stablebridge-platform.WIP/docker-compose.dev.yml at main · Puneethkumarck/stablebridge-platform.WIP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
services:

  # ─────────────────────────────────────────────
  # PostgreSQL — per-service databases
  # ─────────────────────────────────────────────
  postgres:
    image: postgres:18-alpine
    container_name: sp-postgres
    ports:
      - "5432:5432"
    environment:
      POSTGRES_USER: dev
      POSTGRES_PASSWORD: dev
      POSTGRES_DB: postgres
    volumes:
      - pgdata:/var/lib/postgresql/data
      - ./infra/local/postgres/init.sql:/docker-entrypoint-initdb.d/init.sql
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U dev"]
      interval: 5s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # TimescaleDB — FX rate history (S6)
  # ─────────────────────────────────────────────
  timescaledb:
    image: timescale/timescaledb:latest-pg17
    container_name: sp-timescaledb
    ports:
      - "5433:5432"
    environment:
      POSTGRES_USER: dev
      POSTGRES_PASSWORD: dev
      POSTGRES_DB: fx_rates
    volumes:
      - tsdata:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U dev"]
      interval: 5s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # Redis — caching, sessions, rate limits
  # ─────────────────────────────────────────────
  redis:
    image: redis:8-alpine
    container_name: sp-redis
    ports:
      - "6379:6379"
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # Redpanda — Kafka-compatible event bus (simpler than Kafka for local dev)
  # ─────────────────────────────────────────────
  redpanda:
    image: docker.redpanda.com/redpandadata/redpanda:latest
    container_name: sp-redpanda
    command:
      - redpanda
      - start
      - --smp=1
      - --memory=512M
      - --overprovisioned
      - --kafka-addr=PLAINTEXT://0.0.0.0:9092
      - --advertise-kafka-addr=PLAINTEXT://localhost:9092
    ports:
      - "9092:9092"
      - "9644:9644"   # Admin API
    healthcheck:
      test: ["CMD-SHELL", "rpk cluster health | grep -q 'Healthy: true'"]
      interval: 10s
      timeout: 10s
      retries: 10

  redpanda-console:
    image: docker.redpanda.com/redpandadata/console:latest
    container_name: sp-redpanda-console
    ports:
      - "9090:8080"
    environment:
      KAFKA_BROKERS: redpanda:9092
    depends_on:
      redpanda:
        condition: service_healthy

  # ─────────────────────────────────────────────
  # Kafka topic init — creates all required topics
  # ─────────────────────────────────────────────
  kafka-init:
    image: docker.redpanda.com/redpandadata/redpanda:latest
    container_name: sp-kafka-init
    depends_on:
      redpanda:
        condition: service_healthy
    entrypoint: ["/bin/bash", "-c"]
    command: |
      "
      rpk --brokers redpanda:9092 topic create payment.initiated --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create compliance.result --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create fx.rate.locked --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create fiat.collected --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create chain.transfer.submitted --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create chain.transfer.confirmed --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create fiat.payout.completed --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create payment.completed --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create payment.failed --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create audit.event --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create reconciliation.discrepancy --partitions 1 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create merchant.activated --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create merchant.suspended --partitions 3 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create partner.degraded --partitions 1 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create partner.recovered --partitions 1 --replicas 1 &&
      rpk --brokers redpanda:9092 topic create agent.payment.approved --partitions 3 --replicas 1 &&
      echo 'All topics created successfully'
      "
    restart: on-failure

  # ─────────────────────────────────────────────
  # Elasticsearch — transaction search (S12)
  # ─────────────────────────────────────────────
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:9.3.1
    container_name: sp-elasticsearch
    ports:
      - "9200:9200"
    environment:
      discovery.type: single-node
      xpack.security.enabled: "false"
      ES_JAVA_OPTS: "-Xms256m -Xmx256m"
    healthcheck:
      test: ["CMD-SHELL", "curl -s http://localhost:9200/_cluster/health | grep -qv '\"status\":\"red\"'"]
      interval: 15s
      timeout: 10s
      retries: 10

  # ─────────────────────────────────────────────
  # Temporal — durable workflow engine (S1, S11, S14)
  # ─────────────────────────────────────────────
  temporal:
    image: temporalio/auto-setup:latest
    container_name: sp-temporal
    ports:
      - "7233:7233"
    environment:
      DB: postgres12
      DB_PORT: 5432
      POSTGRES_USER: dev
      POSTGRES_PWD: dev
      POSTGRES_SEEDS: postgres
      SKIP_DYNAMIC_CONFIG_SETUP: true
    depends_on:
      postgres:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "temporal operator cluster health 2>/dev/null | grep -q 'OK' || exit 0"]
      interval: 15s
      timeout: 10s
      retries: 15

  temporal-ui:
    image: temporalio/ui:latest
    container_name: sp-temporal-ui
    ports:
      - "8233:8080"
    environment:
      TEMPORAL_ADDRESS: temporal:7233
      TEMPORAL_CORS_ORIGINS: http://localhost:3000
    depends_on:
      - temporal

  # ─────────────────────────────────────────────
  # Vault — secrets management (dev mode)
  # ─────────────────────────────────────────────
  vault:
    image: hashicorp/vault:latest
    container_name: sp-vault
    ports:
      - "8200:8200"
    environment:
      VAULT_DEV_ROOT_TOKEN_ID: dev-root-token
      VAULT_DEV_LISTEN_ADDRESS: 0.0.0.0:8200
    cap_add:
      - IPC_LOCK
    healthcheck:
      test: ["CMD", "vault", "status"]
      interval: 5s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # Vault init — seeds KV v2 secrets for local dev
  # ─────────────────────────────────────────────
  vault-init:
    image: hashicorp/vault:latest
    container_name: sp-vault-init
    depends_on:
      vault:
        condition: service_healthy
    environment:
      VAULT_ADDR: http://vault:8200
      VAULT_TOKEN: dev-root-token
    volumes:
      - ./infra/local/vault/init-vault.sh:/vault/init-vault.sh
    entrypoint: ["/bin/sh", "/vault/init-vault.sh"]
    restart: "no"

  # ─────────────────────────────────────────────
  # Mailhog — captures outbound email (replaces SendGrid in dev)
  # ─────────────────────────────────────────────
  mailpit:
    image: axllent/mailpit:latest
    container_name: sp-mailpit
    ports:
      - "1025:1025"   # SMTP — point SMTP config here
      - "8025:8025"   # Web UI + REST API (GET /api/v1/messages)
    environment:
      MP_SMTP_AUTH_ACCEPT_ANY: 1
      MP_SMTP_AUTH_ALLOW_INSECURE: 1

  # ─────────────────────────────────────────────
  # WireMock — stubs for external providers
  # (Stripe, Onfido, Alchemy, Modulr, Fireblocks, etc.)
  # ─────────────────────────────────────────────
  wiremock:
    image: wiremock/wiremock:latest
    container_name: sp-wiremock
    ports:
      - "4444:8080"
    volumes:
      - ./infra/local/wiremock/mappings:/home/wiremock/mappings
      - ./infra/local/wiremock/__files:/home/wiremock/__files
    command: --verbose --global-response-templating

  # ─────────────────────────────────────────────
  # Jaeger — distributed trace visualization (STA-221)
  # ─────────────────────────────────────────────
  jaeger:
    image: jaegertracing/all-in-one:1.76.0
    container_name: sp-jaeger
    ports:
      - "16686:16686"  # Jaeger UI
      - "4317:4317"    # OTLP gRPC receiver
      - "4318:4318"    # OTLP HTTP receiver
    environment:
      COLLECTOR_OTLP_ENABLED: "true"
    healthcheck:
      test: ["CMD-SHELL", "wget --spider -q http://localhost:16686/ || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # Prometheus — metrics collection and alerting (STA-227)
  # UI: http://localhost:9091
  # ─────────────────────────────────────────────
  prometheus:
    image: prom/prometheus:v3.4.0
    container_name: sp-prometheus
    ports:
      - "9091:9090"
    volumes:
      - ./infra/monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml
      - ./infra/monitoring/prometheus/alerting_rules.yml:/etc/prometheus/alerting_rules.yml
      - prometheusdata:/prometheus
    command:
      - "--config.file=/etc/prometheus/prometheus.yml"
      - "--storage.tsdb.path=/prometheus"
      - "--storage.tsdb.retention.time=7d"
      - "--web.enable-lifecycle"
    healthcheck:
      test: ["CMD-SHELL", "wget --spider -q http://localhost:9090/-/healthy || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 10

  # ─────────────────────────────────────────────
  # Alertmanager — alert routing (PagerDuty, Slack)
  # UI: http://localhost:9093
  # ─────────────────────────────────────────────
  alertmanager:
    image: prom/alertmanager:v0.28.1
    container_name: sp-alertmanager
    ports:
      - "9093:9093"
    volumes:
      - ./infra/monitoring/alertmanager/alertmanager.yml:/etc/alertmanager/alertmanager.yml
      - alertmanagerdata:/alertmanager
    command:
      - "--config.file=/etc/alertmanager/alertmanager.yml"
      - "--storage.path=/alertmanager"
    depends_on:
      prometheus:
        condition: service_healthy
    healthcheck:
      test: ["CMD-SHELL", "wget --spider -q http://localhost:9093/-/healthy || exit 1"]
      interval: 10s
      timeout: 5s
      retries: 10

volumes:
  pgdata:
  tsdata:
  prometheusdata:
  alertmanagerdata: