alexei.dolgolyov/tiny-forge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
19 Commits 3 Branches 0 Tags
f0b52c6ab790415a8e6f84ebec9f68b0c9085be0
Commit Graph

7 Commits

Author SHA1 Message Date
alexei.dolgolyov 1f81ca9eb0 fix(docker-watcher): address final review findings 
Security:
- Move config export behind auth middleware
- Validate OIDC callback token before storing in localStorage
- Use constant-time comparison for webhook secret
- Encrypt OIDC client secret at rest (like registry tokens)

Performance:
- Make TriggerDeploy async from HTTP handlers (return deploy ID
  immediately, run pipeline in background goroutine)

Robustness:
- Wrap api.ts res.json() in try/catch for non-JSON responses

i18n:
- Replace ~20 hardcoded English validation messages with $t() calls
- Localize ConfirmDialog cancel button, InstanceCard confirm titles,
  ProjectCard instance/instances pluralization
- Add validation keys to both en.json and ru.json
 2026-03-28 00:14:53 +03:00
alexei.dolgolyov d4659146fc feat(docker-watcher): phase 13 - volumes & environment 
Per-stage env var overrides with encryption for secrets.
Volume mounts with shared/isolated modes (isolated appends
/{stage}-{tag}/ to source path). Store CRUD, API endpoints,
and frontend editors for both. Env merge during deploy.
 2026-03-27 23:28:59 +03:00
alexei.dolgolyov 32de5b26a8 feat(docker-watcher): phase 12 - hardening 
Blue-green zero-downtime deploys, promote flow validation.
Dual auth: local (bcrypt + JWT) and OAuth2/OIDC (any provider).
Auth middleware, login page, auth settings UI.
Structured logging (slog JSON), config export to YAML.
Graceful shutdown with deploy draining.
Multi-stage Dockerfile and production docker-compose.yml.
Swap phase order: Volumes & Env before UI Polish.
 2026-03-27 23:20:56 +03:00
alexei.dolgolyov 5558396bb7 feat(docker-watcher): phase 11 - frontend embed & SSE 
Embed SvelteKit static build in Go binary via go:embed. Event bus
for pub/sub with deploy log, instance status, and deploy status events.
SSE endpoints for real-time streaming. Frontend SSE client with
exponential backoff reconnection. Makefile for build pipeline.
Update Phase 12 auth plan with OAuth2/OIDC support.
 2026-03-27 22:30:25 +03:00
alexei.dolgolyov 757c72eea1 fix(docker-watcher): phase 8 security fixes 
Remove webhook secret from logs and API response.
Add auth-pending note to router. Fix decrypt fallback that
would use ciphertext as auth token on decrypt failure.
 2026-03-27 22:10:00 +03:00
alexei.dolgolyov 97d4243cfe feat(docker-watcher): phase 8 - REST API layer 
All REST endpoints wired with chi router: projects, stages, instances,
deploys, registries, settings, quick deploy, webhook. Full main.go
wiring with graceful shutdown. Consistent JSON envelope responses.
Sensitive fields stripped from API responses.
 2026-03-27 22:06:57 +03:00
alexei.dolgolyov bbcc4f55f0 feat(docker-watcher): phase 7 - deployer & health checker 
Deploy orchestrator with full pipeline: pull → create container →
start → network → NPM proxy → health check. Rollback on failure,
multi-instance support, max_instances enforcement, webhook notifications.
Fix NPM auth in rollback and error logging in removeInstance.
 2026-03-27 22:02:09 +03:00