180 lines
5.3 KiB
YAML
180 lines
5.3 KiB
YAML
# =============================================
|
||
# DeepAudit Docker Compose 配置
|
||
# =============================================
|
||
|
||
# 共享环境变量定义
|
||
x-shared-env:
|
||
# 基础信息
|
||
&shared-env
|
||
PROJECT_NAME: DeepAudit
|
||
SECRET_KEY: ${SECRET_KEY}
|
||
ALGORITHM: ${ALGORITHM:-HS256}
|
||
# 数据库
|
||
POSTGRES_SERVER: ${POSTGRES_SERVER:-db}
|
||
POSTGRES_USER: ${POSTGRES_USER:-postgres}
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
||
POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
|
||
# LLM
|
||
LLM_PROVIDER: ${LLM_PROVIDER:-openai}
|
||
LLM_MODEL: ${LLM_MODEL:-qwen3-coder-flash}
|
||
LLM_API_KEY: ${LLM_API_KEY}
|
||
LLM_BASE_URL: ${LLM_BASE_URL}
|
||
LLM_TIMEOUT: ${LLM_TIMEOUT:-300}
|
||
LLM_TEMPERATURE: ${LLM_TEMPERATURE:-0.7}
|
||
LLM_MAX_TOKENS: ${LLM_MAX_TOKENS:-32768}
|
||
LLM_CONCURRENCY: ${LLM_CONCURRENCY:-20}
|
||
LLM_GAP_MS: ${LLM_GAP_MS:-0}
|
||
# LLM 各平台独立配置
|
||
OPENAI_API_KEY: ${OPENAI_API_KEY}
|
||
OPENAI_BASE_URL: ${OPENAI_BASE_URL}
|
||
GEMINI_API_KEY: ${GEMINI_API_KEY}
|
||
CLAUDE_API_KEY: ${CLAUDE_API_KEY}
|
||
QWEN_API_KEY: ${QWEN_API_KEY}
|
||
DEEPSEEK_API_KEY: ${DEEPSEEK_API_KEY}
|
||
ZHIPU_API_KEY: ${ZHIPU_API_KEY}
|
||
MOONSHOT_API_KEY: ${MOONSHOT_API_KEY}
|
||
BAIDU_API_KEY: ${BAIDU_API_KEY}
|
||
MINIMAX_API_KEY: ${MINIMAX_API_KEY}
|
||
DOUBAO_API_KEY: ${DOUBAO_API_KEY}
|
||
OLLAMA_BASE_URL: ${OLLAMA_BASE_URL}
|
||
# Agent & Redis
|
||
AGENT_ENABLED: ${AGENT_ENABLED:-true}
|
||
AGENT_MAX_ITERATIONS: ${AGENT_MAX_ITERATIONS:-5}
|
||
AGENT_TIMEOUT: ${AGENT_TIMEOUT:-1800}
|
||
REDIS_URL: ${REDIS_URL:-redis://redis:6379/0}
|
||
# Embedding
|
||
EMBEDDING_PROVIDER: ${EMBEDDING_PROVIDER:-openai}
|
||
EMBEDDING_MODEL: ${EMBEDDING_MODEL:-text-embedding-v4}
|
||
EMBEDDING_DIMENSION: ${EMBEDDING_DIMENSION:-1024}
|
||
EMBEDDING_API_KEY: ${EMBEDDING_API_KEY}
|
||
EMBEDDING_BASE_URL: ${EMBEDDING_BASE_URL}
|
||
# 向量数据库
|
||
VECTOR_DB_TYPE: ${VECTOR_DB_TYPE:-chroma}
|
||
CHROMA_PERSIST_DIRECTORY: ${CHROMA_PERSIST_DIRECTORY:-./data/chroma}
|
||
# Gitea
|
||
GITEA_HOST_URL: ${GITEA_HOST_URL}
|
||
GITEA_TOKEN: ${GITEA_TOKEN}
|
||
GITEA_BOT_TOKEN: ${GITEA_BOT_TOKEN}
|
||
GITEA_WEBHOOK_SECRET: ${GITEA_WEBHOOK_SECRET}
|
||
# 沙箱
|
||
SANDBOX_MEMORY_LIMIT: ${SANDBOX_MEMORY_LIMIT:-512m}
|
||
SANDBOX_CPU_LIMIT: ${SANDBOX_CPU_LIMIT:-1.0}
|
||
SANDBOX_TIMEOUT: ${SANDBOX_TIMEOUT:-30}
|
||
|
||
services:
|
||
# =============================================
|
||
# 核心基础服务
|
||
# =============================================
|
||
|
||
db:
|
||
image: postgres:15-alpine
|
||
restart: unless-stopped
|
||
volumes:
|
||
- postgres_data:/var/lib/postgresql/data
|
||
environment:
|
||
POSTGRES_USER: ${POSTGRES_USER:-postgres}
|
||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-postgres}
|
||
POSTGRES_DB: ${POSTGRES_DB:-deepaudit}
|
||
ports:
|
||
- "5432:5432"
|
||
healthcheck:
|
||
test: [ "CMD-SHELL", "pg_isready -U postgres" ]
|
||
interval: 5s
|
||
timeout: 5s
|
||
retries: 5
|
||
networks:
|
||
- deepaudit-network
|
||
|
||
backend:
|
||
build:
|
||
context: ./backend
|
||
image: code-review:backend
|
||
restart: unless-stopped
|
||
# 允许容器通过 host.docker.internal 访问宿主机
|
||
extra_hosts:
|
||
- "host.docker.internal:host-gateway"
|
||
volumes:
|
||
- backend_uploads:/app/uploads
|
||
- chroma_data:/app/data/vector_db
|
||
- ci_workspace:/app/data/ci_workspace
|
||
- ci_vectordb:/app/data/ci_vectordb
|
||
- /var/run/docker.sock:/var/run/docker.sock # 沙箱执行必须
|
||
ports:
|
||
- "8000:8000"
|
||
env_file:
|
||
- .env
|
||
environment:
|
||
<<: *shared-env
|
||
DATABASE_URL: postgresql+asyncpg://${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-postgres}@db:5432/${POSTGRES_DB:-deepaudit}
|
||
SANDBOX_ENABLED: ${SANDBOX_ENABLED:-true}
|
||
SANDBOX_IMAGE: ${SANDBOX_IMAGE:-deepaudit/sandbox:latest}
|
||
OUTPUT_LANGUAGE: ${OUTPUT_LANGUAGE:-zh-CN}
|
||
depends_on:
|
||
db:
|
||
condition: service_healthy
|
||
redis:
|
||
condition: service_healthy
|
||
networks:
|
||
- deepaudit-network
|
||
|
||
frontend:
|
||
build:
|
||
context: ./frontend
|
||
image: code-review:frontend
|
||
restart: unless-stopped
|
||
volumes:
|
||
# - ./frontend/dist:/usr/share/nginx/html:ro # 挂载构建产物,本地 pnpm build 后自动生效,在dockerfile中已经COPY了
|
||
- ./frontend/nginx.conf:/etc/nginx/conf.d/default.conf:ro # 挂载 nginx 配置
|
||
ports:
|
||
- "${FRONTEND_PORT:-83}:80" # Nginx 监听 80 端口
|
||
environment:
|
||
VITE_API_BASE_URL: ${VITE_API_BASE_URL:-/api/v1}
|
||
VITE_APP_ID: ${VITE_APP_ID:-deepaudit}
|
||
depends_on:
|
||
- backend
|
||
networks:
|
||
- deepaudit-network
|
||
|
||
# =============================================
|
||
# Agent 服务必须组件
|
||
# =============================================
|
||
|
||
redis:
|
||
image: redis:7-alpine
|
||
restart: unless-stopped
|
||
ports:
|
||
- "${REDIS_PORT:-6379}:6379"
|
||
volumes:
|
||
- redis_data:/data
|
||
healthcheck:
|
||
test: [ "CMD", "redis-cli", "ping" ]
|
||
interval: 10s
|
||
timeout: 5s
|
||
retries: 5
|
||
networks:
|
||
- deepaudit-network
|
||
|
||
# 沙箱镜像构建服务 (漏洞验证必须)
|
||
# 注意: 此服务仅用于构建镜像,构建完成后自动退出
|
||
sandbox:
|
||
build:
|
||
context: ./docker/sandbox
|
||
dockerfile: Dockerfile
|
||
image: code-review:sandbox
|
||
restart: "no"
|
||
command: echo "Sandbox image built successfully"
|
||
|
||
networks:
|
||
deepaudit-network:
|
||
driver: bridge
|
||
driver_opts:
|
||
com.docker.network.bridge.name: br-deepaudit # 指定宿主机网卡名称
|
||
|
||
volumes:
|
||
postgres_data:
|
||
backend_uploads:
|
||
chroma_data:
|
||
ci_workspace:
|
||
ci_vectordb:
|
||
redis_data:
|