sciagent code + Gitea Actions CI/CD
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Executable
+43
@@ -0,0 +1,43 @@
|
||||
#!/usr/bin/env bash
|
||||
# Smoke-test verify-prod-env.sh rejects insecure values.
|
||||
set -euo pipefail
|
||||
|
||||
ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
|
||||
TMP="$(mktemp)"
|
||||
trap 'rm -f "$TMP"' EXIT
|
||||
|
||||
cat >"$TMP" <<'EOF'
|
||||
PUBLIC_HOST=example.com
|
||||
FE_PORT=8081
|
||||
MINIO_API_PORT=19000
|
||||
MINIO_CONSOLE_PORT=19001
|
||||
MINIO_ROOT_USER=minio_user
|
||||
MINIO_ROOT_PASSWORD=long_random_minio_secret_value
|
||||
POSTGRES_USER=initiative
|
||||
POSTGRES_PASSWORD=long_random_postgres_secret
|
||||
POSTGRES_DB=initiatives
|
||||
JWT_SECRET=short
|
||||
MINIO_API_CORS_ALLOW_ORIGIN=*
|
||||
EOF
|
||||
|
||||
if ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null 2>&1; then
|
||||
echo "FAIL: verify-prod-env.sh should reject short JWT_SECRET and CORS *" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cat >"$TMP" <<'EOF'
|
||||
PUBLIC_HOST=example.com
|
||||
FE_PORT=8081
|
||||
MINIO_API_PORT=19000
|
||||
MINIO_CONSOLE_PORT=19001
|
||||
MINIO_ROOT_USER=minio_user
|
||||
MINIO_ROOT_PASSWORD=long_random_minio_secret_value
|
||||
POSTGRES_USER=initiative
|
||||
POSTGRES_PASSWORD=long_random_postgres_secret
|
||||
POSTGRES_DB=initiatives
|
||||
JWT_SECRET=this-is-a-valid-production-jwt-secret-32chars-min
|
||||
MINIO_API_CORS_ALLOW_ORIGIN=https://example.com
|
||||
EOF
|
||||
|
||||
ENV_FILE="$TMP" "$ROOT/scripts/verify-prod-env.sh" >/dev/null
|
||||
echo "OK — verify-prod-env.sh accepts secure sample .env"
|
||||
Reference in New Issue
Block a user