TehRiehlDeal
a0d76bc958
frontend-ci / lint (push) Successful in 15s
frontend-ci / typecheck (push) Successful in 14s
frontend-ci / secrets-scan (push) Failing after 4s
frontend-ci / sast (push) Successful in 7s
frontend-ci / fs-scan (push) Failing after 1m27s
frontend-ci / image-scan (push) Has been cancelled
frontend-ci / push (push) Has been cancelled
frontend-ci / build (push) Has been cancelled
Runtime config (src/lib/config.ts, src/api/client.ts, src/lib/ws.ts, index.html, Dockerfile, nginx.conf, docker/): - New typed getConfig() helper reads window.__APP_CONFIG__ at runtime with import.meta.env.VITE_API_URL as a dev-only fallback. - index.html loads <script src="/config.js"> synchronously before the bundle. /config.js is rendered at container start via envsubst on docker/config.js.template, populated from the API_URL env var (docker/40-render-config.sh runs as part of the official nginx:alpine /docker-entrypoint.d sequence). - Dockerfile drops the VITE_API_URL build arg — one image works across all environments now. - nginx.conf adds Cache-Control: no-store on /config.js so browsers and CDNs don't pin stale config. Pipeline (.gitea/workflows/ci.yml): - lint, typecheck, gitleaks, semgrep, Trivy fs+image scans, buildx build with gha cache, Harbor push gated on `main` or v* tags - Image tags via metadata-action: :latest (main only), :sha-<full>, semver-derived :1.2.3 / :1.2 / :1 from v* tags - Secrets: HARBOR_HOST, MOVIELOOP_USERNAME, MOVIELOOP_PASSWORD Versioning (package.json, .versionrc.json): - Bumped to 1.0.0 baseline - Added commit-and-tag-version devDep + release scripts. Conventional Commits drive bumps; CHANGELOG hides chore/ci/etc. Scan configs: - .gitleaks.toml allows .env.example - .semgrepignore excludes node_modules/, dist/, coverage/, public/ - .trivyignore placeholder with format docs Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
35 lines
987 B
Nginx Configuration File
35 lines
987 B
Nginx Configuration File
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
server_name localhost;
|
|
root /usr/share/nginx/html;
|
|
index index.html;
|
|
|
|
# Security headers
|
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
|
add_header X-Content-Type-Options "nosniff" always;
|
|
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
|
|
|
|
# Gzip compression
|
|
gzip on;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript image/svg+xml;
|
|
gzip_min_length 1000;
|
|
|
|
# Cache static assets
|
|
location /assets/ {
|
|
expires 1y;
|
|
add_header Cache-Control "public, immutable";
|
|
}
|
|
|
|
# Runtime config — rendered fresh on each container start. Never cache.
|
|
location = /config.js {
|
|
add_header Cache-Control "no-store" always;
|
|
try_files /config.js =404;
|
|
}
|
|
|
|
# SPA fallback — serve index.html for all non-file routes
|
|
location / {
|
|
try_files $uri $uri/ /index.html;
|
|
}
|
|
}
|