fix: configure npm registry mirror (npmmirror) in CI workflows
Deploy Dashboard (Dev) / Backend Tests (push) Successful in 20m13s
Deploy Dashboard (Dev) / Frontend Tests (push) Successful in 52s
Run Tests / Secret Detection (pull_request) Successful in 2m42s
Run Tests / Backend Tests (pull_request) Successful in 35m32s
Run Tests / Frontend Tests (pull_request) Failing after 47s
Deploy Dashboard (Dev) / Deploy to Dev (push) Failing after 3s
Deploy Dashboard (Dev) / Backend Tests (push) Successful in 20m13s
Deploy Dashboard (Dev) / Frontend Tests (push) Successful in 52s
Run Tests / Secret Detection (pull_request) Successful in 2m42s
Run Tests / Backend Tests (pull_request) Successful in 35m32s
Run Tests / Frontend Tests (pull_request) Failing after 47s
Deploy Dashboard (Dev) / Deploy to Dev (push) Failing after 3s
CI runner can't reach npmjs.org through GFW. Use npmmirror.com mirror for npm package installs, same pattern as pip uses Tsinghua mirror for backend deps.
This commit is contained in:
@@ -0,0 +1,65 @@
|
||||
# Gitleaks configuration for NAS Tools
|
||||
# Whitelist rules for known-safe patterns in tests, docs, and CI configs
|
||||
|
||||
[allowlist]
|
||||
description = "Known safe patterns in test fixtures and CI configuration"
|
||||
|
||||
# Test secrets / example values used in CI and conftest
|
||||
[[allowlist.rules]]
|
||||
id = "generic-api-key"
|
||||
description = "Test SECRET_KEY in CI env and conftest"
|
||||
regexes = [
|
||||
'''test-secret-key-for-ci-environment''',
|
||||
'''test-secret-key-for-testing''',
|
||||
'''os\.environ\.setdefault\(["']SECRET_KEY''',
|
||||
'''SECRET_KEY: \$\{SECRET_KEY\}''',
|
||||
'''SECRET_KEY=\$\{SECRET_KEY\}''',
|
||||
]
|
||||
|
||||
# Telegram test tokens (empty or placeholder)
|
||||
[[allowlist.rules]]
|
||||
id = "telegram-bot-token"
|
||||
description = "Placeholder Telegram tokens in CI config"
|
||||
regexes = [
|
||||
'''TELEGRAM_BOT_TOKEN:-''',
|
||||
'''TELEGRAM_BOT_TOKEN=\$\{TELEGRAM_BOT_TOKEN''',
|
||||
]
|
||||
|
||||
# Transmission test creds
|
||||
[[allowlist.rules]]
|
||||
id = "transmission-credentials"
|
||||
description = "Test Transmission credentials in conftest"
|
||||
regexes = [
|
||||
'''TRANSMISSION_USER.*test-tx''',
|
||||
'''TRANSMISSION_PASS.*test-tx''',
|
||||
]
|
||||
|
||||
# SMTP test config
|
||||
[[allowlist.rules]]
|
||||
id = "smtp-credentials"
|
||||
description = "SMTP env var references (not actual secrets)"
|
||||
regexes = [
|
||||
'''SMTP_USER\s*=\s*os\.getenv''',
|
||||
'''SMTP_PASSWORD\s*=\s*os\.getenv''',
|
||||
'''SMTP_TO\s*=\s*os\.getenv''',
|
||||
]
|
||||
|
||||
# Gitea token env var references
|
||||
[[allowlist.rules]]
|
||||
id = "gitea-token"
|
||||
description = "Gitea token env var references"
|
||||
regexes = [
|
||||
'''GITEA_TOKEN\s*=\s*os\.getenv''',
|
||||
'''GITEA_TOKEN=\$\{GITEA_TOKEN\}''',
|
||||
'''GITEA_TOKEN: \$\{GITEA_TOKEN\}''',
|
||||
]
|
||||
|
||||
# Admin password hash env var reference
|
||||
[[allowlist.rules]]
|
||||
id = "admin-password-hash"
|
||||
description = "Admin password hash env var references"
|
||||
regexes = [
|
||||
'''ADMIN_PASSWORD_HASH\s*=\s*os\.getenv''',
|
||||
'''ADMIN_PASSWORD_HASH=\$\{ADMIN_PASSWORD_HASH\}''',
|
||||
'''ADMIN_PASSWORD_HASH: \$\{ADMIN_PASSWORD_HASH\}''',
|
||||
]
|
||||
Reference in New Issue
Block a user