mirror of
https://github.com/FuzzingLabs/fuzzforge_ai.git
synced 2026-02-12 22:32:45 +00:00
235 lines
7.4 KiB
YAML
235 lines
7.4 KiB
YAML
services:
|
|
registry:
|
|
image: registry:2
|
|
restart: unless-stopped
|
|
ports:
|
|
- "5001:5000"
|
|
volumes:
|
|
- registry_data:/var/lib/registry
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "wget -q --spider http://localhost:5000/v2/ || exit 1"]
|
|
interval: 10s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
postgres:
|
|
image: postgres:14
|
|
environment:
|
|
POSTGRES_USER: prefect
|
|
POSTGRES_PASSWORD: prefect
|
|
POSTGRES_DB: prefect
|
|
volumes:
|
|
- postgres_data:/var/lib/postgresql/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "pg_isready -U prefect"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
redis:
|
|
image: redis:7
|
|
volumes:
|
|
- redis_data:/data
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "redis-cli ping"]
|
|
interval: 5s
|
|
timeout: 5s
|
|
retries: 5
|
|
|
|
prefect-server:
|
|
image: prefecthq/prefect:3-latest
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
environment:
|
|
PREFECT_API_DATABASE_CONNECTION_URL: postgresql+asyncpg://prefect:prefect@postgres:5432/prefect
|
|
PREFECT_SERVER_API_HOST: 0.0.0.0
|
|
PREFECT_API_URL: http://prefect-server:4200/api
|
|
PREFECT_MESSAGING_BROKER: prefect_redis.messaging
|
|
PREFECT_MESSAGING_CACHE: prefect_redis.messaging
|
|
PREFECT_REDIS_MESSAGING_HOST: redis
|
|
PREFECT_REDIS_MESSAGING_PORT: 6379
|
|
PREFECT_REDIS_MESSAGING_DB: 0
|
|
PREFECT_LOCAL_STORAGE_PATH: /prefect-storage
|
|
PREFECT_RESULTS_PERSIST_BY_DEFAULT: "true"
|
|
command: >
|
|
sh -c "
|
|
mkdir -p /prefect-storage &&
|
|
chmod 755 /prefect-storage &&
|
|
prefect server start --no-services
|
|
"
|
|
ports:
|
|
- "4200:4200"
|
|
volumes:
|
|
- prefect_storage:/prefect-storage
|
|
|
|
prefect-services:
|
|
image: prefecthq/prefect:3-latest
|
|
depends_on:
|
|
postgres:
|
|
condition: service_healthy
|
|
redis:
|
|
condition: service_healthy
|
|
environment:
|
|
PREFECT_API_DATABASE_CONNECTION_URL: postgresql+asyncpg://prefect:prefect@postgres:5432/prefect
|
|
PREFECT_MESSAGING_BROKER: prefect_redis.messaging
|
|
PREFECT_MESSAGING_CACHE: prefect_redis.messaging
|
|
PREFECT_REDIS_MESSAGING_HOST: redis
|
|
PREFECT_REDIS_MESSAGING_PORT: 6379
|
|
PREFECT_REDIS_MESSAGING_DB: 0
|
|
PREFECT_LOCAL_STORAGE_PATH: /prefect-storage
|
|
PREFECT_RESULTS_PERSIST_BY_DEFAULT: "true"
|
|
command: >
|
|
sh -c "
|
|
mkdir -p /prefect-storage &&
|
|
chmod 755 /prefect-storage &&
|
|
prefect server services start
|
|
"
|
|
volumes:
|
|
- prefect_storage:/prefect-storage
|
|
|
|
docker-proxy:
|
|
image: tecnativa/docker-socket-proxy
|
|
environment:
|
|
# Enable permissions needed for Prefect worker container creation and management
|
|
CONTAINERS: 1
|
|
IMAGES: 1
|
|
BUILD: 1
|
|
VOLUMES: 1
|
|
NETWORKS: 1
|
|
SERVICES: 1 # Required for some container operations
|
|
TASKS: 1 # Required for container management
|
|
NODES: 1 # Required for container scheduling
|
|
GET: 1
|
|
POST: 1
|
|
PUT: 1
|
|
DELETE: 1
|
|
HEAD: 1
|
|
INFO: 1
|
|
VERSION: 1
|
|
PING: 1
|
|
EVENTS: 1
|
|
DISTRIBUTION: 1
|
|
AUTH: 1
|
|
# Still block the most dangerous operations
|
|
SYSTEM: 0
|
|
SWARM: 0
|
|
EXEC: 0 # Keep container exec blocked for security
|
|
volumes:
|
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
ports:
|
|
- "2375"
|
|
networks:
|
|
- default
|
|
|
|
prefect-worker:
|
|
image: prefecthq/prefect:3-latest
|
|
depends_on:
|
|
prefect-server:
|
|
condition: service_started
|
|
docker-proxy:
|
|
condition: service_started
|
|
registry:
|
|
condition: service_healthy
|
|
environment:
|
|
PREFECT_API_URL: http://prefect-server:4200/api
|
|
PREFECT_LOCAL_STORAGE_PATH: /prefect-storage
|
|
PREFECT_RESULTS_PERSIST_BY_DEFAULT: "true"
|
|
DOCKER_HOST: tcp://docker-proxy:2375
|
|
DOCKER_BUILDKIT: 1 # Enable BuildKit for better performance
|
|
DOCKER_CONFIG: /tmp/docker
|
|
# Registry URLs (set REGISTRY_HOST in your environment or .env)
|
|
# - macOS/Windows Docker Desktop: REGISTRY_HOST=host.docker.internal
|
|
# - Linux: REGISTRY_HOST=localhost (default)
|
|
FUZZFORGE_REGISTRY_PUSH_URL: "${REGISTRY_HOST:-localhost}:5001"
|
|
FUZZFORGE_REGISTRY_PULL_URL: "${REGISTRY_HOST:-localhost}:5001"
|
|
command: >
|
|
sh -c "
|
|
mkdir -p /tmp/docker &&
|
|
mkdir -p /prefect-storage &&
|
|
chmod 755 /prefect-storage &&
|
|
echo '{\"insecure-registries\": [\"registry:5000\", \"localhost:5001\", \"host.docker.internal:5001\"]}' > /tmp/docker/config.json &&
|
|
pip install 'prefect[docker]' &&
|
|
echo 'Waiting for backend to create work pool...' &&
|
|
sleep 15 &&
|
|
prefect worker start --pool docker-pool --type docker
|
|
"
|
|
volumes:
|
|
- prefect_storage:/prefect-storage # Access to shared storage for results
|
|
- toolbox_code:/opt/prefect/toolbox:ro # Access to toolbox code for building
|
|
networks:
|
|
- default
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
|
|
fuzzforge-backend:
|
|
build:
|
|
context: ./backend
|
|
dockerfile: Dockerfile
|
|
depends_on:
|
|
prefect-server:
|
|
condition: service_started
|
|
docker-proxy:
|
|
condition: service_started
|
|
registry:
|
|
condition: service_healthy
|
|
environment:
|
|
PREFECT_API_URL: http://prefect-server:4200/api
|
|
PREFECT_LOCAL_STORAGE_PATH: /prefect-storage
|
|
PREFECT_RESULTS_PERSIST_BY_DEFAULT: "true"
|
|
DOCKER_HOST: tcp://docker-proxy:2375
|
|
DOCKER_BUILDKIT: 1
|
|
DOCKER_CONFIG: /tmp/docker
|
|
DOCKER_TLS_VERIFY: ""
|
|
DOCKER_REGISTRY_INSECURE: "registry:5000,localhost:5001,host.docker.internal:5001"
|
|
# Registry URLs (set REGISTRY_HOST in your environment or .env)
|
|
# - macOS/Windows Docker Desktop: REGISTRY_HOST=host.docker.internal
|
|
# - Linux: REGISTRY_HOST=localhost (default)
|
|
FUZZFORGE_REGISTRY_PUSH_URL: "${REGISTRY_HOST:-localhost}:5001"
|
|
FUZZFORGE_REGISTRY_PULL_URL: "${REGISTRY_HOST:-localhost}:5001"
|
|
ports:
|
|
- "8000:8000"
|
|
- "8010:8010"
|
|
volumes:
|
|
- prefect_storage:/prefect-storage
|
|
- ./backend/toolbox:/app/toolbox:ro # Direct host mount (read-only) for live updates
|
|
- toolbox_code:/opt/prefect/toolbox # Share toolbox code with workers
|
|
- ./test_projects:/app/test_projects:ro # Test projects for workflow testing
|
|
networks:
|
|
- default
|
|
extra_hosts:
|
|
- "host.docker.internal:host-gateway"
|
|
# Sync toolbox code to shared volume and start server with live reload
|
|
command: >
|
|
sh -c "
|
|
mkdir -p /opt/prefect/toolbox &&
|
|
mkdir -p /prefect-storage &&
|
|
mkdir -p /tmp/docker &&
|
|
chmod 755 /prefect-storage &&
|
|
echo '{\"insecure-registries\": [\"registry:5000\", \"localhost:5001\", \"host.docker.internal:5001\"]}' > /tmp/docker/config.json &&
|
|
cp -r /app/toolbox/* /opt/prefect/toolbox/ 2>/dev/null || true &&
|
|
(while true; do
|
|
rsync -av --delete /app/toolbox/ /opt/prefect/toolbox/ > /dev/null 2>&1 || true
|
|
sleep 10
|
|
done) &
|
|
uv run uvicorn src.main:app --host 0.0.0.0 --port 8000 --reload
|
|
"
|
|
|
|
volumes:
|
|
postgres_data:
|
|
name: fuzzforge_postgres_data
|
|
redis_data:
|
|
name: fuzzforge_redis_data
|
|
prefect_storage:
|
|
name: fuzzforge_prefect_storage
|
|
toolbox_code:
|
|
name: fuzzforge_toolbox_code
|
|
registry_data:
|
|
name: fuzzforge_registry_data
|
|
|
|
networks:
|
|
default:
|
|
name: fuzzforge_default
|