anubis-mirror

arian/anubis-mirror

Fork 0

mirror of https://github.com/TecharoHQ/anubis.git synced 2026-05-20 05:10:30 +00:00

Commit Graph

Author	SHA1	Message	Date
Xe Iaso	652cef7ffe	fix(docs/deploy): harden public docs deployment and pin images Add a pod-level security context to the nginx container in the public docs deployment (non-root uid 101, dropped capabilities, read-only root filesystem, RuntimeDefault seccomp) and rebind it to unprivileged port 8080 so it does not need CAP_NET_BIND_SERVICE. The nginx PID and proxy temp paths move under a tmpfs-backed emptyDir so the read-only root filesystem does not break startup. Replace the mutable :main tags on both containers with immutable sha256 digests and switch imagePullPolicy to IfNotPresent so each rollout references an auditable artifact instead of whatever happens to be tagged :main when the pod starts. The docs-deploy workflow now overlays the freshly built docs digest via `kustomize edit set image` so the manifest stays accurate without a manual edit on each push to main. The docs Dockerfile pins its node and nginx-micro base images to specific versions for the same reason. Ref: AWOO-011, AWOO-012 Assisted-by: Claude Opus 4.7 via Claude Code Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-05-18 22:41:12 -04:00
Xe Iaso	bf5d66222c	chore: set up commitlint, husky, and prettier (#1451 ) * chore: add prettier configuration Signed-off-by: Xe Iaso <me@xeiaso.net> * format: run prettier tree-wide Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(prettier): ignore intentionally ungrammatical files Signed-off-by: Xe Iaso <me@xeiaso.net> * ci: add PR title lint rule Signed-off-by: Xe Iaso <me@xeiaso.net> * ci: add DCO check Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: add commitlint and husky Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: add CONTRIBUTING guidelines Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: set SKIP_INTEGRATION in precommit tests Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: update spelling Signed-off-by: Xe Iaso <me@xeiaso.net> * ci(dco): remove reopened trigger Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: remove dead file Signed-off-by: Xe Iaso <me@xeiaso.net> * chore(prettier): don't format nginx includes Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2026-02-15 08:19:12 -05:00
Xe Iaso	c47347ff76	add docs site based on docusarus (#35 ) * add docs site based on docusarus Closes #2 Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: deploy to aeacus Signed-off-by: Xe Iaso <me@xeiaso.net> * ready for merge Signed-off-by: Xe Iaso <me@xeiaso.net> * docs: fix anubis port Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-03-20 15:06:58 -04:00

Author

SHA1

Message

Date

Xe Iaso

652cef7ffe

fix(docs/deploy): harden public docs deployment and pin images

Add a pod-level security context to the nginx container in the public
docs deployment (non-root uid 101, dropped capabilities, read-only
root filesystem, RuntimeDefault seccomp) and rebind it to unprivileged
port 8080 so it does not need CAP_NET_BIND_SERVICE. The nginx PID and
proxy temp paths move under a tmpfs-backed emptyDir so the read-only
root filesystem does not break startup.

Replace the mutable :main tags on both containers with immutable
sha256 digests and switch imagePullPolicy to IfNotPresent so each
rollout references an auditable artifact instead of whatever happens
to be tagged :main when the pod starts. The docs-deploy workflow now
overlays the freshly built docs digest via `kustomize edit set image`
so the manifest stays accurate without a manual edit on each push to
main. The docs Dockerfile pins its node and nginx-micro base images
to specific versions for the same reason.

Ref: AWOO-011, AWOO-012
Assisted-by: Claude Opus 4.7 via Claude Code
Signed-off-by: Xe Iaso <me@xeiaso.net>

2026-05-18 22:41:12 -04:00

Xe Iaso

bf5d66222c

chore: set up commitlint, husky, and prettier (#1451 )

* chore: add prettier configuration

Signed-off-by: Xe Iaso <me@xeiaso.net>

* format: run prettier tree-wide

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(prettier): ignore intentionally ungrammatical files

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: add PR title lint rule

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci: add DCO check

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: add commitlint and husky

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: add CONTRIBUTING guidelines

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: set SKIP_INTEGRATION in precommit tests

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: update spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ci(dco): remove reopened trigger

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: remove dead file

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore(prettier): don't format nginx includes

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>

2026-02-15 08:19:12 -05:00

Xe Iaso

c47347ff76

add docs site based on docusarus (#35 )

* add docs site based on docusarus

Closes #2

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: deploy to aeacus

Signed-off-by: Xe Iaso <me@xeiaso.net>

* ready for merge

Signed-off-by: Xe Iaso <me@xeiaso.net>

* docs: fix anubis port

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>

2025-03-20 15:06:58 -04:00

3 Commits