mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-26 08:21:14 +00:00
Oleksandr Bezdieniezhnykh
7ed780b063
Resolve F-AZ1074-1/2 (collection caps, generic gRPC internal errors). Standalone integration compose stack, docs, security audit, perf and retro. Co-authored-by: Cursor <cursoragent@cursor.com>
28 lines
1.3 KiB
Markdown
28 lines
1.3 KiB
Markdown
# Infrastructure & Configuration Review (Cycle 9)
|
|
|
|
**Date**: 2026-06-25
|
|
**Mode**: Delta scan
|
|
**Scope**: Cycle-9 infrastructure changes only.
|
|
|
|
| File | Change | Security relevance |
|
|
|------|--------|-------------------|
|
|
| `docker-compose.tests.yml` | Rewritten as self-contained stack; **no host port publishing** for postgres/api | **Positive** — avoids port conflicts; reduces accidental exposure of test DB/API to host network |
|
|
| `scripts/run-tests.sh` | Integration runs use `docker-compose.tests.yml` only | Aligns with above |
|
|
| `SatelliteProvider.Api/Dockerfile` | Added `GrpcContracts` csproj COPY | Build-order only; no new secrets |
|
|
| `SatelliteProvider.IntegrationTests/Dockerfile` | `linux/amd64` platform; `aspnet:10.0` runtime for Grpc.AspNetCore | Protoc/build stability; no new exposed ports |
|
|
| `docker-compose.yml` (dev) | Unchanged | Host ports 5433/18980 still published for local dev — pre-existing |
|
|
| CI/CD, `.env`, `appsettings.*` | Unchanged | — |
|
|
|
|
## Container checks (carried forward)
|
|
|
|
| Check | Status |
|
|
|-------|--------|
|
|
| Non-root user in API image | Still runs as root (pre-existing; not cycle-9 regression) |
|
|
| Secrets in build args | None |
|
|
| Dev TLS cert gitignored | `./certs/` — unchanged |
|
|
| JWT via env vars | Unchanged |
|
|
|
|
## Verdict
|
|
|
|
**PASS** (cycle-9 delta) — test harness change improves isolation; no new misconfiguration.
|