azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-26 07:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ed780b0634eda3d8092f0c3e76cd865fde0fafb
satellite-provider/_docs/05_security/infrastructure_review_cycle9.md
T
Oleksandr Bezdieniezhnykh 7ed780b063
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-1074] [AZ-1075] Cycle 9 closeout: security, tests, metrics 
Resolve F-AZ1074-1/2 (collection caps, generic gRPC internal errors).
Standalone integration compose stack, docs, security audit, perf and retro.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-25 17:32:14 +03:00

1.3 KiB
Raw Blame History

Infrastructure & Configuration Review (Cycle 9)

Date: 2026-06-25 Mode: Delta scan Scope: Cycle-9 infrastructure changes only.

File Change Security relevance
docker-compose.tests.yml Rewritten as self-contained stack; no host port publishing for postgres/api Positive — avoids port conflicts; reduces accidental exposure of test DB/API to host network
scripts/run-tests.sh Integration runs use docker-compose.tests.yml only Aligns with above
SatelliteProvider.Api/Dockerfile Added GrpcContracts csproj COPY Build-order only; no new secrets
SatelliteProvider.IntegrationTests/Dockerfile linux/amd64 platform; aspnet:10.0 runtime for Grpc.AspNetCore Protoc/build stability; no new exposed ports
docker-compose.yml (dev) Unchanged Host ports 5433/18980 still published for local dev — pre-existing
CI/CD, .env, appsettings.* Unchanged

Container checks (carried forward)

Check Status
Non-root user in API image Still runs as root (pre-existing; not cycle-9 regression)
Secrets in build args None
Dev TLS cert gitignored ./certs/ — unchanged
JWT via env vars Unchanged

Verdict

PASS (cycle-9 delta) — test harness change improves isolation; no new misconfiguration.

Reference in New Issue View Git Blame Copy Permalink