@factiii/stack 0.1.149 → 0.1.151
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -21
- package/README.md +441 -441
- package/bin/stack +290 -290
- package/dist/cli/dev-sync.js +16 -16
- package/dist/plugins/addons/auth/index.js +7 -7
- package/dist/plugins/addons/openclaw/scanfix/setup.d.ts.map +1 -1
- package/dist/plugins/addons/openclaw/scanfix/setup.js +69 -54
- package/dist/plugins/addons/openclaw/scanfix/setup.js.map +1 -1
- package/dist/plugins/addons/vercel/index.js +9 -9
- package/dist/plugins/addons/vercel/scanfix/config.js +10 -10
- package/dist/plugins/addons/vercel/scanfix/token.js +15 -15
- package/dist/plugins/approved.json +13 -13
- package/dist/plugins/pipelines/aws/index.js +12 -12
- package/dist/plugins/pipelines/aws/policies/bootstrap-policy.json +135 -135
- package/dist/plugins/pipelines/aws/prod.js +1 -1
- package/dist/plugins/pipelines/factiii/index.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/index.js +47 -1
- package/dist/plugins/pipelines/factiii/index.js.map +1 -1
- package/dist/plugins/pipelines/factiii/prod.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/prod.js +22 -17
- package/dist/plugins/pipelines/factiii/prod.js.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/domain.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/scanfix/domain.js +30 -2
- package/dist/plugins/pipelines/factiii/scanfix/domain.js.map +1 -1
- package/dist/plugins/pipelines/factiii/staging.d.ts.map +1 -1
- package/dist/plugins/pipelines/factiii/staging.js +24 -19
- package/dist/plugins/pipelines/factiii/staging.js.map +1 -1
- package/dist/plugins/pipelines/factiii/workflows/stack-ci.yml +75 -75
- package/dist/plugins/pipelines/factiii/workflows/stack-cicd-prod.yml +73 -73
- package/dist/plugins/servers/amazon-linux/index.js +16 -16
- package/dist/plugins/servers/mac/index.js +12 -12
- package/dist/plugins/servers/mac/staging.js +2 -2
- package/dist/plugins/servers/ubuntu/index.js +23 -23
- package/dist/plugins/servers/windows/index.js +15 -15
- package/dist/scanfix/fixes/certbot.d.ts.map +1 -1
- package/dist/scanfix/fixes/certbot.js +8 -0
- package/dist/scanfix/fixes/certbot.js.map +1 -1
- package/dist/scanfix/fixes/docker.d.ts.map +1 -1
- package/dist/scanfix/fixes/docker.js +19 -5
- package/dist/scanfix/fixes/docker.js.map +1 -1
- package/dist/scripts/generate-all.js +73 -73
- package/dist/utils/deployment-report.js +2 -2
- package/dist/utils/secret-prompts.js +34 -34
- package/dist/utils/template-generator.js +74 -74
- package/package.json +100 -100
|
@@ -99,16 +99,16 @@ class UbuntuPlugin {
|
|
|
99
99
|
return false;
|
|
100
100
|
}
|
|
101
101
|
static helpText = {
|
|
102
|
-
SSH: `
|
|
103
|
-
SSH private key for accessing the Ubuntu server.
|
|
104
|
-
|
|
105
|
-
Step 1: Generate a new SSH key pair (if needed):
|
|
106
|
-
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key
|
|
107
|
-
|
|
108
|
-
Step 2: Add PUBLIC key to server:
|
|
109
|
-
ssh-copy-id -i ~/.ssh/deploy_key.pub ubuntu@YOUR_HOST
|
|
110
|
-
|
|
111
|
-
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
102
|
+
SSH: `
|
|
103
|
+
SSH private key for accessing the Ubuntu server.
|
|
104
|
+
|
|
105
|
+
Step 1: Generate a new SSH key pair (if needed):
|
|
106
|
+
ssh-keygen -t ed25519 -C "deploy-key" -f ~/.ssh/deploy_key
|
|
107
|
+
|
|
108
|
+
Step 2: Add PUBLIC key to server:
|
|
109
|
+
ssh-copy-id -i ~/.ssh/deploy_key.pub ubuntu@YOUR_HOST
|
|
110
|
+
|
|
111
|
+
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
112
112
|
cat ~/.ssh/deploy_key`,
|
|
113
113
|
};
|
|
114
114
|
// ============================================================
|
|
@@ -155,25 +155,25 @@ class UbuntuPlugin {
|
|
|
155
155
|
* Get the command to install Docker on Ubuntu
|
|
156
156
|
*/
|
|
157
157
|
static getDockerInstallCommand() {
|
|
158
|
-
return `
|
|
159
|
-
sudo apt-get update && \
|
|
160
|
-
sudo apt-get install -y ca-certificates curl gnupg && \
|
|
161
|
-
sudo install -m 0755 -d /etc/apt/keyrings && \
|
|
162
|
-
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
|
|
163
|
-
sudo chmod a+r /etc/apt/keyrings/docker.gpg && \
|
|
164
|
-
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
|
|
165
|
-
sudo apt-get update && \
|
|
166
|
-
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
|
|
167
|
-
sudo usermod -aG docker $USER
|
|
158
|
+
return `
|
|
159
|
+
sudo apt-get update && \
|
|
160
|
+
sudo apt-get install -y ca-certificates curl gnupg && \
|
|
161
|
+
sudo install -m 0755 -d /etc/apt/keyrings && \
|
|
162
|
+
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && \
|
|
163
|
+
sudo chmod a+r /etc/apt/keyrings/docker.gpg && \
|
|
164
|
+
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
|
|
165
|
+
sudo apt-get update && \
|
|
166
|
+
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \
|
|
167
|
+
sudo usermod -aG docker $USER
|
|
168
168
|
`;
|
|
169
169
|
}
|
|
170
170
|
/**
|
|
171
171
|
* Get the command to install Node.js on Ubuntu
|
|
172
172
|
*/
|
|
173
173
|
static getNodeInstallCommand() {
|
|
174
|
-
return `
|
|
175
|
-
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && \
|
|
176
|
-
sudo apt-get install -y nodejs
|
|
174
|
+
return `
|
|
175
|
+
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash - && \
|
|
176
|
+
sudo apt-get install -y nodejs
|
|
177
177
|
`;
|
|
178
178
|
}
|
|
179
179
|
/**
|
|
@@ -99,12 +99,12 @@ class WindowsPlugin {
|
|
|
99
99
|
return false;
|
|
100
100
|
}
|
|
101
101
|
static helpText = {
|
|
102
|
-
SSH: `
|
|
103
|
-
SSH/RDP credentials for accessing the Windows server.
|
|
104
|
-
|
|
105
|
-
For SSH access, ensure OpenSSH Server is installed on Windows:
|
|
106
|
-
- Settings > Apps > Optional Features > Add a feature > OpenSSH Server
|
|
107
|
-
|
|
102
|
+
SSH: `
|
|
103
|
+
SSH/RDP credentials for accessing the Windows server.
|
|
104
|
+
|
|
105
|
+
For SSH access, ensure OpenSSH Server is installed on Windows:
|
|
106
|
+
- Settings > Apps > Optional Features > Add a feature > OpenSSH Server
|
|
107
|
+
|
|
108
108
|
For RDP access, use Remote Desktop Connection.`,
|
|
109
109
|
};
|
|
110
110
|
// ============================================================
|
|
@@ -182,11 +182,11 @@ class WindowsPlugin {
|
|
|
182
182
|
* Requires Docker Desktop or WSL2 with Docker
|
|
183
183
|
*/
|
|
184
184
|
static getDockerInstallCommand() {
|
|
185
|
-
return `
|
|
186
|
-
# Install Docker Desktop via Chocolatey
|
|
187
|
-
choco install docker-desktop -y
|
|
188
|
-
# Or install via winget
|
|
189
|
-
# winget install Docker.DockerDesktop
|
|
185
|
+
return `
|
|
186
|
+
# Install Docker Desktop via Chocolatey
|
|
187
|
+
choco install docker-desktop -y
|
|
188
|
+
# Or install via winget
|
|
189
|
+
# winget install Docker.DockerDesktop
|
|
190
190
|
`;
|
|
191
191
|
}
|
|
192
192
|
/**
|
|
@@ -205,10 +205,10 @@ class WindowsPlugin {
|
|
|
205
205
|
* Get the command to install Chocolatey (package manager)
|
|
206
206
|
*/
|
|
207
207
|
static getChocoInstallCommand() {
|
|
208
|
-
return `
|
|
209
|
-
Set-ExecutionPolicy Bypass -Scope Process -Force
|
|
210
|
-
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
|
|
211
|
-
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
|
|
208
|
+
return `
|
|
209
|
+
Set-ExecutionPolicy Bypass -Scope Process -Force
|
|
210
|
+
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
|
|
211
|
+
iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
|
|
212
212
|
`;
|
|
213
213
|
}
|
|
214
214
|
// ============================================================
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certbot.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAGtE,KAAK,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,YAAY,CAAC;AAEhD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"certbot.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAGtE,KAAK,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,YAAY,CAAC;AAEhD;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAG,GAAG,CA4KlE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,IAAI,GAAG,CAE1C;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,GAAG,CAEvC"}
|
|
@@ -63,6 +63,14 @@ function createCertbotFix(stage, envKey) {
|
|
|
63
63
|
console.log(' Add ssl_email: your@email.com to your environment config in stack.yml');
|
|
64
64
|
return false;
|
|
65
65
|
}
|
|
66
|
+
// Certbot runs via Docker — skip if Docker isn't running
|
|
67
|
+
try {
|
|
68
|
+
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
69
|
+
}
|
|
70
|
+
catch {
|
|
71
|
+
console.log(' Docker is not running — skipping SSL certificate fix');
|
|
72
|
+
return false;
|
|
73
|
+
}
|
|
66
74
|
try {
|
|
67
75
|
const nginxRunning = (0, ssl_cert_helper_js_1.isNginxRunning)();
|
|
68
76
|
console.log(' Obtaining SSL certificate for ' + domain + ' via Docker...');
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"certbot.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAcH,
|
|
1
|
+
{"version":3,"file":"certbot.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/certbot.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAcH,4CA4KC;AAKD,oDAEC;AAKD,8CAEC;AAtMD,iDAAyC;AAEzC,8DAAyE;AAIzE;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,KAAY,EAAE,MAAc;IAC3D,MAAM,UAAU,GAAG,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,YAAY,CAAC;IAElE,OAAO;QACL,EAAE,EAAE,KAAK,GAAG,gCAAgC;QAC5C,KAAK;QACL,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,gDAAgD,GAAG,UAAU,GAAG,SAAS;QAEtF,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,CAAC;YACrG,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC;YAE9B,MAAM,MAAM,GAAG,MAAM,KAAK,YAAY;gBACpC,CAAC,CAAG,MAAkC,CAAC,UAAkD,EAAE,MAA4B;gBACvH,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAyC,EAAE,MAA4B,CAAC;YAEvH,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,KAAK,CAAC;YAExE,gEAAgE;YAChE,IAAI,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEtD,MAAM,MAAM,GAAG,IAAA,qCAAgB,EAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,MAAM,CAAC,CAAC;gBACnD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,yBAAyB,GAAG,MAAM,GAAG,cAAc,GAAG,MAAM,CAAC,aAAa,GAAG,OAAO,CAAC,CAAC;gBAClG,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACvE,MAAM,MAAM,GAAG,MAAM,KAAK,YAAY;gBACpC,CAAC,CAAG,MAAkC,CAAC,UAAkD,EAAE,MAA4B;gBACvH,CAAC,CAAG,MAAkC,CAAC,MAAM,CAAyC,EAAE,MAA4B,CAAC;YACvH,MAAM,MAAM,GAAI,MAAkC,CAAC,MAAM,CAAwC,CAAC;YAClG,MAAM,QAAQ,GAAI,MAAM,EAAE,SAAgC,IAAI,MAAM,CAAC,SAAS,CAAC;YAE/E,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,UAAU,GAAG,oBAAoB,CAAC,CAAC;gBAC1D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,OAAO,CAAC,GAAG,CAAC,yCAAyC,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,0EAA0E,CAAC,CAAC;gBACxF,OAAO,KAAK,CAAC;YACf,CAAC;YAED,yDAAyD;YACzD,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC;gBACvE,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,YAAY,GAAG,IAAA,mCAAc,GAAE,CAAC;gBACtC,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,MAAM,GAAG,gBAAgB,CAAC,CAAC;gBAE7E,IAAI,UAAkB,CAAC;gBAEvB,IAAI,YAAY,EAAE,CAAC;oBACjB,4DAA4D;oBAC5D,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;oBACxD,UAAU,GAAG;wBACX,iBAAiB;wBACjB,sCAAsC;wBACtC,sCAAsC;wBACtC,0BAA0B;wBAC1B,+BAA+B;wBAC/B,KAAK,GAAG,MAAM;wBACd,UAAU,GAAG,QAAQ;wBACrB,aAAa;wBACb,mBAAmB;qBACpB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;qBAAM,CAAC;oBACN,8DAA8D;oBAC9D,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;oBAC5D,UAAU,GAAG;wBACX,iBAAiB;wBACjB,sCAAsC;wBACtC,UAAU;wBACV,0BAA0B;wBAC1B,cAAc;wBACd,KAAK,GAAG,MAAM;wBACd,UAAU,GAAG,QAAQ;wBACrB,aAAa;wBACb,mBAAmB;qBACpB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;gBAED,yEAAyE;gBACzE,IAAI,UAAU,GAAG,EAAE,CAAC;gBACpB,IAAI,CAAC;oBACH,UAAU,GAAG,IAAA,wBAAQ,EAAC,UAAU,GAAG,OAAO,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;gBAC1E,CAAC;gBAAC,OAAO,MAAM,EAAE,CAAC;oBAChB,mEAAmE;oBACnE,MAAM,MAAM,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAE,MAAc,CAAC,MAAM,IAAK,MAAc,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;oBAC7H,IAAI,OAAO,MAAM,KAAK,QAAQ;wBAC1B,CAAC,MAAM,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,EAAE,CAAC;wBACvF,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;wBAC5E,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,UAAU,GAAG,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACxD,CAAC;gBAED,+EAA+E;gBAC/E,IAAI,UAAU,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBAC/I,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;oBAC5E,OAAO,IAAI,CAAC;gBACd,CAAC;gBAED,8CAA8C;gBAC9C,MAAM,UAAU,GAAG,IAAA,qCAAgB,EAAC,MAAM,CAAC,CAAC;gBAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;oBAC5C,0FAA0F;oBAC1F,MAAM,OAAO,GAAG,IAAA,qCAAgB,EAAC,MAAM,EAAE,CAAC,CAAC,CAAC;oBAC5C,IAAI,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;wBACpC,OAAO,CAAC,GAAG,CAAC,+CAA+C,GAAG,OAAO,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;wBAChG,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,uEAAuE;oBACvE,IAAI,CAAC;wBACH,MAAM,QAAQ,GAAG,IAAA,wBAAQ,EACvB,mCAAmC,GAAG,MAAM,GAAG,mBAAmB,GAAG,MAAM,GAAG,uDAAuD,EACrI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CACrC,CAAC;wBACF,IAAI,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;4BAClC,OAAO,CAAC,GAAG,CAAC,kDAAkD,GAAG,MAAM,CAAC,CAAC;4BACzE,OAAO,IAAI,CAAC;wBACd,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,0CAA0C,CAAC,CAAC;oBACtD,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;oBAC5D,OAAO,KAAK,CAAC;gBACf,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,+CAA+C,CAAC,CAAC;gBAE7D,sDAAsD;gBACtD,IAAI,YAAY,EAAE,CAAC;oBACjB,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;oBACrC,IAAI,CAAC;wBACH,IAAA,wBAAQ,EAAC,2CAA2C,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;wBAC5E,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;oBACxD,CAAC;oBAAC,MAAM,CAAC;wBACP,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;wBACjE,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;gBAChE,2FAA2F;gBAC3F,IAAI,YAAY,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;oBACjG,OAAO,CAAC,GAAG,CAAC,8DAA8D,CAAC,CAAC;oBAC5E,OAAO,IAAI,CAAC;gBACd,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,YAAY,CAAC,CAAC;gBAChE,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAC;gBACjE,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,SAAS,EAAE,wKAAwK;KACpL,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB;IAClC,OAAO,gBAAgB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC1C,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAItE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CA4C3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAE,GAAG,EAAE,KAAK,EAAiB,MAAM,sBAAsB,CAAC;AAItE;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CA4C3E;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,CAkF3E;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,GAAG,EAAE,CAKrE"}
|
|
@@ -112,11 +112,21 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
112
112
|
catch {
|
|
113
113
|
// Docker not running, proceed to start it
|
|
114
114
|
}
|
|
115
|
+
// On macOS over SSH, `open -a Docker` won't work (no GUI session).
|
|
116
|
+
// Try the headless binary directly instead.
|
|
117
|
+
const isSSH = !!(process.env.SSH_CONNECTION || process.env.SSH_CLIENT || process.env.SSH_TTY);
|
|
118
|
+
const isMac = process.platform === 'darwin';
|
|
119
|
+
let startCmd = commands.start;
|
|
120
|
+
if (isMac && isSSH) {
|
|
121
|
+
startCmd = 'nohup /Applications/Docker.app/Contents/MacOS/Docker --unattended > /dev/null 2>&1 &';
|
|
122
|
+
}
|
|
115
123
|
console.log(' Starting Docker...');
|
|
116
124
|
try {
|
|
117
|
-
(0, child_process_1.execSync)(
|
|
118
|
-
// Wait for Docker to start (
|
|
119
|
-
|
|
125
|
+
(0, child_process_1.execSync)(startCmd, { stdio: 'inherit', shell: isMac ? '/bin/bash' : undefined });
|
|
126
|
+
// Wait for Docker to start — longer timeout on server (headless start is slower)
|
|
127
|
+
const onServer = !!(process.env.FACTIII_ON_SERVER || process.env.GITHUB_ACTIONS);
|
|
128
|
+
const timeout = onServer ? 60 : 30;
|
|
129
|
+
for (let i = 0; i < timeout; i++) {
|
|
120
130
|
await new Promise(resolve => setTimeout(resolve, 1000));
|
|
121
131
|
try {
|
|
122
132
|
(0, child_process_1.execSync)('docker info', { stdio: 'pipe' });
|
|
@@ -127,12 +137,16 @@ function createDockerRunningFix(stage, idPrefix) {
|
|
|
127
137
|
// Still starting...
|
|
128
138
|
}
|
|
129
139
|
}
|
|
130
|
-
console.log(' Docker
|
|
131
|
-
return
|
|
140
|
+
console.log(' Docker failed to start within ' + timeout + ' seconds');
|
|
141
|
+
return false;
|
|
132
142
|
}
|
|
133
143
|
catch (e) {
|
|
134
144
|
const errorMessage = e instanceof Error ? e.message : String(e);
|
|
135
145
|
console.log(' Failed to start Docker: ' + errorMessage);
|
|
146
|
+
if (isMac && isSSH) {
|
|
147
|
+
console.log(' Docker Desktop cannot be started headlessly on this Mac.');
|
|
148
|
+
console.log(' Please start Docker Desktop on the server directly (VNC/screen sharing) or enable "Start Docker Desktop when you sign in" in Docker settings.');
|
|
149
|
+
}
|
|
136
150
|
return false;
|
|
137
151
|
}
|
|
138
152
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAaH,wDA4CC;AAQD,
|
|
1
|
+
{"version":3,"file":"docker.js","sourceRoot":"","sources":["../../../src/scanfix/fixes/docker.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAaH,wDA4CC;AAQD,wDAkFC;AAQD,wCAKC;AA9JD,iDAAyC;AAEzC,gDAAgD;AAChD,mDAAsD;AAEtD;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAY,EAAE,QAAiB;IACpE,MAAM,QAAQ,GAAG,IAAA,4BAAc,GAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,GAAG,uBAAuB,CAAC,CAAC,CAAC,KAAK,GAAG,iBAAiB,CAAC;IACrF,MAAM,UAAU,GAAG,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,GAAG,SAAS,CAAC;IAE3E,OAAO;QACL,EAAE;QACF,KAAK;QACL,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,0BAA0B,GAAG,UAAU;QACpD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,4EAA4E;YAC5E,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM;oBAChC,CAAC,CAAC,CAAE,MAAkC,CAAC,IAAI,IAAK,MAAkC,CAAC,UAAU,CAAwC;oBACrI,CAAC,CAAE,MAAkC,CAAC,KAAK,CAAwC,CAAC;gBACtF,IAAI,CAAC,SAAS,EAAE,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACrC,wCAAwC;gBACxC,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjH,CAAC;YAED,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC,CAAC,sBAAsB;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC,CAAC,0BAA0B;YACzC,CAAC;QACH,CAAC;QACD,GAAG,EAAE,QAAQ,CAAC,OAAO;YACnB,CAAC,CAAC,KAAK,EAAE,OAAsB,EAAE,QAAgB,EAAoB,EAAE;gBACnE,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC;gBACvC,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,QAAQ,CAAC,OAAQ,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;oBAClD,OAAO,IAAI,CAAC;gBACd,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAChE,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,YAAY,CAAC,CAAC;oBAC1C,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACH,CAAC,CAAC,IAAI;QACR,SAAS,EAAE,QAAQ,CAAC,SAAS;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAY,EAAE,QAAiB;IACpE,MAAM,QAAQ,GAAG,IAAA,4BAAc,GAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,yBAAc,CAAC,QAAQ,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,GAAG,qBAAqB,CAAC,CAAC,CAAC,KAAK,GAAG,qBAAqB,CAAC;IACvF,MAAM,UAAU,GAAG,KAAK,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,GAAG,KAAK,GAAG,SAAS,CAAC;IAE3E,OAAO;QACL,EAAE;QACF,KAAK;QACL,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,wBAAwB,GAAG,UAAU;QAClD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAE,QAAgB,EAAoB,EAAE;YACxE,4EAA4E;YAC5E,IAAI,KAAK,KAAK,KAAK,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,KAAK,KAAK,MAAM;oBAChC,CAAC,CAAC,CAAE,MAAkC,CAAC,IAAI,IAAK,MAAkC,CAAC,UAAU,CAAwC;oBACrI,CAAC,CAAE,MAAkC,CAAC,KAAK,CAAwC,CAAC;gBACtF,IAAI,CAAC,SAAS,EAAE,MAAM;oBAAE,OAAO,KAAK,CAAC;gBACrC,wCAAwC;gBACxC,IAAI,OAAO,SAAS,CAAC,MAAM,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjH,CAAC;YAED,IAAI,CAAC;gBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;gBAC3C,OAAO,KAAK,CAAC,CAAC,oBAAoB;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,IAAI,CAAC,CAAC,wBAAwB;YACvC,CAAC;QACH,CAAC;QACD,GAAG,EAAE,QAAQ,CAAC,KAAK;YACjB,CAAC,CAAC,KAAK,EAAE,OAAsB,EAAE,QAAgB,EAAoB,EAAE;gBACnE,4CAA4C;gBAC5C,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;oBAC3C,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;oBAC5C,OAAO,IAAI,CAAC;gBACd,CAAC;gBAAC,MAAM,CAAC;oBACP,0CAA0C;gBAC5C,CAAC;gBAED,mEAAmE;gBACnE,4CAA4C;gBAC5C,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAC9F,MAAM,KAAK,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC;gBAC5C,IAAI,QAAQ,GAAG,QAAQ,CAAC,KAAM,CAAC;gBAC/B,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;oBACnB,QAAQ,GAAG,sFAAsF,CAAC;gBACpG,CAAC;gBAED,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;gBACrC,IAAI,CAAC;oBACH,IAAA,wBAAQ,EAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;oBAEjF,iFAAiF;oBACjF,MAAM,QAAQ,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;oBACjF,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;oBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE,EAAE,CAAC;wBACjC,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;wBACxD,IAAI,CAAC;4BACH,IAAA,wBAAQ,EAAC,aAAa,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;4BAC3C,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;4BAC9C,OAAO,IAAI,CAAC;wBACd,CAAC;wBAAC,MAAM,CAAC;4BACP,oBAAoB;wBACtB,CAAC;oBACH,CAAC;oBAED,OAAO,CAAC,GAAG,CAAC,mCAAmC,GAAG,OAAO,GAAG,UAAU,CAAC,CAAC;oBACxE,OAAO,KAAK,CAAC;gBACf,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,MAAM,YAAY,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;oBAChE,OAAO,CAAC,GAAG,CAAC,6BAA6B,GAAG,YAAY,CAAC,CAAC;oBAC1D,IAAI,KAAK,IAAI,KAAK,EAAE,CAAC;wBACnB,OAAO,CAAC,GAAG,CAAC,6DAA6D,CAAC,CAAC;wBAC3E,OAAO,CAAC,GAAG,CAAC,kJAAkJ,CAAC,CAAC;oBAClK,CAAC;oBACD,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;YACH,CAAC,CAAC,IAAI;QACR,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS;KACnF,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAgB,cAAc,CAAC,KAAY,EAAE,QAAiB;IAC5D,OAAO;QACL,sBAAsB,CAAC,KAAK,EAAE,QAAQ,CAAC;QACvC,sBAAsB,CAAC,KAAK,EAAE,QAAQ,CAAC;KACxC,CAAC;AACJ,CAAC"}
|
|
@@ -271,31 +271,31 @@ function generateNginx(allConfigs) {
|
|
|
271
271
|
return 0;
|
|
272
272
|
}
|
|
273
273
|
// Generate nginx config
|
|
274
|
-
let nginxConf = `# Auto-generated nginx configuration
|
|
275
|
-
# Generated by: npx stack (generate-all)
|
|
276
|
-
# Do not edit directly - modify stack.yml files and run: npx stack deploy
|
|
277
|
-
|
|
278
|
-
events {
|
|
279
|
-
worker_connections 1024;
|
|
280
|
-
}
|
|
281
|
-
|
|
282
|
-
http {
|
|
283
|
-
include /etc/nginx/mime.types;
|
|
284
|
-
default_type application/octet-stream;
|
|
285
|
-
|
|
286
|
-
sendfile on;
|
|
287
|
-
keepalive_timeout 65;
|
|
288
|
-
client_max_body_size 100M;
|
|
289
|
-
|
|
290
|
-
# Logging
|
|
291
|
-
access_log /var/log/nginx/access.log;
|
|
292
|
-
error_log /var/log/nginx/error.log;
|
|
293
|
-
|
|
294
|
-
# Gzip
|
|
295
|
-
gzip on;
|
|
296
|
-
gzip_vary on;
|
|
297
|
-
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
298
|
-
|
|
274
|
+
let nginxConf = `# Auto-generated nginx configuration
|
|
275
|
+
# Generated by: npx stack (generate-all)
|
|
276
|
+
# Do not edit directly - modify stack.yml files and run: npx stack deploy
|
|
277
|
+
|
|
278
|
+
events {
|
|
279
|
+
worker_connections 1024;
|
|
280
|
+
}
|
|
281
|
+
|
|
282
|
+
http {
|
|
283
|
+
include /etc/nginx/mime.types;
|
|
284
|
+
default_type application/octet-stream;
|
|
285
|
+
|
|
286
|
+
sendfile on;
|
|
287
|
+
keepalive_timeout 65;
|
|
288
|
+
client_max_body_size 100M;
|
|
289
|
+
|
|
290
|
+
# Logging
|
|
291
|
+
access_log /var/log/nginx/access.log;
|
|
292
|
+
error_log /var/log/nginx/error.log;
|
|
293
|
+
|
|
294
|
+
# Gzip
|
|
295
|
+
gzip on;
|
|
296
|
+
gzip_vary on;
|
|
297
|
+
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
|
298
|
+
|
|
299
299
|
`;
|
|
300
300
|
// ============================================================
|
|
301
301
|
// CRITICAL: HTTPS Certificate Paths
|
|
@@ -308,54 +308,54 @@ http {
|
|
|
308
308
|
for (const { domain, service, port } of routes) {
|
|
309
309
|
// Always generate HTTPS-capable config
|
|
310
310
|
// Certificates must exist before nginx can start (obtained via: npx stack fix --staging/--prod)
|
|
311
|
-
nginxConf += `
|
|
312
|
-
# ${service} - ${domain}
|
|
313
|
-
|
|
314
|
-
# HTTP - ACME challenge + redirect to HTTPS
|
|
315
|
-
server {
|
|
316
|
-
listen 80;
|
|
317
|
-
server_name ${domain};
|
|
318
|
-
|
|
319
|
-
# Allow certbot ACME challenge (for renewals)
|
|
320
|
-
location /.well-known/acme-challenge/ {
|
|
321
|
-
root /var/www/certbot;
|
|
322
|
-
}
|
|
323
|
-
|
|
324
|
-
# Redirect all other traffic to HTTPS
|
|
325
|
-
location / {
|
|
326
|
-
return 301 https://$server_name$request_uri;
|
|
327
|
-
}
|
|
328
|
-
}
|
|
329
|
-
|
|
330
|
-
# HTTPS - main server block
|
|
331
|
-
server {
|
|
332
|
-
listen 443 ssl;
|
|
333
|
-
http2 on;
|
|
334
|
-
server_name ${domain};
|
|
335
|
-
|
|
336
|
-
# SSL certificate paths (Let's Encrypt)
|
|
337
|
-
ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
|
|
338
|
-
ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
|
|
339
|
-
|
|
340
|
-
# SSL security settings
|
|
341
|
-
ssl_protocols TLSv1.2 TLSv1.3;
|
|
342
|
-
ssl_prefer_server_ciphers on;
|
|
343
|
-
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
|
|
344
|
-
ssl_session_cache shared:SSL:10m;
|
|
345
|
-
ssl_session_timeout 10m;
|
|
346
|
-
|
|
347
|
-
location / {
|
|
348
|
-
proxy_pass http://${service}:${port};
|
|
349
|
-
proxy_http_version 1.1;
|
|
350
|
-
proxy_set_header Upgrade $http_upgrade;
|
|
351
|
-
proxy_set_header Connection 'upgrade';
|
|
352
|
-
proxy_set_header Host $host;
|
|
353
|
-
proxy_cache_bypass $http_upgrade;
|
|
354
|
-
proxy_set_header X-Real-IP $remote_addr;
|
|
355
|
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
356
|
-
proxy_set_header X-Forwarded-Proto $scheme;
|
|
357
|
-
}
|
|
358
|
-
}
|
|
311
|
+
nginxConf += `
|
|
312
|
+
# ${service} - ${domain}
|
|
313
|
+
|
|
314
|
+
# HTTP - ACME challenge + redirect to HTTPS
|
|
315
|
+
server {
|
|
316
|
+
listen 80;
|
|
317
|
+
server_name ${domain};
|
|
318
|
+
|
|
319
|
+
# Allow certbot ACME challenge (for renewals)
|
|
320
|
+
location /.well-known/acme-challenge/ {
|
|
321
|
+
root /var/www/certbot;
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
# Redirect all other traffic to HTTPS
|
|
325
|
+
location / {
|
|
326
|
+
return 301 https://$server_name$request_uri;
|
|
327
|
+
}
|
|
328
|
+
}
|
|
329
|
+
|
|
330
|
+
# HTTPS - main server block
|
|
331
|
+
server {
|
|
332
|
+
listen 443 ssl;
|
|
333
|
+
http2 on;
|
|
334
|
+
server_name ${domain};
|
|
335
|
+
|
|
336
|
+
# SSL certificate paths (Let's Encrypt)
|
|
337
|
+
ssl_certificate /etc/letsencrypt/live/${domain}/fullchain.pem;
|
|
338
|
+
ssl_certificate_key /etc/letsencrypt/live/${domain}/privkey.pem;
|
|
339
|
+
|
|
340
|
+
# SSL security settings
|
|
341
|
+
ssl_protocols TLSv1.2 TLSv1.3;
|
|
342
|
+
ssl_prefer_server_ciphers on;
|
|
343
|
+
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
|
|
344
|
+
ssl_session_cache shared:SSL:10m;
|
|
345
|
+
ssl_session_timeout 10m;
|
|
346
|
+
|
|
347
|
+
location / {
|
|
348
|
+
proxy_pass http://${service}:${port};
|
|
349
|
+
proxy_http_version 1.1;
|
|
350
|
+
proxy_set_header Upgrade $http_upgrade;
|
|
351
|
+
proxy_set_header Connection 'upgrade';
|
|
352
|
+
proxy_set_header Host $host;
|
|
353
|
+
proxy_cache_bypass $http_upgrade;
|
|
354
|
+
proxy_set_header X-Real-IP $remote_addr;
|
|
355
|
+
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
356
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
|
357
|
+
}
|
|
358
|
+
}
|
|
359
359
|
`;
|
|
360
360
|
}
|
|
361
361
|
nginxConf += `}\n`;
|
|
@@ -154,8 +154,8 @@ function formatDeploymentReport(data) {
|
|
|
154
154
|
function formatWorkflowSummary(data) {
|
|
155
155
|
const report = formatDeploymentReport(data);
|
|
156
156
|
// Workflow summaries support markdown, so we can enhance it
|
|
157
|
-
return `\`\`\`
|
|
158
|
-
${report}
|
|
157
|
+
return `\`\`\`
|
|
158
|
+
${report}
|
|
159
159
|
\`\`\``;
|
|
160
160
|
}
|
|
161
161
|
/**
|
|
@@ -64,16 +64,16 @@ const SECRET_METADATA = {
|
|
|
64
64
|
STAGING_SSH: {
|
|
65
65
|
type: 'ssh_key',
|
|
66
66
|
description: 'SSH private key for accessing staging server',
|
|
67
|
-
helpText: `
|
|
68
|
-
Step 1: Generate a new SSH key pair:
|
|
69
|
-
ssh-keygen -t ed25519 -C "staging-deploy" -f ~/.ssh/staging_deploy
|
|
70
|
-
|
|
71
|
-
Step 2: Add PUBLIC key to your staging server:
|
|
72
|
-
ssh-copy-id -i ~/.ssh/staging_deploy.pub ubuntu@YOUR_HOST
|
|
73
|
-
|
|
74
|
-
(HOST is configured in stack.yml → environments.staging.host)
|
|
75
|
-
|
|
76
|
-
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
67
|
+
helpText: `
|
|
68
|
+
Step 1: Generate a new SSH key pair:
|
|
69
|
+
ssh-keygen -t ed25519 -C "staging-deploy" -f ~/.ssh/staging_deploy
|
|
70
|
+
|
|
71
|
+
Step 2: Add PUBLIC key to your staging server:
|
|
72
|
+
ssh-copy-id -i ~/.ssh/staging_deploy.pub ubuntu@YOUR_HOST
|
|
73
|
+
|
|
74
|
+
(HOST is configured in stack.yml → environments.staging.host)
|
|
75
|
+
|
|
76
|
+
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
77
77
|
cat ~/.ssh/staging_deploy`,
|
|
78
78
|
validation: (value) => {
|
|
79
79
|
if (!value || value.trim().length === 0) {
|
|
@@ -91,16 +91,16 @@ const SECRET_METADATA = {
|
|
|
91
91
|
PROD_SSH: {
|
|
92
92
|
type: 'ssh_key',
|
|
93
93
|
description: 'SSH private key for accessing production server',
|
|
94
|
-
helpText: `
|
|
95
|
-
Step 1: Generate a new SSH key pair:
|
|
96
|
-
ssh-keygen -t ed25519 -C "production-deploy" -f ~/.ssh/prod_deploy
|
|
97
|
-
|
|
98
|
-
Step 2: Add PUBLIC key to your production server:
|
|
99
|
-
ssh-copy-id -i ~/.ssh/prod_deploy.pub ubuntu@YOUR_HOST
|
|
100
|
-
|
|
101
|
-
(HOST is configured in stack.yml → environments.production.host)
|
|
102
|
-
|
|
103
|
-
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
94
|
+
helpText: `
|
|
95
|
+
Step 1: Generate a new SSH key pair:
|
|
96
|
+
ssh-keygen -t ed25519 -C "production-deploy" -f ~/.ssh/prod_deploy
|
|
97
|
+
|
|
98
|
+
Step 2: Add PUBLIC key to your production server:
|
|
99
|
+
ssh-copy-id -i ~/.ssh/prod_deploy.pub ubuntu@YOUR_HOST
|
|
100
|
+
|
|
101
|
+
(HOST is configured in stack.yml → environments.production.host)
|
|
102
|
+
|
|
103
|
+
Step 3: Paste the PRIVATE key below (multi-line, end with blank line):
|
|
104
104
|
cat ~/.ssh/prod_deploy`,
|
|
105
105
|
validation: (value) => {
|
|
106
106
|
if (!value || value.trim().length === 0) {
|
|
@@ -118,14 +118,14 @@ const SECRET_METADATA = {
|
|
|
118
118
|
AWS_SECRET_ACCESS_KEY: {
|
|
119
119
|
type: 'aws_secret',
|
|
120
120
|
description: 'AWS Secret Access Key (the only secret AWS value)',
|
|
121
|
-
helpText: `
|
|
122
|
-
Get from AWS Console: IAM → Users → Security credentials
|
|
123
|
-
|
|
124
|
-
This is shown only once when you create the key.
|
|
125
|
-
If lost, you must create a new key pair.
|
|
126
|
-
|
|
127
|
-
Note: AWS_ACCESS_KEY_ID and AWS_REGION go in stack.yml (not secrets)
|
|
128
|
-
|
|
121
|
+
helpText: `
|
|
122
|
+
Get from AWS Console: IAM → Users → Security credentials
|
|
123
|
+
|
|
124
|
+
This is shown only once when you create the key.
|
|
125
|
+
If lost, you must create a new key pair.
|
|
126
|
+
|
|
127
|
+
Note: AWS_ACCESS_KEY_ID and AWS_REGION go in stack.yml (not secrets)
|
|
128
|
+
|
|
129
129
|
Enter AWS Secret Access Key:`,
|
|
130
130
|
validation: (value) => {
|
|
131
131
|
if (!value || value.trim().length === 0) {
|
|
@@ -143,12 +143,12 @@ const SECRET_METADATA = {
|
|
|
143
143
|
VERCEL_TOKEN: {
|
|
144
144
|
type: 'api_token',
|
|
145
145
|
description: 'Vercel API Token for deployments',
|
|
146
|
-
helpText: `
|
|
147
|
-
Get your token from: https://vercel.com/account/tokens
|
|
148
|
-
Create a new token with:
|
|
149
|
-
- Scope: Full Account (or specific team)
|
|
150
|
-
- Expiration: No Expiration (or custom)
|
|
151
|
-
|
|
146
|
+
helpText: `
|
|
147
|
+
Get your token from: https://vercel.com/account/tokens
|
|
148
|
+
Create a new token with:
|
|
149
|
+
- Scope: Full Account (or specific team)
|
|
150
|
+
- Expiration: No Expiration (or custom)
|
|
151
|
+
|
|
152
152
|
Enter Vercel API Token:`,
|
|
153
153
|
validation: (value) => {
|
|
154
154
|
if (!value || value.trim().length === 0) {
|