sneak/upaas
1
0
Fork 0
Code Issues 14 Pull Requests 2 Actions Packages Projects Releases Wiki Activity
146 Commits 23 Branches 0 Tags 1.7 MiB
fix/1.0-audit-bugs
Commit Graph

8 Commits

Author SHA1 Message Date
user
478746c356 rebase: apply audit bug fixes on latest main 
Rebased fix/1.0-audit-bugs onto current main (post-merge of PRs #119, #127).

Changes:
- Custom domain types: docker.ImageID, docker.ContainerID, webhook.UnparsedURL
- Type-safe function signatures throughout docker/deploy/webhook packages
- Remove docker-compose.yml, test helper files
- README and Dockerfile updates
- Prettier-formatted JS files
 2026-02-23 11:56:09 -08:00
user
0ed2d02dfe fix: pin all external refs to cryptographic identity (closes #118)
All checks were successful
Check / check (pull_request) Successful in 11m41s
Details 
- Pin Docker base images to sha256 digests (golang, alpine)
- Pin go install commands to commit SHAs (not version tags)
  - golangci-lint: 5d1e709b7be35cb2025444e19de266b056b7b7ee (v2.10.1)
  - goimports: 009367f5c17a8d4c45a961a3a509277190a9a6f0 (v0.42.0)
- CI workflow was already correctly pinned to commit SHAs

All references now use cryptographic identity, eliminating RCE risk
from mutable tags.
 2026-02-21 00:50:44 -08:00
sneak
cc6dee9fd8 Install golangci-lint v2 in Docker build 2025-12-29 16:29:16 +07:00
sneak
3eb15839c8 Use Go 1.25 (latest stable release) 2025-12-29 16:23:57 +07:00
sneak
e59b3a0ee4 Update to Go 1.24 for golang.org/x/tools compatibility 2025-12-29 16:21:46 +07:00
sneak
219a561473 Use PORT instead of UPAAS_PORT for listen port 2025-12-29 16:15:05 +07:00
sneak
dce898bbdb Auto-generate and persist session secret on first startup 
- Generate random 32-byte session secret if not set via env var
- Persist to $UPAAS_DATA_DIR/session.key for container restarts
- Load existing secret from file on subsequent startups
- Change container data directory to /var/lib/upaas
 2025-12-29 16:12:30 +07:00
sneak
3f9d83c436 Initial commit with server startup infrastructure 
Core infrastructure:
- Uber fx dependency injection
- Chi router with middleware stack
- SQLite database with embedded migrations
- Embedded templates and static assets
- Structured logging with slog

Features implemented:
- Authentication (login, logout, session management, argon2id hashing)
- App management (create, edit, delete, list)
- Deployment pipeline (clone, build, deploy, health check)
- Webhook processing for Gitea
- Notifications (ntfy, Slack)
- Environment variables, labels, volumes per app
- SSH key generation for deploy keys

Server startup:
- Server.Run() starts HTTP server on configured port
- Server.Shutdown() for graceful shutdown
- SetupRoutes() wires all handlers with chi router
 2025-12-29 15:46:03 +07:00