-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcompose.yaml
More file actions
208 lines (201 loc) · 7.31 KB
/
compose.yaml
File metadata and controls
208 lines (201 loc) · 7.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
---
######################################################################################################
# DO NOT MODIFY THIS FILE ANYWHERE OTHER THAN WITHIN THE CUSTOMIZE BLOCKS
#
#
# New services are acceptable
#
# Profiles
# We use the profiles "development" and "competition"
# All containers added by competitors must include the appropriate profiles
# At competition time only the `--profile competition` will be used
# This will cause the LiteLLM proxy to disappear.
# Competitors should be using the AIXCC_LITELLM_HOSTNAME environment variable
# for accessing LiteLLM, so we can swap the URL at competition time.
#
######################################################################################################
include:
- path:
- sandbox/compose.yaml
#############
### CUSTOMIZE
#############
## SIFT NOTE this is a template, to be processed by tools/dupl-template to create replicated
## service entries for (at least) multiple FBs and maybe multiple OPTs, but note the latter would
## need to be enhanced to not start extra MMs or try to bind multiple MM ports
### Additional services are welcomed, just make sure to use the supplied variables and profile names
services:
# crs:
# networks:
# - crs-internal # Competitors: You MUST use this network only for any containers you add to your CRS.
# profiles:
# - development
# - competition
# # Competitors: You MUST change crs-sandbox to your repo name, change replace-me-crs to your image name, and be versioned pinned to the release intended for competition.
# image: ghcr.io/aixcc-sc/crs-sandbox/replace-me-crs:v1.0.0
# # Competitors: All services that are expected to have a clean exit must have restart: on-failure
# restart: on-failure
# build:
# context: . # Note that this uses the base folder for context, you may not need this for your CRS
# # Competitors: You MUST change to your Dockerfile location for your CRS.
# # This points to the mock_crs by default.
# dockerfile: crs/src/Dockerfile
# # Competitors: You will need to change this command to trigger your CRS.
# # If you have multiple containers for your CRS you must design your own
# # orchestration and sychronization mechanisms.
# command: ["./run.sh"]
# volumes:
# #################################################################################
# ### THESE VOLUMES MUST BE INCLUDED WITHOUT MODIFICATION TO ALL CRS CONTAINERS ###
# # A CRS MUST copy CP repositories from `/cp_root` to a writable location such as `/crs_scratch` for building and testing CPs.
# # A CRS MUST not modify settings within this section.
# - type: bind
# source: ${PWD}/crs_scratch
# target: /crs_scratch
## bind:
## propagation: rshared
# - ./cp_root:/cp_root
# #################################################################################
#
# environment:
# # These values will be modified automatically at competition time
# - DOCKER_HOST=tcp://dind:2375
# - AIXCC_LITELLM_HOSTNAME=http://litellm
# - AIXCC_API_HOSTNAME=http://iapi:8080
# - AIXCC_CP_ROOT=/cp_root
# - AIXCC_CRS_SCRATCH_SPACE=/crs_scratch
# - LITELLM_KEY=sk-1234
# depends_on:
# iapi:
# condition: service_healthy
crs:
labels:
kompose.service.accountname: "crs" # make sure to use this label if you want your CRS to have K8S API access
profiles:
- development
- competition
networks:
- crs-internal
# FIXME this version tag needs to be updated after any release...
image: ghcr.io/aixcc-sc/asc-crs-lacrosse/neo-fuzz-ccl:${RELEASE_TAG:-v1.5.1}
build:
context: .
dockerfile: crs/code/docker/neo-fuzz-ccl/Dockerfile
working_dir: /lacrosse/code/tools
command:
- ./lax-run-optimus0
container_name: crs-container
expose:
- "10002" ## FIXME depends on circa-baseport.
- "10003"
- "10004"
environment:
# These values will be modified automatically at competition time
- DOCKER_HOST=tcp://dind:2375
- AIXCC_LITELLM_HOSTNAME=http://litellm
- AIXCC_API_HOSTNAME=http://iapi:8080
- AIXCC_CP_ROOT=/cp_root
- AIXCC_CRS_SCRATCH_SPACE=/crs_scratch
- LITELLM_KEY=sk-1234
- AT_SIFT=1
- CIRCA_HOST=crs
- CIRCA_PORT=10003
- BRIDGE_PORT=10004
- DOCKER_EXTRA_ARGS=-e CP_HARNESS_EXTRA_CFLAGS=-fsanitize=fuzzer-no-link -e CP_HARNESS_EXTRA_CXXFLAGS=-fsanitize=fuzzer-no-link
#- LOGDIR=. # ${LOGDIR:-${AIXCC_CRS_SCRATCH_SPACE}}
#- AIXCC_CRS_SCRATCH_SPACE=${AIXCC_CRS_SCRATCH_SPACE:-foo}
privileged: true
volumes:
- type: bind
source: ${PWD}/crs_scratch
target: /crs_scratch
# Might need to disable in compose_local_overides
bind:
propagation: rshared
# This is the core CP mount point where repos are attached as subdirectories.
# A CRS must automatically copy subdirectories here to some location for building and should not modify this read_only setting.
- ./cp_root:/cp_root
env_file:
- crs/sift-env
- sandbox/env
depends_on:
iapi:
condition: service_healthy
healthcheck:
test: ../matchmaker/mmhealth
interval: 60s
start_period: 5s
start_interval: 10s
retries: 6
nix-copy:
profiles:
- development
- competition
image: ghcr.io/aixcc-sc/asc-crs-lacrosse/nix-copy:${RELEASE_TAG:-v1.5.1}
build:
context: .
dockerfile: crs/code/docker/nix-copy/Dockerfile
working_dir: /lacrosse/nix/
volumes:
- type: bind
source: ${PWD}/crs_scratch
target: /crs_scratch
# Might need to disable in compose_local_overides
bind:
propagation: rshared
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 10
window: 120s
##DUPLEND
##DUPL: 1
FUZZBOMB0:
profiles:
- development
- competition
networks:
- crs-internal
image: ghcr.io/aixcc-sc/asc-crs-lacrosse/neo-fuzz-ccl:${RELEASE_TAG:-v1.5.1}
build:
context: .
dockerfile: crs/code/docker/neo-fuzz-ccl/Dockerfile
working_dir: /lacrosse/code/tools
command: ["../tools/lax-run-ccl-agent","crs", "10000","FUZZBOMB0"]
container_name: FUZZBOMB0-container
expose:
- "12345"
environment:
# These values will be modified automatically at competition time
- DOCKER_HOST=tcp://dind:2375
- AIXCC_LITELLM_HOSTNAME=http://litellm
- AIXCC_API_HOSTNAME=http://iapi:8080
- AIXCC_CP_ROOT=/cp_root
- AIXCC_CRS_SCRATCH_SPACE=/crs_scratch
- LITELLM_KEY=sk-1234
- AT_SIFT=1
- CIRCA_HOST=FUZZBOMB0
- CIRCA_PORT=12345
- DOCKER_EXTRA_ARGS=-e CP_HARNESS_EXTRA_CFLAGS=-fsanitize=fuzzer-no-link -e CP_HARNESS_EXTRA_CXXFLAGS=-fsanitize=fuzzer-no-link
#- AIXCC_CRS_SCRATCH_SPACE=${AIXCC_CRS_SCRATCH_SPACE:-.}
#- LOGDIR=${LOGDIR:-${AIXCC_CRS_SCRATCH_SPACE}}
#- LOGDIR=. # ${LOGDIR:-${AIXCC_CRS_SCRATCH_SPACE}}
privileged: true
volumes:
- type: bind
source: ${PWD}/crs_scratch
target: /crs_scratch
bind:
propagation: rshared
- ./cp_root:/cp_root
env_file:
- crs/sift-env
- sandbox/env
depends_on:
crs:
condition: service_healthy
##DUPLEND
#############
### CUSTOMIZE
#############