guacsec · ruromero · Nov 10, 2025 · Nov 3, 2025 · Nov 4, 2025
diff --git a/deploy/README-docker.md b/deploy/README-docker.md
@@ -0,0 +1,155 @@
+# Trustify Docker Compose Deployment
+
+This directory contains Docker Compose files for local development deployment of Trustify with its required infrastructure components.
+
+**Note**: Replace `docker-compose` with `podman-compose` if you're using Podman instead.
+
+## Files
+
+- `docker-compose.infrastructure.yml` - Infrastructure services (Redis, PostgreSQL)
+- `docker-compose.application.yml` - Application service (trust-da)
+- `env.example` - Environment variables template
+
+## Quick Start
+
+### 1. Start Infrastructure Services
+
+```bash
+# Start Redis, PostgreSQL, and Keycloak
+docker-compose -f docker-compose.infrastructure.yml up -d
+
+# Check if services are healthy
+docker-compose -f docker-compose.infrastructure.yml ps
+```
+
+### 2. Configure Environment (Optional)
+
+```bash
+# Copy environment template
+cp env.example .env
+
+# Edit .env with your actual values
+nano .env
+```
+
+### 3. Create Network
+
+```bash
+docker network create trustify-network
+```
+
+### 4. Start Application
+
+```bash
+# Start the trust-da application
+docker-compose -f docker-compose.application.yml up -d
+
+# Check application status
+docker-compose -f docker-compose.application.yml ps
+```
+
+## Services
+
+### Infrastructure Services
+
+| Service | Port | Description |
+|---------|------|-------------|
+| Redis | 6379 | Cache and session storage |
+| PostgreSQL | 5432 | Database for Keycloak and application |
+
+### Application Services
+
+| Service | Port | Description |
+|---------|------|-------------|
+| trust-da | 8081 | Main application (mapped from 8080) |
+| trust-da | 9001 | Management/health endpoints (mapped from 9000) |
+
+## Access Points
+
+- **Application**: http://localhost:8081
+- **PostgreSQL**: localhost:5432
+  - Database: `trustify`
+  - Username: `trustify`
+  - Password: `trustify123`
+- **Redis**: localhost:6379
+  - No authentication required
+
+## Health Checks
+
+All services include health checks. You can monitor them with:
+
+```bash
+# Check infrastructure health
+docker-compose -f docker-compose.infrastructure.yml ps
+
+# Check application health
+docker-compose -f docker-compose.application.yml ps
+```
+
+## Logs
+
+```bash
+# View infrastructure logs
+docker-compose -f docker-compose.infrastructure.yml logs -f
+
+# View application logs
+docker-compose -f docker-compose.application.yml logs -f
+
+# View specific service logs
+docker-compose -f docker-compose.application.yml logs -f trust-da
+```
+
+## Stopping Services
+
+```bash
+# Stop application
+docker-compose -f docker-compose.application.yml down
+# Stop infrastructure
+docker-compose -f docker-compose.infrastructure.yml down
+
+# Stop everything and remove volumes
+docker-compose -f docker-compose.infrastructure.yml down -v
+docker-compose -f docker-compose.application.yml down
+```
+
+## Data Persistence
+
+- **PostgreSQL data**: Stored in Docker volume `postgres_data`
+- **Redis data**: Stored in Docker volume `redis_data`
+
+To reset all data:
+
+```bash
+docker-compose -f docker-compose.infrastructure.yml down -v
+```
+
+## Remove the network
+
+```bash
+docker network rm trustify-network
+```
+
+## Environment Variables
+
+Create a `.env` file based on `env.example` to customize:
+
+- `TRUSTIFY_HOST`: Your Trustify server host
+- `TRUSTIFY_CLIENT_ID`: Your Trustify client ID
+- `TRUSTIFY_CLIENT_SECRET`: Your Trustify client secret
+- `TRUSTIFY_AUTH_SERVER_URL`: The Trustify SSO Server URL
+- `SENTRY_DSN`: Sentry DSN for error tracking (Optional)
+- `TELEMETRY_WRITE_KEY`: Telemetry write key (Optional)
+
+## Troubleshooting
+
+### Services not starting
+
+```bash
+# Check logs for errors
+docker-compose -f docker-compose.infrastructure.yml logs
+docker-compose -f docker-compose.application.yml logs
+
+# Restart services
+docker-compose -f docker-compose.infrastructure.yml restart
+docker-compose -f docker-compose.application.yml restart
+```
diff --git a/deploy/docker-compose.application.yml b/deploy/docker-compose.application.yml
@@ -0,0 +1,39 @@
+services:
+  trust-da:
+    image: ${TRUST_DA_IMAGE:-trust-da:latest}
+    container_name: trustify-trust-da
+    env_file:
+      - .env
+    ports:
+      - "8080:8080"  # Application port
+      - "9000:9000"  # Management port
+    environment:
+      # Monitoring
+      MONITORING_ENABLED: "false"
+
+      # Database
+      DB_REDIS_HOST: redis
+      DB_REDIS_PORT: 6379
+      DB_POSTGRES_HOST: postgres
+      DB_POSTGRES_PORT: 5432
+      DB_POSTGRES_DATABASE: trustify
+      DB_POSTGRES_USER: trustify
+      DB_POSTGRES_PASSWORD: trustify123
+      API_ONGUARD_DISABLED: true
+
+      # Trustify
+      PROVIDER_TRUSTIFY_HOST: ${TRUSTIFY_HOST:-https://trustify.example.com/api/v2/}
+      PROVIDER_TRUSTIFY_AUTH_CLIENT_ID: ${TRUSTIFY_CLIENT_ID:-your-trustify-client-id}
+      PROVIDER_TRUSTIFY_AUTH_CLIENT_SECRET: ${TRUSTIFY_CLIENT_SECRET:-your-trustify-client-secret}
+      PROVIDER_TRUSTIFY_AUTH_SERVER_URL: ${TRUSTIFY_AUTH_SERVER_URL:-http://sso-trustify.example.com:8090}
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/q/health/ready"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+    restart: unless-stopped
+
+networks:
+  default:
+    name: trustify-network
+    external: true
diff --git a/deploy/docker-compose.infrastructure.yml b/deploy/docker-compose.infrastructure.yml
@@ -0,0 +1,39 @@
+services:
+  redis:
+    image: redis:8-alpine
+    container_name: trustify-redis
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    healthcheck:
+      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+  postgres:
+    image: postgres:18-alpine
+    container_name: trustify-postgres
+    ports:
+      - "5432:5432"
+    environment:
+      POSTGRES_DB: trustify
+      POSTGRES_USER: trustify
+      POSTGRES_PASSWORD: trustify123
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U trustify -d trustify"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+
+volumes:
+  redis_data:
+  postgres_data:
+
+networks:
+  default:
+    name: trustify-network
+    external: true
diff --git a/deploy/env.example b/deploy/env.example
@@ -0,0 +1,5 @@
+# Trustify Configuration
+TRUSTIFY_HOST=http://trustify.example.com/api/v2/
+TRUSTIFY_CLIENT_ID=your-trustify-client-id
+TRUSTIFY_CLIENT_SECRET=your-trustify-client-secret
+TRUSTIFY_AUTH_SERVER_URL=https://sso-trustify.example.com/auth/realms/trustify
diff --git a/deploy/monitoring.yaml b/deploy/monitoring.yaml