354 lines
14 KiB
YAML
354 lines
14 KiB
YAML
x-release-labels: &release-labels
|
|
com.stellaops.release.version: "2025.10.0-edge"
|
|
com.stellaops.release.channel: "edge"
|
|
com.stellaops.profile: "dev"
|
|
|
|
networks:
|
|
stellaops:
|
|
driver: bridge
|
|
|
|
volumes:
|
|
rustfs-data:
|
|
concelier-jobs:
|
|
nats-data:
|
|
valkey-data:
|
|
advisory-ai-queue:
|
|
advisory-ai-plans:
|
|
advisory-ai-outputs:
|
|
postgres-data:
|
|
|
|
services:
|
|
postgres:
|
|
image: docker.io/library/postgres:16
|
|
restart: unless-stopped
|
|
environment:
|
|
POSTGRES_USER: "${POSTGRES_USER:-stellaops}"
|
|
POSTGRES_PASSWORD: "${POSTGRES_PASSWORD:-stellaops}"
|
|
POSTGRES_DB: "${POSTGRES_DB:-stellaops_platform}"
|
|
PGDATA: /var/lib/postgresql/data/pgdata
|
|
volumes:
|
|
- postgres-data:/var/lib/postgresql/data
|
|
ports:
|
|
- "${POSTGRES_PORT:-5432}:5432"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
valkey:
|
|
image: docker.io/valkey/valkey:8.0
|
|
restart: unless-stopped
|
|
command: ["valkey-server", "--appendonly", "yes"]
|
|
volumes:
|
|
- valkey-data:/data
|
|
ports:
|
|
- "${VALKEY_PORT:-6379}:6379"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
rustfs:
|
|
image: registry.stella-ops.org/stellaops/rustfs:2025.10.0-edge
|
|
command: ["serve", "--listen", "0.0.0.0:8080", "--root", "/data"]
|
|
restart: unless-stopped
|
|
environment:
|
|
RUSTFS__LOG__LEVEL: info
|
|
RUSTFS__STORAGE__PATH: /data
|
|
volumes:
|
|
- rustfs-data:/data
|
|
ports:
|
|
- "${RUSTFS_HTTP_PORT:-8080}:8080"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
nats:
|
|
image: docker.io/library/nats@sha256:c82559e4476289481a8a5196e675ebfe67eea81d95e5161e3e78eccfe766608e
|
|
command:
|
|
- "-js"
|
|
- "-sd"
|
|
- /data
|
|
restart: unless-stopped
|
|
ports:
|
|
- "${NATS_CLIENT_PORT:-4222}:4222"
|
|
volumes:
|
|
- nats-data:/data
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
authority:
|
|
image: registry.stella-ops.org/stellaops/authority@sha256:a8e8faec44a579aa5714e58be835f25575710430b1ad2ccd1282a018cd9ffcdd
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
environment:
|
|
STELLAOPS_AUTHORITY__ISSUER: "${AUTHORITY_ISSUER}"
|
|
STELLAOPS_AUTHORITY__STORAGE__DRIVER: "postgres"
|
|
STELLAOPS_AUTHORITY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
STELLAOPS_AUTHORITY__PLUGINDIRECTORIES__0: "/app/plugins"
|
|
STELLAOPS_AUTHORITY__PLUGINS__CONFIGURATIONDIRECTORY: "/app/etc/authority.plugins"
|
|
volumes:
|
|
- ../../etc/authority.yaml:/etc/authority.yaml:ro
|
|
- ../../etc/authority.plugins:/app/etc/authority.plugins:ro
|
|
ports:
|
|
- "${AUTHORITY_PORT:-8440}:8440"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
signer:
|
|
image: registry.stella-ops.org/stellaops/signer@sha256:8bfef9a75783883d49fc18e3566553934e970b00ee090abee9cb110d2d5c3298
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- authority
|
|
- valkey
|
|
environment:
|
|
SIGNER__AUTHORITY__BASEURL: "https://authority:8440"
|
|
SIGNER__POE__INTROSPECTURL: "${SIGNER_POE_INTROSPECT_URL}"
|
|
SIGNER__CACHE__REDIS__CONNECTIONSTRING: "valkey:6379"
|
|
ports:
|
|
- "${SIGNER_PORT:-8441}:8441"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
attestor:
|
|
image: registry.stella-ops.org/stellaops/attestor@sha256:5cc417948c029da01dccf36e4645d961a3f6d8de7e62fe98d845f07cd2282114
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- signer
|
|
- valkey
|
|
environment:
|
|
ATTESTOR__SIGNER__BASEURL: "https://signer:8441"
|
|
ATTESTOR__CACHE__REDIS__CONNECTIONSTRING: "valkey:6379"
|
|
ports:
|
|
- "${ATTESTOR_PORT:-8442}:8442"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
issuer-directory:
|
|
image: registry.stella-ops.org/stellaops/issuer-directory-web:2025.10.0-edge
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- authority
|
|
environment:
|
|
ISSUERDIRECTORY__CONFIG: "/etc/issuer-directory.yaml"
|
|
ISSUERDIRECTORY__AUTHORITY__ISSUER: "${AUTHORITY_ISSUER}"
|
|
ISSUERDIRECTORY__AUTHORITY__BASEURL: "https://authority:8440"
|
|
ISSUERDIRECTORY__STORAGE__DRIVER: "postgres"
|
|
ISSUERDIRECTORY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
ISSUERDIRECTORY__SEEDCSAFPUBLISHERS: "${ISSUER_DIRECTORY_SEED_CSAF:-true}"
|
|
volumes:
|
|
- ../../etc/issuer-directory.yaml:/etc/issuer-directory.yaml:ro
|
|
ports:
|
|
- "${ISSUER_DIRECTORY_PORT:-8447}:8080"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
concelier:
|
|
image: registry.stella-ops.org/stellaops/concelier@sha256:dafef3954eb4b837e2c424dd2d23e1e4d60fa83794840fac9cd3dea1d43bd085
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
environment:
|
|
CONCELIER__STORAGE__DRIVER: "postgres"
|
|
CONCELIER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
CONCELIER__AUTHORITY__BASEURL: "https://authority:8440"
|
|
volumes:
|
|
- concelier-jobs:/var/lib/concelier/jobs
|
|
ports:
|
|
- "${CONCELIER_PORT:-8445}:8445"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
scanner-web:
|
|
image: registry.stella-ops.org/stellaops/scanner-web@sha256:e0dfdb087e330585a5953029fb4757f5abdf7610820a085bd61b457dbead9a11
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- concelier
|
|
- rustfs
|
|
- nats
|
|
- valkey
|
|
environment:
|
|
SCANNER__STORAGE__DRIVER: "postgres"
|
|
SCANNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
SCANNER__ARTIFACTSTORE__DRIVER: "rustfs"
|
|
SCANNER__ARTIFACTSTORE__ENDPOINT: "http://rustfs:8080/api/v1"
|
|
SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts"
|
|
SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30"
|
|
SCANNER__QUEUE__BROKER: "nats://nats:4222"
|
|
SCANNER__CACHE__REDIS__CONNECTIONSTRING: "valkey:6379"
|
|
SCANNER__EVENTS__ENABLED: "${SCANNER_EVENTS_ENABLED:-false}"
|
|
SCANNER__EVENTS__DRIVER: "${SCANNER_EVENTS_DRIVER:-valkey}"
|
|
SCANNER__EVENTS__DSN: "${SCANNER_EVENTS_DSN:-valkey:6379}"
|
|
SCANNER__EVENTS__STREAM: "${SCANNER_EVENTS_STREAM:-stella.events}"
|
|
SCANNER__EVENTS__PUBLISHTIMEOUTSECONDS: "${SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS:-5}"
|
|
SCANNER__EVENTS__MAXSTREAMLENGTH: "${SCANNER_EVENTS_MAX_STREAM_LENGTH:-10000}"
|
|
SCANNER__OFFLINEKIT__ENABLED: "${SCANNER_OFFLINEKIT_ENABLED:-false}"
|
|
SCANNER__OFFLINEKIT__REQUIREDSSE: "${SCANNER_OFFLINEKIT_REQUIREDSSE:-true}"
|
|
SCANNER__OFFLINEKIT__REKOROFFLINEMODE: "${SCANNER_OFFLINEKIT_REKOROFFLINEMODE:-true}"
|
|
SCANNER__OFFLINEKIT__TRUSTROOTDIRECTORY: "${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}"
|
|
SCANNER__OFFLINEKIT__REKORSNAPSHOTDIRECTORY: "${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}"
|
|
volumes:
|
|
- ${SCANNER_OFFLINEKIT_TRUSTROOTS_HOST_PATH:-./offline/trust-roots}:${SCANNER_OFFLINEKIT_TRUSTROOTDIRECTORY:-/etc/stellaops/trust-roots}:ro
|
|
- ${SCANNER_OFFLINEKIT_REKOR_SNAPSHOT_HOST_PATH:-./offline/rekor-snapshot}:${SCANNER_OFFLINEKIT_REKORSNAPSHOTDIRECTORY:-/var/lib/stellaops/rekor-snapshot}:ro
|
|
ports:
|
|
- "${SCANNER_WEB_PORT:-8444}:8444"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
scanner-worker:
|
|
image: registry.stella-ops.org/stellaops/scanner-worker@sha256:92dda42f6f64b2d9522104a5c9ffb61d37b34dd193132b68457a259748008f37
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- scanner-web
|
|
- rustfs
|
|
- nats
|
|
environment:
|
|
SCANNER__STORAGE__DRIVER: "postgres"
|
|
SCANNER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
SCANNER__ARTIFACTSTORE__DRIVER: "rustfs"
|
|
SCANNER__ARTIFACTSTORE__ENDPOINT: "http://rustfs:8080/api/v1"
|
|
SCANNER__ARTIFACTSTORE__BUCKET: "scanner-artifacts"
|
|
SCANNER__ARTIFACTSTORE__TIMEOUTSECONDS: "30"
|
|
SCANNER__QUEUE__BROKER: "nats://nats:4222"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
scheduler-worker:
|
|
image: registry.stella-ops.org/stellaops/scheduler-worker:2025.10.0-edge
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- nats
|
|
- scanner-web
|
|
command:
|
|
- "dotnet"
|
|
- "StellaOps.Scheduler.Worker.Host.dll"
|
|
environment:
|
|
SCHEDULER__QUEUE__KIND: "Nats"
|
|
SCHEDULER__QUEUE__NATS__URL: "nats://nats:4222"
|
|
SCHEDULER__STORAGE__DRIVER: "postgres"
|
|
SCHEDULER__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
SCHEDULER__WORKER__RUNNER__SCANNER__BASEADDRESS: "${SCHEDULER_SCANNER_BASEADDRESS:-http://scanner-web:8444}"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
notify-web:
|
|
image: ${NOTIFY_WEB_IMAGE:-registry.stella-ops.org/stellaops/notify-web:2025.10.0-edge}
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- authority
|
|
- valkey
|
|
environment:
|
|
DOTNET_ENVIRONMENT: Development
|
|
NOTIFY__STORAGE__DRIVER: "postgres"
|
|
NOTIFY__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
NOTIFY__QUEUE__DRIVER: "nats"
|
|
NOTIFY__QUEUE__NATS__URL: "nats://nats:4222"
|
|
volumes:
|
|
- ../../etc/notify.dev.yaml:/app/etc/notify.yaml:ro
|
|
ports:
|
|
- "${NOTIFY_WEB_PORT:-8446}:8446"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
excititor:
|
|
image: registry.stella-ops.org/stellaops/excititor@sha256:d9bd5cadf1eab427447ce3df7302c30ded837239771cc6433b9befb895054285
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- postgres
|
|
- concelier
|
|
environment:
|
|
EXCITITOR__CONCELIER__BASEURL: "https://concelier:8445"
|
|
EXCITITOR__STORAGE__DRIVER: "postgres"
|
|
EXCITITOR__STORAGE__POSTGRES__CONNECTIONSTRING: "Host=postgres;Port=5432;Database=${POSTGRES_DB:-stellaops_platform};Username=${POSTGRES_USER:-stellaops};Password=${POSTGRES_PASSWORD:-stellaops}"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
advisory-ai-web:
|
|
image: registry.stella-ops.org/stellaops/advisory-ai-web:2025.10.0-edge
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- scanner-web
|
|
environment:
|
|
ADVISORYAI__AdvisoryAI__SbomBaseAddress: "${ADVISORY_AI_SBOM_BASEADDRESS:-http://scanner-web:8444}"
|
|
ADVISORYAI__AdvisoryAI__Queue__DirectoryPath: "/var/lib/advisory-ai/queue"
|
|
ADVISORYAI__AdvisoryAI__Storage__PlanCacheDirectory: "/var/lib/advisory-ai/plans"
|
|
ADVISORYAI__AdvisoryAI__Storage__OutputDirectory: "/var/lib/advisory-ai/outputs"
|
|
ADVISORYAI__AdvisoryAI__Inference__Mode: "${ADVISORY_AI_INFERENCE_MODE:-Local}"
|
|
ADVISORYAI__AdvisoryAI__Inference__Remote__BaseAddress: "${ADVISORY_AI_REMOTE_BASEADDRESS:-}"
|
|
ADVISORYAI__AdvisoryAI__Inference__Remote__ApiKey: "${ADVISORY_AI_REMOTE_APIKEY:-}"
|
|
ports:
|
|
- "${ADVISORY_AI_WEB_PORT:-8448}:8448"
|
|
volumes:
|
|
- advisory-ai-queue:/var/lib/advisory-ai/queue
|
|
- advisory-ai-plans:/var/lib/advisory-ai/plans
|
|
- advisory-ai-outputs:/var/lib/advisory-ai/outputs
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
advisory-ai-worker:
|
|
image: registry.stella-ops.org/stellaops/advisory-ai-worker:2025.10.0-edge
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- advisory-ai-web
|
|
environment:
|
|
ADVISORYAI__AdvisoryAI__SbomBaseAddress: "${ADVISORY_AI_SBOM_BASEADDRESS:-http://scanner-web:8444}"
|
|
ADVISORYAI__AdvisoryAI__Queue__DirectoryPath: "/var/lib/advisory-ai/queue"
|
|
ADVISORYAI__AdvisoryAI__Storage__PlanCacheDirectory: "/var/lib/advisory-ai/plans"
|
|
ADVISORYAI__AdvisoryAI__Storage__OutputDirectory: "/var/lib/advisory-ai/outputs"
|
|
ADVISORYAI__AdvisoryAI__Inference__Mode: "${ADVISORY_AI_INFERENCE_MODE:-Local}"
|
|
ADVISORYAI__AdvisoryAI__Inference__Remote__BaseAddress: "${ADVISORY_AI_REMOTE_BASEADDRESS:-}"
|
|
ADVISORYAI__AdvisoryAI__Inference__Remote__ApiKey: "${ADVISORY_AI_REMOTE_APIKEY:-}"
|
|
volumes:
|
|
- advisory-ai-queue:/var/lib/advisory-ai/queue
|
|
- advisory-ai-plans:/var/lib/advisory-ai/plans
|
|
- advisory-ai-outputs:/var/lib/advisory-ai/outputs
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
web-ui:
|
|
image: registry.stella-ops.org/stellaops/web-ui@sha256:38b225fa7767a5b94ebae4dae8696044126aac429415e93de514d5dd95748dcf
|
|
restart: unless-stopped
|
|
depends_on:
|
|
- scanner-web
|
|
environment:
|
|
STELLAOPS_UI__BACKEND__BASEURL: "https://scanner-web:8444"
|
|
ports:
|
|
- "${UI_PORT:-8443}:8443"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|
|
|
|
cryptopro-csp:
|
|
build:
|
|
context: ../..
|
|
dockerfile: ops/cryptopro/linux-csp-service/Dockerfile
|
|
args:
|
|
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
|
restart: unless-stopped
|
|
environment:
|
|
ASPNETCORE_URLS: "http://0.0.0.0:8080"
|
|
CRYPTOPRO_ACCEPT_EULA: "${CRYPTOPRO_ACCEPT_EULA:-0}"
|
|
volumes:
|
|
- ../../opt/cryptopro/downloads:/opt/cryptopro/downloads:ro
|
|
ports:
|
|
- "${CRYPTOPRO_PORT:-18080}:8080"
|
|
networks:
|
|
- stellaops
|
|
labels: *release-labels
|