version: '3.8' # Staging environment Docker Compose # This environment is for pre-production validation # Data is persisted but isolated from production services: caddy: image: caddy:2-alpine container_name: ml-staging-caddy ports: - "9080:80" - "9443:443" volumes: - ${DATA_DIR:-./data/staging}/caddy/Caddyfile:/etc/caddy/Caddyfile:ro - ${DATA_DIR:-./data/staging}/caddy/data:/data - ${DATA_DIR:-./data/staging}/caddy/config:/config depends_on: - api-server restart: unless-stopped redis: image: redis:7-alpine container_name: ml-staging-redis ports: - "6380:6379" volumes: - ${DATA_DIR:-./data/staging}/redis:/data command: redis-server --appendonly yes restart: unless-stopped healthcheck: test: ["CMD", "redis-cli", "ping"] interval: 10s timeout: 5s retries: 5 api-server: build: context: ../ dockerfile: build/docker/simple.Dockerfile container_name: ml-staging-api ports: - "9102:9101" volumes: - ${DATA_DIR:-./data/staging}/logs:/logs - ${DATA_DIR:-./data/staging}/experiments:/data/experiments - ${DATA_DIR:-./data/staging}/active:/data/active - ${DATA_DIR:-./data/staging}/workspaces:/data/active/workspaces:delegated - ${DATA_DIR:-./data/staging}/configs:/app/configs:ro - ${DATA_DIR:-./data/staging}/ssl:/app/ssl:ro depends_on: redis: condition: service_healthy restart: unless-stopped command: ["/bin/sh", "-c", "mkdir -p /data/experiments /data/active/datasets /data/active/snapshots && exec /usr/local/bin/api-server -config /app/configs/api/staging.yaml"] environment: - LOG_LEVEL=${LOG_LEVEL:-info} - REDIS_URL=redis://redis:6379 minio: image: minio/minio:latest container_name: ml-staging-minio ports: - "9002:9000" - "9003:9001" volumes: - ${DATA_DIR:-./data/staging}/minio:/data environment: - MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin} - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin123} - MINIO_BROWSER=on command: ["server", "/data", "--console-address", ":9001"] healthcheck: test: ["CMD", "curl", "-fsS", "http://localhost:9000/minio/health/live"] interval: 5s timeout: 5s retries: 5 restart: unless-stopped minio-init: image: minio/mc:latest container_name: ml-staging-minio-init depends_on: minio: condition: service_healthy entrypoint: ["/bin/sh", "-c"] command: - | mc alias set local http://minio:9000 ${MINIO_ROOT_USER:-minioadmin} ${MINIO_ROOT_PASSWORD:-minioadmin123} || exit 1 mc mb -p local/fetchml-snapshots-staging 2>/dev/null || echo "Bucket exists" echo "MinIO initialized for staging" restart: "no" worker: build: context: ../ dockerfile: build/docker/simple.Dockerfile container_name: ml-staging-worker volumes: - ${DATA_DIR:-./data/staging}/logs:/logs - ${DATA_DIR:-./data/staging}/experiments:/data/experiments - ${DATA_DIR:-./data/staging}/active:/data/active - ${DATA_DIR:-./data/staging}/workspaces:/data/active/workspaces:delegated - ${CONFIG_DIR:-../configs}/worker/docker-staging.yaml:/app/configs/worker.yaml:ro - ${DATA_DIR:-./data/staging}/ssh:/root/.ssh:ro depends_on: redis: condition: service_healthy minio-init: condition: service_completed_successfully restart: unless-stopped command: ["/bin/sh", "-c", "mkdir -p /data/experiments /data/active/datasets /data/active/snapshots && exec /usr/local/bin/worker -config /app/configs/worker/docker-staging.yaml"] environment: - LOG_LEVEL=${LOG_LEVEL:-info} - REDIS_URL=redis://redis:6379 - MINIO_ENDPOINT=minio:9000 - MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin} - MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin123} # Audit log sink for staging (write-once store) audit-sink: image: redis:7-alpine container_name: ml-staging-audit-sink volumes: - ${DATA_DIR:-./data/staging}/audit:/data command: redis-server --appendonly yes restart: unless-stopped # This is a write-once audit log store # Access should be restricted to append-only operations