docker-compose.yml at vulnerability-scans · evan.jarrett.net/at-container-registry

evan.jarrett.net / at-container-registry

fork atom

A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io

docker container atproto go

fork atom

at-container-registry / docker-compose.yml

at vulnerability-scans 88 lines 2.4 kB view raw

wrap content

evan.jarrett.net implement a POC for vulnerability scans using syft and grype 4mo ago

8c5f9da2

 1services:
 2  atcr-appview:
 3    build:
 4      context: .
 5      dockerfile: Dockerfile.appview
 6    image: atcr-appview:latest
 7    container_name: atcr-appview
 8    ports:
 9      - "5000:5000"
10    # Optional: Load from .env.appview file (create from .env.appview.example)
11    # env_file:
12    #   - .env.appview
13    environment:
14      # Server configuration
15      ATCR_HTTP_ADDR: :5000
16      ATCR_DEFAULT_HOLD_DID: did:web:172.28.0.3:8080
17      # UI configuration
18      ATCR_UI_ENABLED: true
19      ATCR_BACKFILL_ENABLED: true
20      # Test mode - fallback to default hold when user's hold is unreachable
21      TEST_MODE: true
22      # Logging
23      ATCR_LOG_LEVEL: debug
24    volumes:
25      # Auth keys (JWT signing keys)
26      # - atcr-auth:/var/lib/atcr/auth
27      # UI database (includes OAuth sessions, devices, and Jetstream cache)
28      - atcr-ui:/var/lib/atcr
29    restart: unless-stopped
30    dns:
31      - 8.8.8.8
32      - 1.1.1.1
33    networks:
34      atcr-network:
35        ipv4_address: 172.28.0.2
36    # The AppView is stateless - all storage is external:
37    # - Manifests/Tags -> ATProto PDS (via middleware)
38    # - Blobs/Layers -> Hold service (via ProxyBlobStore)
39    # - OAuth tokens -> SQLite database (atcr-ui volume)
40    # - No config.yml needed - all config via environment variables
41
42  atcr-hold:
43    env_file:
44      - ../atcr-secrets.env  # Load S3/Storj credentials from external file
45    environment:
46      HOLD_PUBLIC_URL: http://172.28.0.3:8080
47      HOLD_OWNER: did:plc:pddp4xt5lgnv2qsegbzzs4xg
48      HOLD_PUBLIC: false
49      # STORAGE_DRIVER: filesystem
50      # STORAGE_ROOT_DIR: /var/lib/atcr/hold
51      TEST_MODE: true
52      # DISABLE_PRESIGNED_URLS: true
53      # Scanner configuration
54      HOLD_SBOM_ENABLED: true
55      HOLD_SBOM_WORKERS: 2
56      HOLD_VULN_ENABLED: true
57      # Logging
58      ATCR_LOG_LEVEL: debug
59      # Storage config comes from env_file (STORAGE_DRIVER, AWS_*, S3_*)
60    build:
61      context: .
62      dockerfile: Dockerfile.hold
63    image: atcr-hold:latest
64    container_name: atcr-hold
65    ports:
66      - "8080:8080"
67    volumes:
68      # PDS data (carstore SQLite + signing keys)
69      - atcr-hold:/var/lib/atcr-hold
70    restart: unless-stopped
71    dns:
72      - 8.8.8.8
73      - 1.1.1.1
74    networks:
75      atcr-network:
76        ipv4_address: 172.28.0.3
77
78networks:
79  atcr-network:
80    driver: bridge
81    ipam:
82      config:
83        - subnet: 172.28.0.0/24
84
85volumes:
86  atcr-hold:
87  atcr-auth:
88  atcr-ui: