fix: harden CI security gates, parallelize builds, externalize secrets
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Deploy to TrueNAS / deploy (push) Has been cancelled
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Deploy to TrueNAS / deploy (push) Has been cancelled
- Make OWASP, Gitleaks, pnpm audit blocking (remove || true fallbacks) - Add Maven -T 1C for parallel reactor threads - Fix parallel Docker build race condition (PID tracking + set -euo pipefail) - Externalize JWT/NextAuth secrets via env vars with dev-only defaults - Add .env.example with generation instructions - Add CI/CD infrastructure review document
This commit is contained in:
Patrick Plate
@@ -16,5 +16,5 @@ services:
|
||||
AUTH_URL: http://192.168.188.119:3000
|
||||
# NextAuth v5 (Auth.js) reads AUTH_SECRET, not NEXTAUTH_SECRET. Without it at
|
||||
# runtime, signIn throws MissingSecret -> the app error boundary shows 'Oops'.
|
||||
AUTH_SECRET: docker-dev-nextauth-secret-minimum-32chars
|
||||
AUTH_SECRET: ${AUTH_SECRET}
|
||||
AUTH_TRUST_HOST: "true"
|
||||
|
||||
Reference in New Issue
Block a user