mirror of
https://github.com/azaion/ui.git
synced 2026-06-21 10:21:11 +00:00
Oleksandr Bezdieniezhnykh
f7dd6c98d8
ci/woodpecker/push/build-arm Pipeline failed
Security audit (5 phases) → reports under _docs/05_security/. AZ-501 (F-SAST-1, HIGH): Externalize hardcoded Google Geocode key from mission-planner/src/config.ts to VITE_GOOGLE_GEOCODE_KEY via new GeocodeService.ts; fail-soft warn when unset; STC-SEC1D static deny-list gate; +5 unit tests in tests/mission_planner_geocode.test.ts. AZ-502 (F-DEP-1, HIGH): Force vite>=6.4.2 and postcss>=8.5.10 via package.json overrides in both roots; clean reinstall clears all bun audit advisories. Test-spec sync (Step 12) + Update Docs (Step 13) deltas: AC-43, AC-44, NFT-SEC-09b, FT-P-61, FT-N-17, ripple log, batch_12 report. Pending user actions: revoke Google + OWM keys (AC-6 / AZ-499 AC-7). 229 PASS / 13 SKIP / 0 FAIL on static + fast suites. Co-authored-by: Cursor <cursoragent@cursor.com>
34 lines
1.9 KiB
Bash
34 lines
1.9 KiB
Bash
# mission-planner — Vite build-time environment variables.
|
|
#
|
|
# Copy to `.env.local` (gitignored) for local dev. CI / Docker pass the same
|
|
# variables through the build environment. Mirrors the main SPA's `.env.example`
|
|
# style so devs can keep both roots in sync.
|
|
#
|
|
# Every variable is OPTIONAL. When unset, the app falls back to:
|
|
# - VITE_OWM_API_KEY : undefined → getWeatherData returns null (no fetch)
|
|
# - VITE_OWM_BASE_URL : https://api.openweathermap.org/data/2.5
|
|
# - VITE_SATELLITE_TILE_URL : Esri ArcGIS World Imagery (legacy default; will
|
|
# be migrated in a future cycle to mirror AZ-498)
|
|
# - VITE_GOOGLE_GEOCODE_KEY : undefined → geocodeAddress logs a warn and
|
|
# returns null (LeftBoard's address box becomes
|
|
# a no-op for non-coordinate inputs)
|
|
|
|
# OpenWeatherMap API key. Required for the wind-effect overlay. Leave unset for
|
|
# CI / dry runs — `getWeatherData` returns `null` and the overlay hides itself.
|
|
VITE_OWM_API_KEY=<your-openweathermap-api-key>
|
|
|
|
# OpenWeatherMap REST base URL. Default targets the public endpoint; tests or
|
|
# alt deployments may override.
|
|
# Example for the suite e2e profile: http://owm-stub:8081/data/2.5
|
|
VITE_OWM_BASE_URL=
|
|
|
|
# Satellite tile URL template. Independent of the main SPA's same-named var
|
|
# (different vite root). Today defaults to Esri; AZ-498's swap to the suite's
|
|
# own satellite-provider only covers the main SPA.
|
|
VITE_SATELLITE_TILE_URL=https://server.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer/tile/{z}/{y}/{x}
|
|
|
|
# Google Geocode API key. Required by LeftBoard's address-search box (AZ-501).
|
|
# Leave unset for CI / dry runs — `geocodeAddress` returns `null` and logs a
|
|
# single warning. Coordinate-form input ("lat, lng") still works without a key.
|
|
VITE_GOOGLE_GEOCODE_KEY=<your-google-geocode-api-key>
|