98e6b76584
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
AOC Guard CI / aoc-verify (push) Has been cancelled
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Policy Lint & Smoke / policy-lint (push) Has been cancelled
Scanner Analyzers / Discover Analyzers (push) Has been cancelled
Scanner Analyzers / Build Analyzers (push) Has been cancelled
Scanner Analyzers / Test Language Analyzers (push) Has been cancelled
Scanner Analyzers / Validate Test Fixtures (push) Has been cancelled
Scanner Analyzers / Verify Deterministic Output (push) Has been cancelled
wine-csp-build / Build Wine CSP Image (push) Has been cancelled
- Implemented PqSoftCryptoProvider for software-only post-quantum algorithms (Dilithium3, Falcon512) using BouncyCastle. - Added PqSoftProviderOptions and PqSoftKeyOptions for configuration. - Created unit tests for Dilithium3 and Falcon512 signing and verification. - Introduced EcdsaPolicyCryptoProvider for compliance profiles (FIPS/eIDAS) with explicit allow-lists. - Added KcmvpHashOnlyProvider for KCMVP baseline compliance. - Updated project files and dependencies for new libraries and testing frameworks.
65 lines
2.0 KiB
YAML
65 lines
2.0 KiB
YAML
# Findings Ledger Docker Compose overlay
|
|
# Append to or reference from your main compose file
|
|
#
|
|
# Usage:
|
|
# docker compose -f docker-compose.yaml -f ops/devops/findings-ledger/compose/docker-compose.ledger.yaml up -d
|
|
|
|
services:
|
|
findings-ledger:
|
|
image: stellaops/findings-ledger:${STELLA_VERSION:-2025.11.0}
|
|
restart: unless-stopped
|
|
env_file:
|
|
- ./env/ledger.${STELLAOPS_ENV:-dev}.env
|
|
environment:
|
|
ASPNETCORE_URLS: http://0.0.0.0:8080
|
|
ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT:-Production}
|
|
# Database connection (override via env file or secrets)
|
|
# LEDGER__DB__CONNECTIONSTRING: see secrets
|
|
# Observability
|
|
LEDGER__OBSERVABILITY__ENABLED: "true"
|
|
LEDGER__OBSERVABILITY__OTLPENDPOINT: ${OTEL_EXPORTER_OTLP_ENDPOINT:-http://otel-collector:4317}
|
|
# Merkle anchoring
|
|
LEDGER__MERKLE__ANCHORINTERVAL: "00:05:00"
|
|
LEDGER__MERKLE__EXTERNALIZE: ${LEDGER_MERKLE_EXTERNALIZE:-false}
|
|
# Attachments
|
|
LEDGER__ATTACHMENTS__MAXSIZEBYTES: "104857600" # 100MB
|
|
LEDGER__ATTACHMENTS__ALLOWEGRESS: ${LEDGER_ATTACHMENTS_ALLOWEGRESS:-true}
|
|
ports:
|
|
- "${LEDGER_PORT:-8188}:8080"
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
healthcheck:
|
|
test: ["CMD", "curl", "-sf", "http://localhost:8080/health/ready"]
|
|
interval: 30s
|
|
timeout: 10s
|
|
retries: 3
|
|
start_period: 15s
|
|
volumes:
|
|
- ledger-data:/app/data
|
|
- ./etc/ledger/appsettings.json:/app/appsettings.json:ro
|
|
networks:
|
|
- stellaops
|
|
|
|
# Migration job (run before starting ledger)
|
|
findings-ledger-migrations:
|
|
image: stellaops/findings-ledger-migrations:${STELLA_VERSION:-2025.11.0}
|
|
command: ["--connection", "${LEDGER__DB__CONNECTIONSTRING}"]
|
|
env_file:
|
|
- ./env/ledger.${STELLAOPS_ENV:-dev}.env
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
networks:
|
|
- stellaops
|
|
profiles:
|
|
- migrations
|
|
|
|
volumes:
|
|
ledger-data:
|
|
driver: local
|
|
|
|
networks:
|
|
stellaops:
|
|
external: true
|