pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
114 Commits 2 Branches 0 Tags
51a9d1db58a40098d5ae25b7b12c439c609fdec5
Commit Graph

3 Commits

Author SHA1 Message Date
Patrick Plate 51a9d1db58 fix: use PostgreSQL service container in CI instead of Testcontainers
CI — Build, Lint & Security Scan / backend (push) Failing after 48s
Details
CI — Build, Lint & Security Scan / frontend (push) Failing after 1m7s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been skipped
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Failing after 42s
Details
Deploy to TrueNAS / deploy (push) Successful in 2m52s
Details 
Testcontainers can't network properly on TrueNAS act-runner (host network vs bridge). Added postgres:16-alpine service container to CI workflow and made AbstractIntegrationTest conditionally skip Testcontainers when CI_POSTGRES_URL env var is present.
 2026-06-19 16:14:06 +02:00
Patrick Plate ade9673f02 fix: harden CI security gates, parallelize builds, externalize secrets
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details 
- Make OWASP, Gitleaks, pnpm audit blocking (remove || true fallbacks)
- Add Maven -T 1C for parallel reactor threads
- Fix parallel Docker build race condition (PID tracking + set -euo pipefail)
- Externalize JWT/NextAuth secrets via env vars with dev-only defaults
- Add .env.example with generation instructions
- Add CI/CD infrastructure review document
 2026-06-19 16:04:09 +02:00
Patrick Plate ad7f4e2b1c feat(ci): add security scanning pipeline — OWASP, Trivy, Gitleaks, pnpm audit
CI — Build, Lint & Security Scan / backend (push) Failing after 1m54s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details 
New CI workflow (.gitea/workflows/ci.yml) runs on every push to main:
- Backend: Maven compile + test + OWASP Dependency-Check (fails on CVSS>=7)
- Frontend: pnpm lint + type-check + pnpm audit (fails on High/Critical)
- Docker image scan: Trivy for both backend/frontend images (High/Critical)
- Secrets detection: Gitleaks full-repo scan

Deploy workflow remains independent (self-hosted runner limitation).
Both workflows run in parallel on push to main.
 2026-06-19 09:15:20 +02:00