From 62e5327f9428b0b1e7e1554a2cf5b8d8ce3dc5b6 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Fri, 15 May 2026 09:23:40 +0000 Subject: [PATCH 1/3] Add compose.prebuilt.yaml overlay for prebuilt GHCR images Adds an overlay for dev/docker-compose that resets the `build:` block of every locally-built component and points it at the matching prebuilt image from GHCR, so developers can run the stack without local builds. Image tag defaults to "main" and is overridable via BUTTERCUP_IMAGE_TAG. Co-Authored-By: Claude Opus 4.7 (1M context) --- dev/docker-compose/README.md | 12 ++++++ dev/docker-compose/compose.prebuilt.yaml | 54 ++++++++++++++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 dev/docker-compose/compose.prebuilt.yaml diff --git a/dev/docker-compose/README.md b/dev/docker-compose/README.md index b50699ae..37436771 100644 --- a/dev/docker-compose/README.md +++ b/dev/docker-compose/README.md @@ -18,6 +18,18 @@ cd dev/docker-compose && docker-compose --profile graphdb up -d cd dev/docker-compose && docker-compose down ``` +### Using prebuilt images (skip local builds) + +`compose.prebuilt.yaml` is an overlay that replaces every locally-built +component with its prebuilt image from GHCR, so nothing is built locally: + +```bash +cd dev/docker-compose && docker compose -f compose.yaml -f compose.prebuilt.yaml up -d + +# Pin a specific image tag (defaults to "main"): +BUTTERCUP_IMAGE_TAG= docker compose -f compose.yaml -f compose.prebuilt.yaml up -d +``` + ## Configuration - `env.template` - Template for environment variables (copy to `.env` and customize) diff --git a/dev/docker-compose/compose.prebuilt.yaml b/dev/docker-compose/compose.prebuilt.yaml new file mode 100644 index 00000000..0a8d0396 --- /dev/null +++ b/dev/docker-compose/compose.prebuilt.yaml @@ -0,0 +1,54 @@ +# Overlay for compose.yaml that pulls the prebuilt component images from GHCR +# instead of building them locally. It only overrides the services that have a +# `build:` block, resetting it and pointing at the published image. +# +# Usage (from dev/docker-compose): +# docker compose -f compose.yaml -f compose.prebuilt.yaml up -d +# +# Override the image tag (defaults to "main"): +# BUTTERCUP_IMAGE_TAG= docker compose -f compose.yaml -f compose.prebuilt.yaml up -d + +services: + program-model: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-program-model:${BUTTERCUP_IMAGE_TAG:-main} + + coverage-bot: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-fuzzer:${BUTTERCUP_IMAGE_TAG:-main} + + build-bot: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-fuzzer:${BUTTERCUP_IMAGE_TAG:-main} + + tracer-bot: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-fuzzer:${BUTTERCUP_IMAGE_TAG:-main} + + fuzzer-bot: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-fuzzer:${BUTTERCUP_IMAGE_TAG:-main} + + task-downloader: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-orchestrator:${BUTTERCUP_IMAGE_TAG:-main} + + task-server: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-orchestrator:${BUTTERCUP_IMAGE_TAG:-main} + + scheduler: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-orchestrator:${BUTTERCUP_IMAGE_TAG:-main} + + seed-gen: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-seed-gen:${BUTTERCUP_IMAGE_TAG:-main} + + patcher: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-patcher:${BUTTERCUP_IMAGE_TAG:-main} + + buttercup-ui: + build: !reset null + image: ghcr.io/trailofbits/buttercup/buttercup-orchestrator:${BUTTERCUP_IMAGE_TAG:-main} From 95d2a8ca097edec5f3002a934006169d047c6ae9 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Fri, 15 May 2026 09:31:10 +0000 Subject: [PATCH 2/3] ci: allow Docker Compose !reset/!override tags in YAML check The static-checks YAML step uses yaml.safe_load_all, which rejects the Compose-specific !reset/!override merge tags used by compose.prebuilt.yaml. Register no-op constructors for those tags so compose overlays validate without masking real YAML errors elsewhere. Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/static-checks.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/static-checks.yml b/.github/workflows/static-checks.yml index 7d7e4425..2b8507db 100644 --- a/.github/workflows/static-checks.yml +++ b/.github/workflows/static-checks.yml @@ -40,6 +40,9 @@ jobs: python3 -c " import yaml from pathlib import Path + # Docker Compose merge tags are valid in compose files but unknown to safe_load + for _t in ('!reset', '!override'): + yaml.SafeLoader.add_constructor(_t, lambda loader, node: None) for f in Path('.').rglob('*.yaml'): if 'deployment/k8s' not in str(f): list(yaml.safe_load_all(f.read_text())) From 4c11e4e0573e17a44f0c884a31a62b5c29273821 Mon Sep 17 00:00:00 2001 From: Riccardo Schirone Date: Mon, 18 May 2026 14:01:20 +0000 Subject: [PATCH 3/3] docs(docker-compose): list compose.prebuilt.yaml in Configuration Address PR #548 review nit: the Configuration section's file inventory omitted the new prebuilt overlay. Co-Authored-By: Claude Opus 4.7 (1M context) --- dev/docker-compose/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/dev/docker-compose/README.md b/dev/docker-compose/README.md index 37436771..9220ac1c 100644 --- a/dev/docker-compose/README.md +++ b/dev/docker-compose/README.md @@ -35,6 +35,7 @@ BUTTERCUP_IMAGE_TAG= docker compose -f compose.yaml -f compose.pr - `env.template` - Template for environment variables (copy to `.env` and customize) - `env.dev.compose` - Development-specific environment configuration - `compose.yaml` - Main compose file with all services +- `compose.prebuilt.yaml` - Overlay that pulls prebuilt GHCR images instead of building locally ## Notes