fix: harden CI security gates, parallelize builds, externalize secrets
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Deploy to TrueNAS / deploy (push) Has been cancelled
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Deploy to TrueNAS / deploy (push) Has been cancelled
- Make OWASP, Gitleaks, pnpm audit blocking (remove || true fallbacks) - Add Maven -T 1C for parallel reactor threads - Fix parallel Docker build race condition (PID tracking + set -euo pipefail) - Externalize JWT/NextAuth secrets via env vars with dev-only defaults - Add .env.example with generation instructions - Add CI/CD infrastructure review document
This commit is contained in:
Patrick Plate
@@ -0,0 +1,15 @@
|
||||
# CannaManage — Environment Variables
|
||||
# Copy this file to .env and fill in the values.
|
||||
# NEVER commit .env to git.
|
||||
|
||||
# Database
|
||||
DB_PASSWORD=cannamanage_dev
|
||||
|
||||
# JWT Secret — must be valid base64 (used by Decoders.BASE64.decode in JwtService)
|
||||
# Generate with: openssl rand -base64 48
|
||||
JWT_SECRET=
|
||||
|
||||
# NextAuth / Auth.js secret — minimum 32 characters
|
||||
# Generate with: openssl rand -base64 32
|
||||
NEXTAUTH_SECRET=
|
||||
AUTH_SECRET=
|
||||
Reference in New Issue
Block a user