CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-12 22:32:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

CI/CD Integration with Ephemeral Deployment Model (#14)

Browse Source 
* feat: Complete migration from Prefect to Temporal

BREAKING CHANGE: Replaces Prefect workflow orchestration with Temporal

## Major Changes
- Replace Prefect with Temporal for workflow orchestration
- Implement vertical worker architecture (rust, android)
- Replace Docker registry with MinIO for unified storage
- Refactor activities to be co-located with workflows
- Update all API endpoints for Temporal compatibility

## Infrastructure
- New: docker-compose.temporal.yaml (Temporal + MinIO + workers)
- New: workers/ directory with rust and android vertical workers
- New: backend/src/temporal/ (manager, discovery)
- New: backend/src/storage/ (S3-cached storage with MinIO)
- New: backend/toolbox/common/ (shared storage activities)
- Deleted: docker-compose.yaml (old Prefect setup)
- Deleted: backend/src/core/prefect_manager.py
- Deleted: backend/src/services/prefect_stats_monitor.py
- Deleted: Docker registry and insecure-registries requirement

## Workflows
- Migrated: security_assessment workflow to Temporal
- New: rust_test workflow (example/test workflow)
- Deleted: secret_detection_scan (Prefect-based, to be reimplemented)
- Activities now co-located with workflows for independent testing

## API Changes
- Updated: backend/src/api/workflows.py (Temporal submission)
- Updated: backend/src/api/runs.py (Temporal status/results)
- Updated: backend/src/main.py (727 lines, TemporalManager integration)
- Updated: All 16 MCP tools to use TemporalManager

## Testing
-  All services healthy (Temporal, PostgreSQL, MinIO, workers, backend)
-  All API endpoints functional
-  End-to-end workflow test passed (72 findings from vulnerable_app)
-  MinIO storage integration working (target upload/download, results)
-  Worker activity discovery working (6 activities registered)
-  Tarball extraction working
-  SARIF report generation working

## Documentation
- ARCHITECTURE.md: Complete Temporal architecture documentation
- QUICKSTART_TEMPORAL.md: Getting started guide
- MIGRATION_DECISION.md: Why we chose Temporal over Prefect
- IMPLEMENTATION_STATUS.md: Migration progress tracking
- workers/README.md: Worker development guide

## Dependencies
- Added: temporalio>=1.6.0
- Added: boto3>=1.34.0 (MinIO S3 client)
- Removed: prefect>=3.4.18

* feat: Add Python fuzzing vertical with Atheris integration

This commit implements a complete Python fuzzing workflow using Atheris:

## Python Worker (workers/python/)
- Dockerfile with Python 3.11, Atheris, and build tools
- Generic worker.py for dynamic workflow discovery
- requirements.txt with temporalio, boto3, atheris dependencies
- Added to docker-compose.temporal.yaml with dedicated cache volume

## AtherisFuzzer Module (backend/toolbox/modules/fuzzer/)
- Reusable module extending BaseModule
- Auto-discovers fuzz targets (fuzz_*.py, *_fuzz.py, fuzz_target.py)
- Recursive search to find targets in nested directories
- Dynamically loads TestOneInput() function
- Configurable max_iterations and timeout
- Real-time stats callback support for live monitoring
- Returns findings as ModuleFinding objects

## Atheris Fuzzing Workflow (backend/toolbox/workflows/atheris_fuzzing/)
- Temporal workflow for orchestrating fuzzing
- Downloads user code from MinIO
- Executes AtherisFuzzer module
- Uploads results to MinIO
- Cleans up cache after execution
- metadata.yaml with vertical: python for routing

## Test Project (test_projects/python_fuzz_waterfall/)
- Demonstrates stateful waterfall vulnerability
- main.py with check_secret() that leaks progress
- fuzz_target.py with Atheris TestOneInput() harness
- Complete README with usage instructions

## Backend Fixes
- Fixed parameter merging in REST API endpoints (workflows.py)
- Changed workflow parameter passing from positional args to kwargs (manager.py)
- Default parameters now properly merged with user parameters

## Testing
 Worker discovered AtherisFuzzingWorkflow
 Workflow executed end-to-end successfully
 Fuzz target auto-discovered in nested directories
 Atheris ran 100,000 iterations
 Results uploaded and cache cleaned

* chore: Complete Temporal migration with updated CLI/SDK/docs

This commit includes all remaining Temporal migration changes:

## CLI Updates (cli/)
- Updated workflow execution commands for Temporal
- Enhanced error handling and exceptions
- Updated dependencies in uv.lock

## SDK Updates (sdk/)
- Client methods updated for Temporal workflows
- Updated models for new workflow execution
- Updated dependencies in uv.lock

## Documentation Updates (docs/)
- Architecture documentation for Temporal
- Workflow concept documentation
- Resource management documentation (new)
- Debugging guide (new)
- Updated tutorials and how-to guides
- Troubleshooting updates

## README Updates
- Main README with Temporal instructions
- Backend README
- CLI README
- SDK README

## Other
- Updated IMPLEMENTATION_STATUS.md
- Removed old vulnerable_app.tar.gz

These changes complete the Temporal migration and ensure the
CLI/SDK work correctly with the new backend.

* fix: Use positional args instead of kwargs for Temporal workflows

The Temporal Python SDK's start_workflow() method doesn't accept
a 'kwargs' parameter. Workflows must receive parameters as positional
arguments via the 'args' parameter.

Changed from:
  args=workflow_args  # Positional arguments

This fixes the error:
  TypeError: Client.start_workflow() got an unexpected keyword argument 'kwargs'

Workflows now correctly receive parameters in order:
- security_assessment: [target_id, scanner_config, analyzer_config, reporter_config]
- atheris_fuzzing: [target_id, target_file, max_iterations, timeout_seconds]
- rust_test: [target_id, test_message]

* fix: Filter metadata-only parameters from workflow arguments

SecurityAssessmentWorkflow was receiving 7 arguments instead of 2-5.
The issue was that target_path and volume_mode from default_parameters
were being passed to the workflow, when they should only be used by
the system for configuration.

Now filters out metadata-only parameters (target_path, volume_mode)
before passing arguments to workflow execution.

* refactor: Remove Prefect leftovers and volume mounting legacy

Complete cleanup of Prefect migration artifacts:

Backend:
- Delete registry.py and workflow_discovery.py (Prefect-specific files)
- Remove Docker validation from setup.py (no longer needed)
- Remove ResourceLimits and VolumeMount models
- Remove target_path and volume_mode from WorkflowSubmission
- Remove supported_volume_modes from API and discovery
- Clean up metadata.yaml files (remove volume/path fields)
- Simplify parameter filtering in manager.py

SDK:
- Remove volume_mode parameter from client methods
- Remove ResourceLimits and VolumeMount models
- Remove Prefect error patterns from docker_logs.py
- Clean up WorkflowSubmission and WorkflowMetadata models

CLI:
- Remove Volume Modes display from workflow info

All removed features are Prefect-specific or Docker volume mounting
artifacts. Temporal workflows use MinIO storage exclusively.

* feat: Add comprehensive test suite and benchmark infrastructure

- Add 68 unit tests for fuzzer, scanner, and analyzer modules
- Implement pytest-based test infrastructure with fixtures
- Add 6 performance benchmarks with category-specific thresholds
- Configure GitHub Actions for automated testing and benchmarking
- Add test and benchmark documentation

Test coverage:
- AtherisFuzzer: 8 tests
- CargoFuzzer: 14 tests
- FileScanner: 22 tests
- SecurityAnalyzer: 24 tests

All tests passing (68/68)
All benchmarks passing (6/6)

* fix: Resolve all ruff linting violations across codebase

Fixed 27 ruff violations in 12 files:
- Removed unused imports (Depends, Dict, Any, Optional, etc.)
- Fixed undefined workflow_info variable in workflows.py
- Removed dead code with undefined variables in atheris_fuzzer.py
- Changed f-string to regular string where no placeholders used

All files now pass ruff checks for CI/CD compliance.

* fix: Configure CI for unit tests only

- Renamed docker-compose.temporal.yaml → docker-compose.yml for CI compatibility
- Commented out integration-tests job (no integration tests yet)
- Updated test-summary to only depend on lint and unit-tests

CI will now run successfully with 68 unit tests. Integration tests can be added later.

* feat: Add CI/CD integration with ephemeral deployment model

Implements comprehensive CI/CD support for FuzzForge with on-demand worker management:

**Worker Management (v0.7.0)**
- Add WorkerManager for automatic worker lifecycle control
- Auto-start workers from stopped state when workflows execute
- Auto-stop workers after workflow completion
- Health checks and startup timeout handling (90s default)

**CI/CD Features**
- `--fail-on` flag: Fail builds based on SARIF severity levels (error/warning/note/info)
- `--export-sarif` flag: Export findings in SARIF 2.1.0 format
- `--auto-start`/`--auto-stop` flags: Control worker lifecycle
- Exit code propagation: Returns 1 on blocking findings, 0 on success

**Exit Code Fix**
- Add `except typer.Exit: raise` handlers at 3 critical locations
- Move worker cleanup to finally block for guaranteed execution
- Exit codes now propagate correctly even when build fails

**CI Scripts & Examples**
- ci-start.sh: Start FuzzForge services with health checks
- ci-stop.sh: Clean shutdown with volume preservation option
- GitHub Actions workflow example (security-scan.yml)
- GitLab CI pipeline example (.gitlab-ci.example.yml)
- docker-compose.ci.yml: CI-optimized compose file with profiles

**OSS-Fuzz Integration**
- New ossfuzz_campaign workflow for running OSS-Fuzz projects
- OSS-Fuzz worker with Docker-in-Docker support
- Configurable campaign duration and project selection

**Documentation**
- Comprehensive CI/CD integration guide (docs/how-to/cicd-integration.md)
- Updated architecture docs with worker lifecycle details
- Updated workspace isolation documentation
- CLI README with worker management examples

**SDK Enhancements**
- Add get_workflow_worker_info() endpoint
- Worker vertical metadata in workflow responses

**Testing**
- All workflows tested: security_assessment, atheris_fuzzing, secret_detection, cargo_fuzzing
- All monitoring commands tested: stats, crashes, status, finding
- Full CI pipeline simulation verified
- Exit codes verified for success/failure scenarios

Ephemeral CI/CD model: ~3-4GB RAM, ~60-90s startup, runs entirely in CI containers.

* fix: Resolve ruff linting violations in CI/CD code

- Remove unused variables (run_id, defaults, result)
- Remove unused imports
- Fix f-string without placeholders

All CI/CD integration files now pass ruff checks.
This commit is contained in:
tduhamel42
2025-10-14 10:13:45 +02:00
committed by GitHub
parent 987c49569c
commit 60ca088ecf
167 changed files with 26101 additions and 5703 deletions
Download Patch File Download Diff File Expand all files Collapse all files

584
docker-compose.yml Normal file
View File

@@ -0,0 +1,584 @@
# FuzzForge AI - Temporal Architecture with Vertical Workers
#
# This is the new architecture using:
# - Temporal for workflow orchestration
# - MinIO for unified storage (dev + prod)
# - Vertical workers with pre-built toolchains
#
# Usage:
# Development: docker-compose -f docker-compose.temporal.yaml up
# Production: docker-compose -f docker-compose.temporal.yaml -f docker-compose.temporal.prod.yaml up
version: '3.8'
services:
# ============================================================================
# Temporal Server - Workflow Orchestration
# ============================================================================
temporal:
image: temporalio/auto-setup:latest
container_name: fuzzforge-temporal
depends_on:
- postgresql
ports:
- "7233:7233" # gRPC API
environment:
# Database configuration
- DB=postgres12
- DB_PORT=5432
- POSTGRES_USER=temporal
- POSTGRES_PWD=temporal
- POSTGRES_SEEDS=postgresql
# Temporal configuration (no custom dynamic config)
- ENABLE_ES=false
- ES_SEEDS=
# Address configuration
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CLI_ADDRESS=temporal:7233
volumes:
- temporal_data:/etc/temporal
networks:
- fuzzforge-network
healthcheck:
test: ["CMD", "tctl", "--address", "temporal:7233", "cluster", "health"]
interval: 10s
timeout: 5s
retries: 5
restart: unless-stopped
# ============================================================================
# Temporal UI - Web Interface
# ============================================================================
temporal-ui:
image: temporalio/ui:latest
container_name: fuzzforge-temporal-ui
depends_on:
- temporal
ports:
- "8080:8080" # Web UI (http://localhost:8080)
environment:
- TEMPORAL_ADDRESS=temporal:7233
- TEMPORAL_CORS_ORIGINS=http://localhost:8080
networks:
- fuzzforge-network
restart: unless-stopped
# ============================================================================
# Temporal Database - PostgreSQL (lightweight for dev)
# ============================================================================
postgresql:
image: postgres:14-alpine
container_name: fuzzforge-temporal-postgresql
environment:
POSTGRES_USER: temporal
POSTGRES_PASSWORD: temporal
POSTGRES_DB: temporal
volumes:
- temporal_postgres:/var/lib/postgresql/data
networks:
- fuzzforge-network
healthcheck:
test: ["CMD-SHELL", "pg_isready -U temporal"]
interval: 5s
timeout: 5s
retries: 5
restart: unless-stopped
# ============================================================================
# MinIO - S3-Compatible Object Storage
# ============================================================================
minio:
image: minio/minio:latest
container_name: fuzzforge-minio
command: server /data --console-address ":9001"
ports:
- "9000:9000" # S3 API
- "9001:9001" # Web Console (http://localhost:9001)
environment:
MINIO_ROOT_USER: fuzzforge
MINIO_ROOT_PASSWORD: fuzzforge123
# Lightweight mode for development (reduces memory to 256MB)
MINIO_CI_CD: "true"
volumes:
- minio_data:/data
networks:
- fuzzforge-network
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 5s
timeout: 5s
retries: 5
restart: unless-stopped
# ============================================================================
# MinIO Setup - Create Buckets and Lifecycle Policies
# ============================================================================
minio-setup:
image: minio/mc:latest
container_name: fuzzforge-minio-setup
depends_on:
minio:
condition: service_healthy
entrypoint: >
/bin/sh -c "
echo 'Waiting for MinIO to be ready...';
sleep 2;
echo 'Setting up MinIO alias...';
mc alias set fuzzforge http://minio:9000 fuzzforge fuzzforge123;
echo 'Creating buckets...';
mc mb fuzzforge/targets --ignore-existing;
mc mb fuzzforge/results --ignore-existing;
mc mb fuzzforge/cache --ignore-existing;
echo 'Setting lifecycle policies...';
mc ilm add fuzzforge/targets --expiry-days 7;
mc ilm add fuzzforge/results --expiry-days 30;
mc ilm add fuzzforge/cache --expiry-days 3;
echo 'Setting access policies...';
mc anonymous set download fuzzforge/results;
echo 'MinIO setup complete!';
exit 0;
"
networks:
- fuzzforge-network
# ============================================================================
# Vertical Worker: Rust/Native Security
# ============================================================================
# This is a template/example worker. In production, you'll have multiple
# vertical workers (android, rust, web, ios, blockchain, etc.)
worker-rust:
build:
context: ./workers/rust
dockerfile: Dockerfile
container_name: fuzzforge-worker-rust
profiles:
- workers
- rust
depends_on:
postgresql:
condition: service_healthy
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Worker configuration
WORKER_VERTICAL: rust
WORKER_TASK_QUEUE: rust-queue
MAX_CONCURRENT_ACTIVITIES: 5
# Storage configuration (MinIO)
STORAGE_BACKEND: s3
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Cache configuration
CACHE_DIR: /cache
CACHE_MAX_SIZE: 10GB
CACHE_TTL: 7d
# Logging
LOG_LEVEL: INFO
PYTHONUNBUFFERED: 1
volumes:
# Mount workflow code (read-only) for dynamic discovery
- ./backend/toolbox:/app/toolbox:ro
# Worker cache for downloaded targets
- worker_rust_cache:/cache
networks:
- fuzzforge-network
restart: "no"
# Resource limits (adjust based on vertical needs)
deploy:
resources:
limits:
cpus: '2'
memory: 2G
reservations:
cpus: '1'
memory: 512M
# ============================================================================
# Vertical Worker: Python Fuzzing
# ============================================================================
worker-python:
build:
context: ./workers/python
dockerfile: Dockerfile
container_name: fuzzforge-worker-python
profiles:
- workers
- python
depends_on:
postgresql:
condition: service_healthy
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Worker configuration
WORKER_VERTICAL: python
WORKER_TASK_QUEUE: python-queue
MAX_CONCURRENT_ACTIVITIES: 5
# Storage configuration (MinIO)
STORAGE_BACKEND: s3
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Cache configuration
CACHE_DIR: /cache
CACHE_MAX_SIZE: 10GB
CACHE_TTL: 7d
# Logging
LOG_LEVEL: INFO
PYTHONUNBUFFERED: 1
volumes:
# Mount workflow code (read-only) for dynamic discovery
- ./backend/toolbox:/app/toolbox:ro
# Worker cache for downloaded targets
- worker_python_cache:/cache
networks:
- fuzzforge-network
restart: "no"
# Resource limits (lighter than rust)
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 256M
# ============================================================================
# Vertical Worker: Secret Detection
# ============================================================================
worker-secrets:
build:
context: ./workers/secrets
dockerfile: Dockerfile
container_name: fuzzforge-worker-secrets
profiles:
- workers
- secrets
depends_on:
postgresql:
condition: service_healthy
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Worker configuration
WORKER_VERTICAL: secrets
WORKER_TASK_QUEUE: secrets-queue
MAX_CONCURRENT_ACTIVITIES: 5
# Storage configuration (MinIO)
STORAGE_BACKEND: s3
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Cache configuration
CACHE_DIR: /cache
CACHE_MAX_SIZE: 10GB
CACHE_TTL: 7d
# Logging
LOG_LEVEL: INFO
PYTHONUNBUFFERED: 1
volumes:
# Mount workflow code (read-only) for dynamic discovery
- ./backend/toolbox:/app/toolbox:ro
# Worker cache for downloaded targets
- worker_secrets_cache:/cache
networks:
- fuzzforge-network
restart: "no"
# Resource limits (lighter than rust)
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 256M
# ============================================================================
# Vertical Worker: Android Security
# ============================================================================
worker-android:
build:
context: ./workers/android
dockerfile: Dockerfile
container_name: fuzzforge-worker-android
profiles:
- workers
- android
- full
depends_on:
postgresql:
condition: service_healthy
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Worker configuration
WORKER_VERTICAL: android
WORKER_TASK_QUEUE: android-queue
MAX_CONCURRENT_ACTIVITIES: 5
# Storage configuration (MinIO)
STORAGE_BACKEND: s3
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Cache configuration
CACHE_DIR: /cache
CACHE_MAX_SIZE: 10GB
CACHE_TTL: 7d
# Logging
LOG_LEVEL: INFO
PYTHONUNBUFFERED: 1
volumes:
# Mount workflow code (read-only) for dynamic discovery
- ./backend/toolbox:/app/toolbox:ro
# Worker cache for downloaded targets
- worker_android_cache:/cache
networks:
- fuzzforge-network
restart: "no"
# Resource limits (Android tools need more memory)
deploy:
resources:
limits:
cpus: '2'
memory: 3G
reservations:
cpus: '1'
memory: 1G
# ============================================================================
# FuzzForge Backend API
# ============================================================================
backend:
build:
context: ./backend
dockerfile: Dockerfile
container_name: fuzzforge-backend
depends_on:
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Storage configuration (MinIO)
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Python configuration
PYTHONPATH: /app
PYTHONUNBUFFERED: 1
# Logging
LOG_LEVEL: INFO
ports:
- "8000:8000" # FastAPI REST API
- "8010:8010" # MCP (Model Context Protocol)
volumes:
# Mount toolbox for workflow discovery (read-only)
- ./backend/toolbox:/app/toolbox:ro
networks:
- fuzzforge-network
restart: unless-stopped
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8000/health"]
interval: 30s
timeout: 10s
retries: 3
# ============================================================================
# Vertical Worker: OSS-Fuzz Campaigns
# ============================================================================
worker-ossfuzz:
build:
context: ./workers/ossfuzz
dockerfile: Dockerfile
container_name: fuzzforge-worker-ossfuzz
profiles:
- workers
- ossfuzz
depends_on:
postgresql:
condition: service_healthy
temporal:
condition: service_healthy
minio:
condition: service_healthy
environment:
# Temporal configuration
TEMPORAL_ADDRESS: temporal:7233
TEMPORAL_NAMESPACE: default
# Worker configuration
WORKER_VERTICAL: ossfuzz
WORKER_TASK_QUEUE: ossfuzz-queue
MAX_CONCURRENT_ACTIVITIES: 2 # Lower concurrency for resource-intensive fuzzing
# Storage configuration (MinIO)
STORAGE_BACKEND: s3
S3_ENDPOINT: http://minio:9000
S3_ACCESS_KEY: fuzzforge
S3_SECRET_KEY: fuzzforge123
S3_BUCKET: targets
S3_REGION: us-east-1
S3_USE_SSL: "false"
# Cache configuration (larger for OSS-Fuzz builds)
CACHE_DIR: /cache
CACHE_MAX_SIZE: 50GB
CACHE_TTL: 30d
# Logging
LOG_LEVEL: INFO
PYTHONUNBUFFERED: 1
volumes:
# Mount workflow code (read-only) for dynamic discovery
- ./backend/toolbox:/app/toolbox:ro
# Worker cache for OSS-Fuzz builds and corpus
- worker_ossfuzz_cache:/cache
# OSS-Fuzz build output
- worker_ossfuzz_build:/opt/oss-fuzz/build
networks:
- fuzzforge-network
restart: "no"
# Higher resource limits for fuzzing campaigns
deploy:
resources:
limits:
cpus: '4'
memory: 8G
reservations:
cpus: '2'
memory: 2G
# ============================================================================
# Volumes
# ============================================================================
volumes:
temporal_data:
name: fuzzforge_temporal_data
temporal_postgres:
name: fuzzforge_temporal_postgres
minio_data:
name: fuzzforge_minio_data
worker_rust_cache:
name: fuzzforge_worker_rust_cache
worker_python_cache:
name: fuzzforge_worker_python_cache
worker_secrets_cache:
name: fuzzforge_worker_secrets_cache
worker_android_cache:
name: fuzzforge_worker_android_cache
worker_ossfuzz_cache:
name: fuzzforge_worker_ossfuzz_cache
worker_ossfuzz_build:
name: fuzzforge_worker_ossfuzz_build
# Add more worker caches as you add verticals:
# worker_web_cache:
# worker_ios_cache:
# ============================================================================
# Networks
# ============================================================================
networks:
fuzzforge-network:
name: fuzzforge_temporal_network
driver: bridge
# ============================================================================
# Notes:
# ============================================================================
#
# 1. First Startup:
# - Creates all buckets and policies automatically
# - Temporal auto-setup creates database schema
# - Takes ~30-60 seconds for all health checks
#
# 2. Adding Vertical Workers:
# - Copy worker-rust section
# - Update: container_name, build.context, WORKER_VERTICAL, volumes
# - Add corresponding cache volume
#
# 3. Scaling Workers:
# - Horizontal: docker-compose up -d --scale worker-rust=3
# - Vertical: Increase MAX_CONCURRENT_ACTIVITIES env var
#
# 4. Web UIs:
# - Temporal UI: http://localhost:8233
# - MinIO Console: http://localhost:9001 (user: fuzzforge, pass: fuzzforge123)
#
# 5. Resource Usage (Baseline):
# - Temporal: ~500MB
# - Temporal DB: ~100MB
# - MinIO: ~256MB (with CI_CD=true)
# - Worker-rust: ~512MB (varies by toolchain)
# - Total: ~1.4GB baseline
#
# 6. Production Overrides:
# - Use docker-compose.temporal.prod.yaml for:
# - Disable CI_CD mode (more memory but better performance)
# - Add more workers
# - Increase resource limits
# - Add monitoring/logging