CI/CD Pipeline
AuroraSOC uses a Makefile for local development and Docker Compose for deployment. This document covers the build, test, and deployment workflow.
Makefile Targets
The project root Makefile provides commands for local development, validation, and deployment.
Run make help to list all available targets.
Local Development
# Install dependencies
make install
make dev
# Start services locally
make api # FastAPI on :8000
make dashboard-dev # Next.js on :3000
make dev-all # API + dashboard in one terminal session
make mcp # MCP Tool Registry server
Infrastructure (Docker Compose)
make docker-up # Start full stack
make docker-up-minimal # Minimal stack (orchestrator + network analyzer path)
make docker-down # Stop stack
make docker-logs # Tail compose logs
make docker-build # Build Docker images
Testing and Quality
# Run all Python tests
make test
# Run with coverage
make test-cov
make lint
make type-check
make check
make rust-test
make rust-clippy
make dashboard-lint
Build and Database
make rust-build
make dashboard-build
make env-check
make prod-validate
make migrate
make migrate-new MSG="Add new table"
make migrate-down
make prod-validate is the Compose-first release gate. It fails fast if the
required .env values are weak or missing, if PostgreSQL is unreachable or not
at the repository's Alembic head, or if the configured LLM_BACKEND cannot
serve the expected runtime model through the same BeeAI path the agent fleet
uses.
Docs CI/CD
Documentation automation is handled by GitHub Actions:
.github/workflows/docs.ymlruns docs quality checks and build for docs changes.- The same workflow deploys to GitHub Pages on
main. workflow_dispatchis enabled for manual runs when needed.
Docker Build Architecture
Python Dockerfile (Dockerfile.python)
FROM python:3.12-slim AS builder
WORKDIR /app
COPY pyproject.toml .
RUN pip install --no-cache-dir -e ".[all]"
FROM python:3.12-slim
WORKDIR /app
COPY /usr/local/lib/python3.12 /usr/local/lib/python3.12
COPY /usr/local/bin /usr/local/bin
COPY aurorasoc/ aurorasoc/
COPY alembic/ alembic/
COPY alembic.ini .
EXPOSE 8000
CMD ["uvicorn", "aurorasoc.api.main:app", "--host", "0.0.0.0", "--port", "8000"]
Rust Dockerfile (Dockerfile.rust)
FROM rust:1.77-bookworm AS builder
WORKDIR /app
COPY rust_core/ .
RUN cargo build --release
FROM debian:bookworm-slim
COPY /app/target/release/aurora-core /usr/local/bin/
EXPOSE 8080
CMD ["aurora-core"]
Dashboard Dockerfile (Dockerfile.dashboard)
FROM node:22-alpine AS builder
WORKDIR /app
COPY dashboard/package.json dashboard/package-lock.json ./
RUN npm ci
COPY dashboard/ .
RUN npm run build
FROM node:22-alpine
WORKDIR /app
COPY /app/.next/standalone ./
COPY /app/.next/static ./.next/static
EXPOSE 3000
CMD ["node", "server.js"]
Docker Compose Networks
Four isolated networks:
- aurora-frontend — Dashboard ↔ API only
- aurora-backend — API ↔ Agents internal communication
- aurora-data — Database access (Postgres + pgvector, Redis)
- aurora-messaging — Event buses (NATS, MQTT)
Development Workflow
Hot Reload
Development mode mounts source code as volumes for hot reload:
# docker-compose.dev.yml
api:
volumes:
- ./aurorasoc:/app/aurorasoc
command: uvicorn aurorasoc.api.main:app --reload --host 0.0.0.0
dashboard:
volumes:
- ./dashboard/src:/app/src
command: npm run dev
Environment Configuration
Required Environment Variables
# Start from template
cp .env.example .env
# Optional bootstrap helpers
make env-init
make env-check
# Core auth
JWT_SECRET_KEY=<generate-with-openssl-rand-hex-32>
API_SERVICE_KEY=<generate-a-secure-random-key>
# Database and messaging
PG_HOST=localhost
PG_PORT=5432
PG_DATABASE=aurorasoc
PG_USER=aurorasoc
PG_PASSWORD=<set-a-strong-password>
REDIS_URL=redis://:<set-a-strong-password>@localhost:6379
NATS_URL=nats://localhost:4222
# LLM backend selection
LLM_BACKEND=vllm
VLLM_BASE_URL=http://vllm:8000/v1
VLLM_MODEL=granite-soc-specialist
VLLM_ORCHESTRATOR_MODEL=granite-soc-specialist
# Ollama fallback
OLLAMA_BASE_URL=http://ollama:11434
OLLAMA_MODEL=granite4:8b
OLLAMA_ORCHESTRATOR_MODEL=granite4:dense
Using .env File
cp .env.example .env
# Edit with your values
vim .env
Docker Compose automatically reads .env from the project root.