ROOH/openclaw-mattermost
1
0
Fork 1
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

policies: add standard docs policy files #1

Open
sol wants to merge 1 commits from sol/openclaw-mattermost:policies/add-standard-files into main
pull from: sol/openclaw-mattermost:policies/add-standard-files
merge into: ROOH:main
Conversation 0 Commits 1 Files Changed 9 +159 -13
9 changed files with 159 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit a766419277 - Show all commits

9
.editorconfig Normal file
View File

@ -0,0 +1,9 @@
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
node_modules/

3
.prettierignore Normal file
View File

@ -0,0 +1,3 @@
node_modules/
*.sh
package-lock.json

6
.prettierrc Normal file
View File

@ -0,0 +1,6 @@
{
"singleQuote": true,
"trailingComma": "all",
"printWidth": 100,
"tabWidth": 2
}

17
Makefile Normal file
View File

@ -0,0 +1,17 @@
export NODE_ENV := development
.PHONY: check install fmt fmt-check secret-scan
check: install fmt-check secret-scan
install:
npm install
fmt:
npx prettier --write .
fmt-check:
npx prettier --check .
secret-scan:
bash tools/secret-scan.sh .

27
README.md
View File

@ -12,13 +12,13 @@ One-command deployment of **Mattermost Team Edition** on Ubuntu/Debian, pre-conf
## Prerequisites ## Prerequisites
| Requirement | Details | | Requirement | Details |
|---|---| | ----------- | ------------------------------------------------- |
| **OS** | Ubuntu 20.04+ / Debian 11+ | | **OS** | Ubuntu 20.04+ / Debian 11+ |
| **Access** | Root (sudo) | | **Access** | Root (sudo) |
| **Ports** | 80 and 443 open to the internet | | **Ports** | 80 and 443 open to the internet |
| **DNS** | A record pointing your domain to this server's IP | | **DNS** | A record pointing your domain to this server's IP |
| **RAM** | 2 GB minimum (4 GB recommended) | | **RAM** | 2 GB minimum (4 GB recommended) |
## Quick Start ## Quick Start
@ -32,6 +32,7 @@ sudo bash install.sh
``` ```
The wizard will ask you for: The wizard will ask you for:
1. **Domain name** (e.g. `chat.example.com`) 1. **Domain name** (e.g. `chat.example.com`)
2. **Email** (for Let's Encrypt SSL) 2. **Email** (for Let's Encrypt SSL)
3. **Port** (default: 8000) 3. **Port** (default: 8000)
@ -81,12 +82,12 @@ docker compose ps
## Troubleshooting ## Troubleshooting
| Issue | Fix | | Issue | Fix |
|---|---| | --------------------- | ---------------------------------------------------------------------- |
| SSL cert failed | Verify DNS A record points to this server; check ports 80/443 are open | | SSL cert failed | Verify DNS A record points to this server; check ports 80/443 are open |
| Container won't start | Check logs: `docker compose logs mattermost` | | Container won't start | Check logs: `docker compose logs mattermost` |
| 502 Bad Gateway | Container may still be booting — wait 30s and refresh | | 502 Bad Gateway | Container may still be booting — wait 30s and refresh |
| Permission denied | Run installer with `sudo` | | Permission denied | Run installer with `sudo` |
## License ## License

31
package-lock.json generated Normal file
View File

@ -0,0 +1,31 @@
{
"name": "openclaw-mattermost",
"version": "1.0.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "openclaw-mattermost",
"version": "1.0.0",
"devDependencies": {
"prettier": "^3.2.0"
}
},
"node_modules/prettier": {
"version": "3.8.1",
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.1.tgz",
"integrity": "sha512-UOnG6LftzbdaHZcKoPFtOcCKztrQ57WkHDeRD9t/PTQtmT0NHSeWWepj6pS0z/N7+08BHFDQVUrfmfMRcZwbMg==",
"dev": true,
"license": "MIT",
"bin": {
"prettier": "bin/prettier.cjs"
},
"engines": {
"node": ">=14"
},
"funding": {
"url": "https://github.com/prettier/prettier?sponsor=1"
}
}
}
}

9
package.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "openclaw-mattermost",
"version": "1.0.0",
"private": true,
"description": "OpenClaw Mattermost Integration",
"devDependencies": {
"prettier": "^3.2.0"
}
}

69
tools/secret-scan.sh Executable file
View File

@ -0,0 +1,69 @@
#!/usr/bin/env bash
# secret-scan.sh — Scans for private keys and high-entropy secrets
# Usage: bash tools/secret-scan.sh [directory]
# Uses .secret-scan-allowlist for false positives (one file path per line)
set -e
SCAN_DIR="${1:-.}"
ALLOWLIST=".secret-scan-allowlist"
FINDINGS=0
# Build find exclusions
EXCLUDES=(-not -path "*/node_modules/*" -not -path "*/.git/*" -not -path "*/coverage/*" -not -path "*/dist/*")
# Load allowlist
ALLOWLIST_PATHS=()
if [ -f "$ALLOWLIST" ]; then
while IFS= read -r line || [ -n "$line" ]; do
[[ "$line" =~ ^#.*$ || -z "$line" ]] && continue
ALLOWLIST_PATHS+=("$line")
done < "$ALLOWLIST"
fi
is_allowed() {
local file="$1"
for allowed in "${ALLOWLIST_PATHS[@]}"; do
if [[ "$file" == *"$allowed"* ]]; then
return 0
fi
done
return 1
}
echo "Scanning $SCAN_DIR for secrets..."
# Scan for private keys
while IFS= read -r file; do
[ -f "$file" ] || continue
is_allowed "$file" && continue
if grep -qE '-----BEGIN (RSA |EC |OPENSSH |DSA )?PRIVATE KEY-----' "$file" 2>/dev/null; then
echo "FINDING [private-key]: $file"
FINDINGS=$((FINDINGS + 1))
fi
done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f)
# Scan for high-entropy hex strings (40+ chars)
while IFS= read -r file; do
[ -f "$file" ] || continue
is_allowed "$file" && continue
if grep -qE '[0-9a-f]{40,}' "$file" 2>/dev/null; then
# Filter out common false positives (git SHAs in lock files, etc.)
BASENAME=$(basename "$file")
if [[ "$BASENAME" != "package-lock.json" && "$BASENAME" != "*.lock" ]]; then
MATCHES=$(grep -oE '[0-9a-f]{40,}' "$file" 2>/dev/null || true)
if [ -n "$MATCHES" ]; then
echo "FINDING [high-entropy-hex]: $file"
FINDINGS=$((FINDINGS + 1))
fi
fi
fi
done < <(find "$SCAN_DIR" "${EXCLUDES[@]}" -type f -not -name "package-lock.json" -not -name "*.lock")
if [ "$FINDINGS" -gt 0 ]; then
echo "secret-scan: $FINDINGS finding(s) — FAIL"
exit 1
else
echo "secret-scan: clean — PASS"
exit 0
fi