Max Mayfield
eb953cdea5
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 43s
CI — P2 Drift (Go + Node) / saas (push) Failing after 5s
CI — P3 Alert / test (push) Failing after 4s
CI — P4 Portal / test (push) Failing after 4s
CI — P5 Cost / test (push) Failing after 4s
CI — P6 Run / saas (push) Failing after 5s
CI — P2 Drift (Go + Node) / build-push (push) Failing after 7s
CI — P3 Alert / build-push (push) Has been skipped
CI — P4 Portal / build-push (push) Has been skipped
CI — P5 Cost / build-push (push) Has been skipped
CI — P6 Run / build-push (push) Failing after 5s
Phase 1 (Security Critical):
- Auth plugin encapsulation: replaced global addHook with Fastify plugin scope
- Removed startsWith URL matching; public routes registered outside auth scope
- JWT verify now enforces algorithms: ['HS256'] (prevents algorithm confusion)
- Raw pool no longer exported from db.ts; systemQuery() + getPoolForAuth() instead
- withTenant() remains primary tenant-scoped query path
Phase 2 (Infrastructure):
- docker-compose.yml: all secrets via env var substitution (${VAR:-default})
- Per-service Postgres users (dd0c_drift, dd0c_alert, etc.) in docker-init-db.sh
- .env.example with all configurable secrets
- build-push.sh uses $REGISTRY_PASSWORD instead of hardcoded
- .gitignore excludes .env files
- @fastify/rate-limit: 100 req/min global, 5/min login, 3/min signup
- CORS_ORIGIN default changed from '*' to 'http://localhost:5173'
Phase 3 (Product):
- Team invite flow: tenant_invites table, POST /invite, GET /invites, DELETE /invites/:id
- Signup accepts optional invite_token to join existing tenant
- Async webhook ingestion (P3): LPUSH to Redis, BRPOP worker, dead-letter queue
Console:
- All 5 product modules wired: drift, alert, portal, cost, run
- PageHeader accepts children prop
- 71 modules, 70KB gzipped production build
All 6 projects compile clean (tsc --noEmit).
79 lines
2.1 KiB
Bash
Executable File
79 lines
2.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# dd0c CI Build & Push to Local Registry
|
|
# Builds Docker images for all Node services and pushes to reg.dd0c.net
|
|
#
|
|
# Usage:
|
|
# ./build-push.sh # Build all services
|
|
# ./build-push.sh drift alert # Build specific services
|
|
|
|
set -euo pipefail
|
|
|
|
REGISTRY="${REGISTRY:-reg.dd0c.net}"
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
NC='\033[0m'
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
|
|
|
declare -A CONTEXTS=(
|
|
["dd0c-drift"]="02-iac-drift-detection/saas"
|
|
["dd0c-alert"]="03-alert-intelligence"
|
|
["dd0c-portal"]="04-lightweight-idp"
|
|
["dd0c-cost"]="05-aws-cost-anomaly"
|
|
["dd0c-run"]="06-runbook-automation/saas"
|
|
)
|
|
|
|
# If args provided, filter to those services
|
|
if [ $# -gt 0 ]; then
|
|
TARGETS=()
|
|
for arg in "$@"; do
|
|
key="dd0c-${arg}"
|
|
if [ -n "${CONTEXTS[$key]+x}" ]; then
|
|
TARGETS+=("$key")
|
|
else
|
|
echo -e "${RED}Unknown service: $arg${NC}" >&2
|
|
echo "Available: drift alert portal cost run" >&2
|
|
exit 1
|
|
fi
|
|
done
|
|
else
|
|
TARGETS=("dd0c-drift" "dd0c-alert" "dd0c-portal" "dd0c-cost" "dd0c-run")
|
|
fi
|
|
|
|
# Login to registry
|
|
echo "${REGISTRY_PASSWORD:-secret}" | docker login "$REGISTRY" --username dd0c --password-stdin 2>/dev/null || true
|
|
|
|
echo -e "${YELLOW}dd0c Build & Push — $(date -u '+%Y-%m-%d %H:%M UTC')${NC}"
|
|
echo -e "Registry: ${REGISTRY}\n"
|
|
|
|
FAILED=0
|
|
for img in "${TARGETS[@]}"; do
|
|
ctx="${CONTEXTS[$img]}"
|
|
tag="${REGISTRY}/${img}:latest"
|
|
|
|
echo -e "${YELLOW}▸ Building ${img}${NC}"
|
|
if docker build -t "$tag" --build-arg BUILD_SHA=$(git rev-parse --short HEAD) --build-arg BUILD_TIME=$(date -u +%Y%m%dT%H%M%S) "$SCRIPT_DIR/$ctx" --no-cache; then
|
|
echo -e "${YELLOW} Pushing ${tag}${NC}"
|
|
if docker push "$tag"; then
|
|
echo -e " ${GREEN}✓${NC} ${img}"
|
|
else
|
|
echo -e " ${RED}✗${NC} Push failed: ${img}"
|
|
((FAILED++)) || true
|
|
fi
|
|
else
|
|
echo -e " ${RED}✗${NC} Build failed: ${img}"
|
|
((FAILED++)) || true
|
|
fi
|
|
echo ""
|
|
done
|
|
|
|
if [ "$FAILED" -eq 0 ]; then
|
|
echo -e "${GREEN}All images built and pushed.${NC}"
|
|
echo -e "Deploy: ${YELLOW}docker compose pull && docker compose up -d${NC}"
|
|
else
|
|
echo -e "${RED}${FAILED} service(s) failed.${NC}"
|
|
exit 1
|
|
fi
|