stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
efd6850c38b0f11fd2c4eabf28e6bd552391142e
git.stella-ops.org/ops/devops/signals
History
StellaOps Bot 71e9a56cfd
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
Airgap Sealed CI Smoke / sealed-smoke (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
Signals CI & Image / signals-ci (push) Has been cancelled
Details
feat: Add Scanner CI runner and related artifacts 
- Implemented `run-scanner-ci.sh` to build and run tests for the Scanner solution with a warmed NuGet cache.
- Created `excititor-vex-traces.json` dashboard for monitoring Excititor VEX observations.
- Added Docker Compose configuration for the OTLP span sink in `docker-compose.spansink.yml`.
- Configured OpenTelemetry collector in `otel-spansink.yaml` to receive and process traces.
- Developed `run-spansink.sh` script to run the OTLP span sink for Excititor traces.
- Introduced `FileSystemRiskBundleObjectStore` for storing risk bundle artifacts in the filesystem.
- Built `RiskBundleBuilder` for creating risk bundles with associated metadata and providers.
- Established `RiskBundleJob` to execute the risk bundle creation and storage process.
- Defined models for risk bundle inputs, entries, and manifests in `RiskBundleModels.cs`.
- Implemented signing functionality for risk bundle manifests with `HmacRiskBundleManifestSigner`.
- Created unit tests for `RiskBundleBuilder`, `RiskBundleJob`, and signing functionality to ensure correctness.
- Added filesystem artifact reader tests to validate manifest parsing and artifact listing.
- Included test manifests for egress scenarios in the task runner tests.
- Developed timeline query service tests to verify tenant and event ID handling.
2025-11-30 19:12:35 +02:00
..
dashboards
feat: Add Scanner CI runner and related artifacts
2025-11-30 19:12:35 +02:00
docker-compose.signals.yml
up
2025-11-25 22:09:44 +02:00
docker-compose.spansink.yml
feat: Add Scanner CI runner and related artifacts
2025-11-30 19:12:35 +02:00
Dockerfile
up
2025-11-25 22:09:44 +02:00
otel-spansink.yaml
feat: Add Scanner CI runner and related artifacts
2025-11-30 19:12:35 +02:00
README.md
feat: Add Scanner CI runner and related artifacts
2025-11-30 19:12:35 +02:00
signals.yaml
up
2025-11-25 22:09:44 +02:00

README.md

Signals CI/CD & Local Stack (DEVOPS-SIG-26-001)

Artifacts:

  • Compose stack: ops/devops/signals/docker-compose.signals.yml (Signals API + Mongo + Redis + artifact volume).
  • Sample config: ops/devops/signals/signals.yaml (mounted into the container at /app/signals.yaml if desired).
  • Dockerfile: ops/devops/signals/Dockerfile (multi-stage build on .NET 10 RC).
  • Build/export helper: scripts/signals/build.sh (saves image tar to out/signals/signals-image.tar).
  • Span sink stack: ops/devops/signals/docker-compose.spansink.yml + otel-spansink.yaml to collect OTLP traces (Excititor /v1/vex/observations/**) and write NDJSON to spansink-data volume. Run via scripts/signals/run-spansink.sh.
  • Grafana dashboard stub: ops/devops/signals/dashboards/excititor-vex-traces.json (import into Tempo-enabled Grafana).

Quick start (offline-friendly):

# build image
scripts/signals/build.sh

# run stack
COMPOSE_FILE=ops/devops/signals/docker-compose.signals.yml docker compose up -d

# hit health
curl -s http://localhost:5088/health

# run span sink collector
scripts/signals/run-spansink.sh

Configuration (ENV or YAML):

  • Signals__Mongo__ConnectionString default mongodb://signals-mongo:27017/signals
  • Signals__Cache__ConnectionString default signals-redis:6379
  • Signals__Storage__RootPath default /data/artifacts
  • Authority disabled by default for local; enable with Signals__Authority__Enabled=true and issuer settings.

CI workflow:

  • .gitea/workflows/signals-ci.yml restores, builds, tests, builds container, and uploads signals-image.tar artifact.

Dependencies:

  • Mongo 7 (wiredTiger)
  • Redis 7 (cache)
  • Artifact volume signals_artifacts for callgraph blobs.