Merge pull request 'fix: npm mirror + gitleaks resilience + Node version' (#63) from dev into main
Deploy Dashboard (Main) / Backend Tests (push) Successful in 10m36s
Deploy Dashboard (Main) / Frontend Tests (push) Failing after 6m27s
Deploy Dashboard (Main) / Deploy to Production (push) Has been skipped

This commit was merged in pull request #63.
This commit is contained in:
2026-05-07 00:05:01 +08:00
6 changed files with 96 additions and 4 deletions
+1
View File
@@ -122,6 +122,7 @@ jobs:
NODE_OPTIONS: "--max-old-space-size=2048" NODE_OPTIONS: "--max-old-space-size=2048"
run: | run: |
cd dashboard/frontend cd dashboard/frontend
npm config set registry https://registry.npmmirror.com || true
if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then
echo "Restoring from cache $CACHE_KEY..." echo "Restoring from cache $CACHE_KEY..."
if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then
+1
View File
@@ -127,6 +127,7 @@ jobs:
NODE_OPTIONS: "--max-old-space-size=2048" NODE_OPTIONS: "--max-old-space-size=2048"
run: | run: |
cd dashboard/frontend cd dashboard/frontend
npm config set registry https://registry.npmmirror.com || true
if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then
echo "Restoring from cache $CACHE_KEY..." echo "Restoring from cache $CACHE_KEY..."
if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then
+2
View File
@@ -164,6 +164,8 @@ jobs:
NODE_OPTIONS: "--max-old-space-size=2048" NODE_OPTIONS: "--max-old-space-size=2048"
run: | run: |
cd dashboard/frontend cd dashboard/frontend
# Use npmmirror for China accessibility
npm config set registry https://registry.npmmirror.com || true
if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then if [ "${{ steps.cache-node.outputs.cache-hit }}" = "true" ]; then
echo "Restoring from cache $CACHE_KEY..." echo "Restoring from cache $CACHE_KEY..."
if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then if cp -a $CACHE_DIR/node_modules . && [ -d node_modules ]; then
+23
View File
@@ -8,3 +8,26 @@ dashboard/ssh/
.claude/ .claude/
.codex/ .codex/
security_artifacts/ security_artifacts/
# OS
.DS_Store
Thumbs.db
# Python
*.pyc
*.pyo
venv/
.venv/
*.egg-info/
# IDE
.vscode/
.idea/
# Logs
*.log
# Environment
.env.local
.env.production
dashboard/backend/.vite/
+65
View File
@@ -0,0 +1,65 @@
# Gitleaks configuration for NAS Tools
# Whitelist rules for known-safe patterns in tests, docs, and CI configs
[allowlist]
description = "Known safe patterns in test fixtures and CI configuration"
# Test secrets / example values used in CI and conftest
[[allowlist.rules]]
id = "generic-api-key"
description = "Test SECRET_KEY in CI env and conftest"
regexes = [
'''test-secret-key-for-ci-environment''',
'''test-secret-key-for-testing''',
'''os\.environ\.setdefault\(["']SECRET_KEY''',
'''SECRET_KEY: \$\{SECRET_KEY\}''',
'''SECRET_KEY=\$\{SECRET_KEY\}''',
]
# Telegram test tokens (empty or placeholder)
[[allowlist.rules]]
id = "telegram-bot-token"
description = "Placeholder Telegram tokens in CI config"
regexes = [
'''TELEGRAM_BOT_TOKEN:-''',
'''TELEGRAM_BOT_TOKEN=\$\{TELEGRAM_BOT_TOKEN''',
]
# Transmission test creds
[[allowlist.rules]]
id = "transmission-credentials"
description = "Test Transmission credentials in conftest"
regexes = [
'''TRANSMISSION_USER.*test-tx''',
'''TRANSMISSION_PASS.*test-tx''',
]
# SMTP test config
[[allowlist.rules]]
id = "smtp-credentials"
description = "SMTP env var references (not actual secrets)"
regexes = [
'''SMTP_USER\s*=\s*os\.getenv''',
'''SMTP_PASSWORD\s*=\s*os\.getenv''',
'''SMTP_TO\s*=\s*os\.getenv''',
]
# Gitea token env var references
[[allowlist.rules]]
id = "gitea-token"
description = "Gitea token env var references"
regexes = [
'''GITEA_TOKEN\s*=\s*os\.getenv''',
'''GITEA_TOKEN=\$\{GITEA_TOKEN\}''',
'''GITEA_TOKEN: \$\{GITEA_TOKEN\}''',
]
# Admin password hash env var reference
[[allowlist.rules]]
id = "admin-password-hash"
description = "Admin password hash env var references"
regexes = [
'''ADMIN_PASSWORD_HASH\s*=\s*os\.getenv''',
'''ADMIN_PASSWORD_HASH=\$\{ADMIN_PASSWORD_HASH\}''',
'''ADMIN_PASSWORD_HASH: \$\{ADMIN_PASSWORD_HASH\}''',
]
+4 -4
View File
@@ -14,7 +14,7 @@
- **Verify by:** Push a trivial change to `dev` → workflow runs on `nas` runner → deploy succeeds → `curl http://nas:4001/api/health` returns 200 - **Verify by:** Push a trivial change to `dev` → workflow runs on `nas` runner → deploy succeeds → `curl http://nas:4001/api/health` returns 200
- **Risk:** None — this is the same runner used by `deploy.yml` and `deploy-claude-dev-dev.yml`. - **Risk:** None — this is the same runner used by `deploy.yml` and `deploy-claude-dev-dev.yml`.
- [ ] S01.1 — Fix dev deploy runner label - [x] S01.1 — Fix dev deploy runner label
## S01.2 — Add test gate to dev deploy ## S01.2 — Add test gate to dev deploy
@@ -27,7 +27,7 @@
3. Workflow summary in Gitea UI shows test→deploy dependency clearly 3. Workflow summary in Gitea UI shows test→deploy dependency clearly
- **Risk:** Adds 2-3 minutes to dev deploy cycle. Acceptable trade-off for safety. - **Risk:** Adds 2-3 minutes to dev deploy cycle. Acceptable trade-off for safety.
- [ ] S01.2 — Add test gate to dev deploy - [x] S01.2 — Add test gate to dev deploy
## S01.3 — Add error handling to Docker.svelte ## S01.3 — Add error handling to Docker.svelte
@@ -40,7 +40,7 @@
3. During normal operation → no regression (page works as before) 3. During normal operation → no regression (page works as before)
- **Risk:** Low. Add `let error = $state("")` and an `{#if error}` block in the template. Keep existing `loading` state. - **Risk:** Low. Add `let error = $state("")` and an `{#if error}` block in the template. Keep existing `loading` state.
- [ ] S01.3 — Add error handling to Docker.svelte - [x] S01.3 — Add error handling to Docker.svelte
## S01.4 — Fix cpu_percent always returning 0 ## S01.4 — Fix cpu_percent always returning 0
@@ -54,7 +54,7 @@
4. Stop stress → next call shows lower value 4. Stop stress → next call shows lower value
- **Risk:** `psutil.cpu_percent(interval=0.1)` blocks the request for 100ms. This is acceptable for a system stats endpoint. Alternative: call `cpu_percent()` once at startup (in lifespan) to prime the counter, then use `interval=0` in the endpoint. - **Risk:** `psutil.cpu_percent(interval=0.1)` blocks the request for 100ms. This is acceptable for a system stats endpoint. Alternative: call `cpu_percent()` once at startup (in lifespan) to prime the counter, then use `interval=0` in the endpoint.
- [ ] S01.4 — Fix cpu_percent always returning 0 - [x] S01.4 — Fix cpu_percent always returning 0
## S01.5 — Verify production docker-socket-proxy ## S01.5 — Verify production docker-socket-proxy