#5 Gateway Trust Model: - Removed inventory /test endpoint - Updated docs/trust-model.md with accurate description: - Per-user services (trips, fitness) vs gateway-key services clearly separated - Known limitations documented (no per-user isolation on shared services) - No false claims about per-user auth where it doesn't exist #8 Dependency Security: - Workflow reviewed and confirmed sane - Added .gitea/README.md documenting runner requirement - Status: repo-side complete, operationally blocked on runner setup #9 Performance Hardening: - Budget /transactions/recent: 30s cache (1.1s→41ms on repeat) - Budget /uncategorized-count: 2min cache (1.3s→42ms on repeat) - Both endpoints document Actual Budget per-account API constraint - Budget buildLookups: 2min cache (already in place) - All inventory full scans already eliminated (prior commit)
This commit is contained in:
Yusuf Suleman
21
.gitea/README.md
Normal file
21
.gitea/README.md
Normal file
@@ -0,0 +1,21 @@
|
||||
# Gitea CI Workflows
|
||||
|
||||
## security.yml
|
||||
|
||||
Runs on push/PR to `master`. Three jobs:
|
||||
|
||||
1. **dependency-audit** — `npm audit --audit-level=high` for budget and frontend
|
||||
2. **secret-scanning** — checks for tracked .env/.db files and hardcoded secret patterns
|
||||
3. **dockerfile-lint** — verifies all Dockerfiles have `USER` (non-root) and `HEALTHCHECK`
|
||||
|
||||
## Prerequisites
|
||||
|
||||
These workflows require a **Gitea Actions runner** to be configured.
|
||||
Without a runner, the workflows are committed but will not execute.
|
||||
|
||||
To set up a runner:
|
||||
1. Go to Gitea → Site Administration → Runners
|
||||
2. Register a runner (Docker-based or shell-based)
|
||||
3. The workflows will automatically execute on the next push
|
||||
|
||||
See: https://docs.gitea.com/usage/actions/overview
|
||||
Reference in New Issue
Block a user