pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
115 Commits 2 Branches 0 Tags
53931d9d2b8982c7861a1b455cab7cd8fedd09da
Commit Graph

9 Commits

Author SHA1 Message Date
Patrick Plate 53931d9d2b fix: resolve CI failures — RetentionService bean, frontend types, artifact upload
CI — Build, Lint & Security Scan / backend (push) Failing after 1m24s
Details
CI — Build, Lint & Security Scan / frontend (push) Failing after 48s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been skipped
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Failing after 27s
Details
Deploy to TrueNAS / deploy (push) Successful in 3m0s
Details 
- Remove @ConditionalOnProperty from RetentionService class; guard only @Scheduled method
- Fix QuotaStatus property references in frontend tests
- Downgrade upload-artifact to v3 for Gitea compatibility
 2026-06-19 16:23:18 +02:00
Patrick Plate 51a9d1db58 fix: use PostgreSQL service container in CI instead of Testcontainers
CI — Build, Lint & Security Scan / backend (push) Failing after 48s
Details
CI — Build, Lint & Security Scan / frontend (push) Failing after 1m7s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been skipped
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Failing after 42s
Details
Deploy to TrueNAS / deploy (push) Successful in 2m52s
Details 
Testcontainers can't network properly on TrueNAS act-runner (host network vs bridge). Added postgres:16-alpine service container to CI workflow and made AbstractIntegrationTest conditionally skip Testcontainers when CI_POSTGRES_URL env var is present.
 2026-06-19 16:14:06 +02:00
Patrick Plate ade9673f02 fix: harden CI security gates, parallelize builds, externalize secrets
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / backend (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details 
- Make OWASP, Gitleaks, pnpm audit blocking (remove || true fallbacks)
- Add Maven -T 1C for parallel reactor threads
- Fix parallel Docker build race condition (PID tracking + set -euo pipefail)
- Externalize JWT/NextAuth secrets via env vars with dev-only defaults
- Add .env.example with generation instructions
- Add CI/CD infrastructure review document
 2026-06-19 16:04:09 +02:00
Patrick Plate ad7f4e2b1c feat(ci): add security scanning pipeline — OWASP, Trivy, Gitleaks, pnpm audit
CI — Build, Lint & Security Scan / backend (push) Failing after 1m54s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details 
New CI workflow (.gitea/workflows/ci.yml) runs on every push to main:
- Backend: Maven compile + test + OWASP Dependency-Check (fails on CVSS>=7)
- Frontend: pnpm lint + type-check + pnpm audit (fails on High/Critical)
- Docker image scan: Trivy for both backend/frontend images (High/Critical)
- Secrets detection: Gitleaks full-repo scan

Deploy workflow remains independent (self-hosted runner limitation).
Both workflows run in parallel on push to main.
 2026-06-19 09:15:20 +02:00
Patrick Plate 52d23053e7 fix: CI — remove Docker-in-Docker test steps (not supported by act runner)
Deploy to TrueNAS / deploy (push) Successful in 3m3s
Details
2026-06-18 19:15:20 +02:00
Patrick Plate 6f5e886bd6 fix: CI — run tests in Docker containers (runner has no JDK/Node)
Deploy to TrueNAS / deploy (push) Failing after 38s
Details
2026-06-18 16:11:32 +02:00
Patrick Plate f9a87efb7a feat: Sprint 13 — Production Hardening (security fixes, CI gate, rate limiting, tests)
Deploy to TrueNAS / deploy (push) Failing after 12s
Details
2026-06-18 16:08:05 +02:00
Patrick Plate 3b15d7439d ci(deploy): auto-deploy to TrueNAS via self-hosted Gitea Actions runner
Deploy to TrueNAS / deploy (push) Failing after 3s
Details 
- Replace VPS SSH deploy workflow with a self-contained job that runs on the
  TrueNAS act_runner (host docker socket mounted). Checks out the pushed commit,
  builds, and rolls out the cannamanage compose stack in-place (project=cannamanage),
  then health-checks backend :8081 + frontend :3000.
- Commit docker-compose.truenas.yml (port remap 8081 + AUTH_SECRET) into the repo;
  it was previously host-only, so a fresh checkout could not reproduce the deploy.
  Use the !override tag for the backend ports list.
 2026-06-16 18:52:18 +02:00
Patrick Plate b38902a7ee feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details 
- docker-compose.prod.yml: production Docker Compose with health checks, logging, restart policies, resource limits
- deploy/nginx/cannamanage.conf: Nginx reverse proxy with TLS, CSP, security headers, rate limiting
- deploy/.env.production.example: environment template for secrets
- deploy/backup.sh: GPG-encrypted daily/weekly PostgreSQL backup with retention
- deploy/deploy.sh: manual deploy script with health check verification
- .gitea/workflows/deploy.yml: Gitea Actions CI/CD pipeline (test + deploy)
- application-production.properties: Spring Boot production profile (no stacktraces, Swagger disabled, Stripe)
- .gitignore: added .env to prevent accidental secret commits
 2026-06-12 22:11:43 +02:00