stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
aaa5fbfb784e217a5797de2c9dc5b0ee17f8a0d7
git.stella-ops.org/deploy/compose/README.md
master 791e12baab
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Add tests and implement StubBearer authentication for Signer endpoints 
- Created SignerEndpointsTests to validate the SignDsse and VerifyReferrers endpoints.
- Implemented StubBearerAuthenticationDefaults and StubBearerAuthenticationHandler for token-based authentication.
- Developed ConcelierExporterClient for managing Trivy DB settings and export operations.
- Added TrivyDbSettingsPageComponent for UI interactions with Trivy DB settings, including form handling and export triggering.
- Implemented styles and HTML structure for Trivy DB settings page.
- Created NotifySmokeCheck tool for validating Redis event streams and Notify deliveries.
2025-10-21 09:37:07 +03:00

2.5 KiB
Raw Blame History

StellaOps Compose Profiles

These Compose bundles ship the minimum services required to exercise the scanner pipeline plus control-plane dependencies. Every profile is pinned to immutable image digests sourced from deploy/releases/*.yaml and is linted via docker compose config in CI.

Layout

Path Purpose
docker-compose.dev.yaml Edge/nightly stack tuned for laptops and iterative work.
docker-compose.stage.yaml Stable channel stack mirroring pre-production clusters.
docker-compose.airgap.yaml Stable stack with air-gapped defaults (no outbound hostnames).
docker-compose.mirror.yaml Managed mirror topology for *.stella-ops.org distribution (Concelier + Excititor + CDN gateway).
env/*.env.example Seed .env files that document required secrets and ports per profile.

Usage

cp env/dev.env.example dev.env
docker compose --env-file dev.env -f docker-compose.dev.yaml config
docker compose --env-file dev.env -f docker-compose.dev.yaml up -d

The stage and airgap variants behave the same way—swap the file names accordingly. All profiles expose 443/8443 for the UI and REST APIs, and they share a stellaops Docker network scoped to the compose project.

Scanner event stream settings

Scanner WebService can emit signed scanner.report.* events to Redis Streams when SCANNER__EVENTS__ENABLED=true. Each profile ships environment placeholders you can override in the .env file:

  • SCANNER_EVENTS_ENABLED toggle emission on/off (defaults to false).
  • SCANNER_EVENTS_DRIVER currently only redis is supported.
  • SCANNER_EVENTS_DSN Redis endpoint; leave blank to reuse the queue DSN when it uses redis://.
  • SCANNER_EVENTS_STREAM stream name (stella.events by default).
  • SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS per-publish timeout window (defaults to 5).
  • SCANNER_EVENTS_MAX_STREAM_LENGTH max stream length before Redis trims entries (defaults to 10000).

Helm values mirror the same knobs under each services env map (see deploy/helm/stellaops/values-*.yaml).

Updating to a new release

  1. Import the new manifest into deploy/releases/ (see deploy/README.md).
  2. Update image digests in the relevant Compose file(s).
  3. Re-run docker compose config to confirm the bundle is deterministic.

Keep digests synchronized between Compose, Helm, and the release manifest to preserve reproducibility guarantees. deploy/tools/validate-profiles.sh performs a quick audit.