From 44430b5f4161c8ef370c89a8c6f504fe64f6793f Mon Sep 17 00:00:00 2001 From: cahaseler Date: Wed, 29 May 2024 07:12:55 -0400 Subject: [PATCH 1/3] fix: Use non-root user in docker file for security --- .gitignore | 6 ++++-- web/Dockerfile | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 0894207..6ab8749 100644 --- a/.gitignore +++ b/.gitignore @@ -61,5 +61,7 @@ src-tauri/target/ # Exclude web_static/app/(frontend) files. These are copied across from web/app/(frontend) during the ci build process. #You may want them in both places during local development, but we shouldn't duplicate in Github -web_static/app/(frontend)/* -web_static/public/* \ No newline at end of file +web_static/app/(frontend)/**/* +web_static/public/**/* +web_static/components/**/* +web_static/lib/**/* \ No newline at end of file diff --git a/web/Dockerfile b/web/Dockerfile index fa98ed9..9f8f52a 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -9,4 +9,7 @@ ENV NODE_ENV=production \ EXPOSE 3000 +# Use a non-root user for security +USER node + CMD ["node", "server.js"] From 9ad14d94d7c0fba3aa1c77c59bf151b86441215e Mon Sep 17 00:00:00 2001 From: cahaseler Date: Wed, 29 May 2024 07:22:46 -0400 Subject: [PATCH 2/3] fix(ci): prevent deployment workflows from running concurrently This avoids introducing issues when merging updated version numbers [no-ci] --- .github/workflows/on_main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/on_main.yml b/.github/workflows/on_main.yml index dae7250..c3accc9 100644 --- a/.github/workflows/on_main.yml +++ b/.github/workflows/on_main.yml @@ -8,6 +8,8 @@ on: jobs: build_and_release: + concurrency: + group: ${{ github.workflow }} runs-on: windows-latest permissions: contents: write From 7fbb7395268b98e32bf282f13bd0006d2da1bd34 Mon Sep 17 00:00:00 2001 From: cahaseler Date: Wed, 29 May 2024 07:41:17 -0400 Subject: [PATCH 3/3] chore(deps): Upgrade node version on webapp to v20 [no-ci] --- .github/workflows/on_main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on_main.yml b/.github/workflows/on_main.yml index c3accc9..af0b9ce 100644 --- a/.github/workflows/on_main.yml +++ b/.github/workflows/on_main.yml @@ -25,10 +25,10 @@ jobs: ref: main persist-credentials: false - - name: Install node 18 + - name: Install node 20 uses: actions/setup-node@v4 with: - node-version: 18 + node-version: 20 cache: yarn cache-dependency-path: yarn.lock