892b89fc9d
Implement dual-registry container publishing to both GHCR and Docker Hub
for maximum distribution reach. Add emergency security reset endpoint
("break-glass" mechanism) to recover from ACL lockout situations.
Key changes:
Docker Hub + GHCR dual publishing with Cosign signing and SBOM
Emergency reset endpoint POST /api/v1/emergency/security-reset
Token-based authentication bypasses Cerberus middleware
Rate limited (5/hour) with audit logging
30 new security enforcement E2E tests covering ACL, WAF, CrowdSec,
Rate Limiting, Security Headers, and Combined scenarios
Fixed container startup permission issue (tmpfs directory ownership)
Playwright config updated with testIgnore for browser projects
Security: Token via CHARON_EMERGENCY_TOKEN env var (32+ chars recommended)
Tests: 689 passed, 86% backend coverage, 85% frontend coverage
Docker Compose Files
This directory contains all Docker Compose configuration variants for Charon.
File Descriptions
| File | Purpose |
|---|---|
docker-compose.yml |
Main production compose configuration. Base services and production settings. |
docker-compose.dev.yml |
Development overrides. Enables hot-reload, debug logging, and development tools. |
docker-compose.local.yml |
Local development configuration. Standalone setup for local testing. |
docker-compose.remote.yml |
Remote deployment configuration. Settings for deploying to remote servers. |
docker-compose.override.yml |
Personal local overrides. Gitignored - use for machine-specific settings. |
Usage Patterns
Production Deployment
docker compose -f .docker/compose/docker-compose.yml up -d
Development Mode
docker compose -f .docker/compose/docker-compose.yml \
-f .docker/compose/docker-compose.dev.yml up -d
Local Testing
docker compose -f .docker/compose/docker-compose.local.yml up -d
With Personal Overrides
Create your own docker-compose.override.yml in this directory for personal
configurations (port mappings, volume paths, etc.). This file is gitignored.
docker compose -f .docker/compose/docker-compose.yml \
-f .docker/compose/docker-compose.override.yml up -d
Notes
- Always use the
-fflag to specify compose file paths from the project root - The override file is automatically ignored by git - do not commit personal settings
- See project tasks in VS Code for convenient pre-configured commands