213 lines
8.5 KiB
Docker
213 lines
8.5 KiB
Docker
# syntax=docker/dockerfile:1.4
|
|
# StellaOps Platform Image - Build Once, Deploy Everywhere
|
|
# Builds ALL crypto plugins unconditionally for runtime selection
|
|
|
|
# ============================================================================
|
|
# Stage 1: SDK Build - Build ALL Projects and Crypto Plugins
|
|
# ============================================================================
|
|
FROM mcr.microsoft.com/dotnet/sdk:10.0-preview AS build
|
|
WORKDIR /src
|
|
|
|
# Copy solution and project files for dependency restore
|
|
COPY Directory.Build.props Directory.Build.targets nuget.config ./
|
|
COPY src/StellaOps.sln ./src/
|
|
|
|
# Copy all crypto plugin projects
|
|
COPY src/__Libraries/StellaOps.Cryptography/ ./src/__Libraries/StellaOps.Cryptography/
|
|
COPY src/__Libraries/StellaOps.Cryptography.DependencyInjection/ ./src/__Libraries/StellaOps.Cryptography.DependencyInjection/
|
|
COPY src/__Libraries/StellaOps.Cryptography.PluginLoader/ ./src/__Libraries/StellaOps.Cryptography.PluginLoader/
|
|
|
|
# Crypto plugins - ALL built unconditionally
|
|
COPY src/__Libraries/StellaOps.Cryptography.Plugin.OfflineVerification/ ./src/__Libraries/StellaOps.Cryptography.Plugin.OfflineVerification/
|
|
# Note: Additional crypto plugins can be added here when available:
|
|
# COPY src/__Libraries/StellaOps.Cryptography.Plugin.eIDAS/ ./src/__Libraries/StellaOps.Cryptography.Plugin.eIDAS/
|
|
# COPY src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/ ./src/__Libraries/StellaOps.Cryptography.Plugin.CryptoPro/
|
|
# COPY src/__Libraries/StellaOps.Cryptography.Plugin.SM/ ./src/__Libraries/StellaOps.Cryptography.Plugin.SM/
|
|
|
|
# Copy all module projects
|
|
COPY src/Authority/ ./src/Authority/
|
|
COPY src/Signer/ ./src/Signer/
|
|
COPY src/Attestor/ ./src/Attestor/
|
|
COPY src/Concelier/ ./src/Concelier/
|
|
COPY src/Scanner/ ./src/Scanner/
|
|
COPY src/AirGap/ ./src/AirGap/
|
|
COPY src/Excititor/ ./src/Excititor/
|
|
COPY src/Policy/ ./src/Policy/
|
|
COPY src/Scheduler/ ./src/Scheduler/
|
|
COPY src/Notify/ ./src/Notify/
|
|
COPY src/Zastava/ ./src/Zastava/
|
|
COPY src/Gateway/ ./src/Gateway/
|
|
COPY src/Cli/ ./src/Cli/
|
|
|
|
# Copy shared libraries
|
|
COPY src/__Libraries/ ./src/__Libraries/
|
|
|
|
# Restore dependencies
|
|
RUN dotnet restore src/StellaOps.sln
|
|
|
|
# Build entire solution (Release configuration)
|
|
RUN dotnet build src/StellaOps.sln --configuration Release --no-restore
|
|
|
|
# Publish all web services and libraries
|
|
# This creates /app/publish with all assemblies including crypto plugins
|
|
RUN dotnet publish src/Authority/StellaOps.Authority.WebService/StellaOps.Authority.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/authority
|
|
|
|
RUN dotnet publish src/Signer/StellaOps.Signer.WebService/StellaOps.Signer.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/signer
|
|
|
|
RUN dotnet publish src/Attestor/StellaOps.Attestor.WebService/StellaOps.Attestor.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/attestor
|
|
|
|
RUN dotnet publish src/Concelier/StellaOps.Concelier.WebService/StellaOps.Concelier.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/concelier
|
|
|
|
RUN dotnet publish src/Scanner/StellaOps.Scanner.WebService/StellaOps.Scanner.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/scanner
|
|
|
|
RUN dotnet publish src/Excititor/StellaOps.Excititor.WebService/StellaOps.Excititor.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/excititor
|
|
|
|
RUN dotnet publish src/Policy/StellaOps.Policy.WebService/StellaOps.Policy.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/policy
|
|
|
|
RUN dotnet publish src/Scheduler/StellaOps.Scheduler.WebService/StellaOps.Scheduler.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/scheduler
|
|
|
|
RUN dotnet publish src/Notify/StellaOps.Notify.WebService/StellaOps.Notify.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/notify
|
|
|
|
RUN dotnet publish src/Zastava/StellaOps.Zastava.WebService/StellaOps.Zastava.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/zastava
|
|
|
|
RUN dotnet publish src/Gateway/StellaOps.Gateway.WebService/StellaOps.Gateway.WebService.csproj \
|
|
--configuration Release --no-build --output /app/publish/gateway
|
|
|
|
RUN dotnet publish src/AirGap/StellaOps.AirGap.Importer/StellaOps.AirGap.Importer.csproj \
|
|
--configuration Release --no-build --output /app/publish/airgap-importer
|
|
|
|
RUN dotnet publish src/AirGap/StellaOps.AirGap.Exporter/StellaOps.AirGap.Exporter.csproj \
|
|
--configuration Release --no-build --output /app/publish/airgap-exporter
|
|
|
|
RUN dotnet publish src/Cli/StellaOps.Cli/StellaOps.Cli.csproj \
|
|
--configuration Release --no-build --output /app/publish/cli
|
|
|
|
# Copy crypto plugin manifest
|
|
COPY etc/crypto-plugins-manifest.json /app/publish/etc/
|
|
|
|
# ============================================================================
|
|
# Stage 2: Runtime Base - Contains ALL Crypto Plugins
|
|
# ============================================================================
|
|
FROM mcr.microsoft.com/dotnet/aspnet:10.0-preview AS runtime-base
|
|
WORKDIR /app
|
|
|
|
# Install dependencies for crypto providers
|
|
# PostgreSQL client for Authority/Concelier/etc
|
|
RUN apt-get update && apt-get install -y \
|
|
postgresql-client \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy all published assemblies (includes all crypto plugins)
|
|
COPY --from=build /app/publish /app/
|
|
|
|
# Expose common ports (these can be overridden by docker-compose)
|
|
EXPOSE 8080 8443
|
|
|
|
# Labels
|
|
LABEL com.stellaops.image.type="platform"
|
|
LABEL com.stellaops.image.variant="all-plugins"
|
|
LABEL com.stellaops.crypto.plugins="offline-verification"
|
|
# Additional plugins will be added as they become available:
|
|
# LABEL com.stellaops.crypto.plugins="offline-verification,eidas,cryptopro,sm"
|
|
|
|
# Health check placeholder (can be overridden per service)
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD curl -f http://localhost:8080/health || exit 1
|
|
|
|
# ============================================================================
|
|
# Service-Specific Final Stages
|
|
# ============================================================================
|
|
|
|
# Authority Service
|
|
FROM runtime-base AS authority
|
|
WORKDIR /app/authority
|
|
ENTRYPOINT ["dotnet", "StellaOps.Authority.WebService.dll"]
|
|
|
|
# Signer Service
|
|
FROM runtime-base AS signer
|
|
WORKDIR /app/signer
|
|
ENTRYPOINT ["dotnet", "StellaOps.Signer.WebService.dll"]
|
|
|
|
# Attestor Service
|
|
FROM runtime-base AS attestor
|
|
WORKDIR /app/attestor
|
|
ENTRYPOINT ["dotnet", "StellaOps.Attestor.WebService.dll"]
|
|
|
|
# Concelier Service
|
|
FROM runtime-base AS concelier
|
|
WORKDIR /app/concelier
|
|
ENTRYPOINT ["dotnet", "StellaOps.Concelier.WebService.dll"]
|
|
|
|
# Scanner Service
|
|
FROM runtime-base AS scanner
|
|
WORKDIR /app/scanner
|
|
ENTRYPOINT ["dotnet", "StellaOps.Scanner.WebService.dll"]
|
|
|
|
# Excititor Service
|
|
FROM runtime-base AS excititor
|
|
WORKDIR /app/excititor
|
|
ENTRYPOINT ["dotnet", "StellaOps.Excititor.WebService.dll"]
|
|
|
|
# Policy Service
|
|
FROM runtime-base AS policy
|
|
WORKDIR /app/policy
|
|
ENTRYPOINT ["dotnet", "StellaOps.Policy.WebService.dll"]
|
|
|
|
# Scheduler Service
|
|
FROM runtime-base AS scheduler
|
|
WORKDIR /app/scheduler
|
|
ENTRYPOINT ["dotnet", "StellaOps.Scheduler.WebService.dll"]
|
|
|
|
# Notify Service
|
|
FROM runtime-base AS notify
|
|
WORKDIR /app/notify
|
|
ENTRYPOINT ["dotnet", "StellaOps.Notify.WebService.dll"]
|
|
|
|
# Zastava Service
|
|
FROM runtime-base AS zastava
|
|
WORKDIR /app/zastava
|
|
ENTRYPOINT ["dotnet", "StellaOps.Zastava.WebService.dll"]
|
|
|
|
# Gateway Service
|
|
FROM runtime-base AS gateway
|
|
WORKDIR /app/gateway
|
|
ENTRYPOINT ["dotnet", "StellaOps.Gateway.WebService.dll"]
|
|
|
|
# AirGap Importer (CLI tool)
|
|
FROM runtime-base AS airgap-importer
|
|
WORKDIR /app/airgap-importer
|
|
ENTRYPOINT ["dotnet", "StellaOps.AirGap.Importer.dll"]
|
|
|
|
# AirGap Exporter (CLI tool)
|
|
FROM runtime-base AS airgap-exporter
|
|
WORKDIR /app/airgap-exporter
|
|
ENTRYPOINT ["dotnet", "StellaOps.AirGap.Exporter.dll"]
|
|
|
|
# CLI Tool
|
|
FROM runtime-base AS cli
|
|
WORKDIR /app/cli
|
|
ENTRYPOINT ["dotnet", "StellaOps.Cli.dll"]
|
|
|
|
# ============================================================================
|
|
# Build Instructions
|
|
# ============================================================================
|
|
# Build platform image:
|
|
# docker build -f deploy/docker/Dockerfile.platform --target runtime-base -t stellaops/platform:latest .
|
|
#
|
|
# Build specific service:
|
|
# docker build -f deploy/docker/Dockerfile.platform --target authority -t stellaops/authority:latest .
|
|
# docker build -f deploy/docker/Dockerfile.platform --target scanner -t stellaops/scanner:latest .
|
|
#
|
|
# The platform image contains ALL crypto plugins.
|
|
# Regional selection happens at runtime via configuration (see Dockerfile.crypto-profile).
|