sofarr/.dockerignore at main - sofarr - Gitea: Git with a cup of tea

Gandalf/sofarr

Files

Gronod c0dd93a1ab

Build and Push Docker Image / build (push) Successful in 59s

Details

CI / Security audit (push) Successful in 1m5s

Details

CI / Tests & coverage (push) Successful in 1m24s

Details

Docs Check / Markdown lint (push) Failing after 45s

Details

Docs Check / Mermaid diagram parse check (push) Successful in 1m27s

Details

CI / Security audit (pull_request) Successful in 51s

Details

CI / Tests & coverage (pull_request) Successful in 1m1s

Details

Docs Check / Markdown lint (pull_request) Failing after 39s

Details

Docs Check / Mermaid diagram parse check (pull_request) Successful in 1m12s

Details

feat: production hardening v1.2.0

Phase 1 - Licensing & Compliance:
- Add MIT LICENSE file
- Add copyright headers to server/index.js, poller.js, config.js,
  sanitizeError.js, and new loadSecrets.js

Phase 2 - Security Hardening:
- Add server/utils/loadSecrets.js: Docker secrets support via _FILE
  env var pattern (COOKIE_SECRET_FILE, EMBY_API_KEY_FILE, etc.)
- Add SSRF/URL validation in config.js: validates all configured
  service instance URLs for scheme and well-formedness at startup
- Add SIGTERM/SIGINT graceful shutdown: stops poller, drains HTTP
  connections, 10s force-exit fallback
- Warn at startup if COOKIE_SECRET is shorter than 32 characters
- Validate EMBY_URL scheme at startup
- Improve sanitizeError: redact host:port from axios error URLs
  while preserving path/query for other redaction patterns

Phase 3 - Config Robustness:
- Weak COOKIE_SECRET warning (< 32 chars)
- EMBY_URL validated via validateInstanceUrl on startup

Phase 4 - Docker & Deployment:
- .dockerignore: add tests/, coverage/, vitest.config.js,
  CHANGELOG.md, SECURITY.md, LICENSE, .markdownlint.json
- docker-compose.yaml: add commented Option B (Docker secrets
  _FILE pattern) alongside existing plain-env Option A

Phase 5 - Docs & Release Readiness:
- Add CHANGELOG.md with entries from v1.0.0 to v1.2.0
- Update SECURITY.md: supported versions table, fix Docker secrets
  note to reflect _FILE support now implemented
- Add public/.well-known/security.txt for responsible disclosure
- Bump version to 1.2.0

2026-05-17 19:40:07 +01:00

24 lines

241 B

Plaintext

Raw Permalink Blame History

 node_modules/
 .env
 .env.example
 .env.sample
 .git/
 .gitignore
 .DS_Store
 *.log
 **/*.log
 client/
 dist/
 build/
 coverage/
 tests/
 vitest.config.js
 .markdownlint.json
 README.md
 CHANGELOG.md
 SECURITY.md
 LICENSE
 .dockerignore
 Dockerfile
 .gitea/
 docs/