlab.stella-ops.local:8929'
gitlab_rails['initial_root_password'] = 'Stella2026!'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
registry_external_url 'http://gitlab.stella-ops.local:5050'
registry['enable'] = true
prometheus_monitoring['enable'] = false
sidekiq['max_concurrency'] = 5
puma['workers'] = 2
puma['min_threads'] = 1
puma['max_threads'] = 2
postgresql['shared_buffers'] = '128MB'
gitlab_rails['env'] = { 'MALLOC_CONF' => 'dirty_decay_ms:1000,muzzy_decay_ms:1000' }
volumes:
- gitlab-config:/etc/gitlab
- gitlab-logs:/var/log/gitlab
- gitlab-data:/var/opt/gitlab
networks:
stellaops:
aliases:
- gitlab.stella-ops.local
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8929/-/readiness || exit 1"]
interval: 60s
timeout: 30s
retries: 10
start_period: 300s
labels:
com.stellaops.integration: "scm,ci-cd,registry"
com.stellaops.provider: "gitlab"
com.stellaops.profile: "integrations-heavy"
profiles:
- heavy
Reference in New Issue View Git Blame Copy Permalink