npm - @smi-digital/create-smi-app - Versions diffs - 2.0.0 → 2.1.0 - Mend

@smi-digital/create-smi-app 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.js CHANGED Viewed

@@ -64,8 +64,7 @@ var FRAMEWORK_GENERATORS = {
         "--template",
         "minimal",
         "--install",
-        "--git",
-        "false",
+        "--no-git",
         "--yes"
       ];
     }
@@ -487,6 +486,7 @@ async function createApps(projectRoot, targets) {
 // src/modules/scaffoldActions/createIntegrations.ts
 import { mkdir, readFile as readFile3, writeFile as writeFile2 } from "fs/promises";
 import { dirname as dirname2, join as join4 } from "path";
+import { randomBytes } from "crypto";
 function toTemplateToken(key) {
   const normalized = key.replaceAll(/[^a-zA-Z0-9]+/gv, "_").replaceAll(/^_+|_+$/gv, "").toUpperCase();
   return `__${normalized}__`;
@@ -552,11 +552,19 @@ async function createIntegrations(options, projectRoot, templatesDir) {
     }
   }
   const applyFile = async (file) => runStep(`Adding ${file.target}`, async () => {
+    const generateSecret = () => randomBytes(32).toString("base64url");
     const templateValues = {
       ...options.integrationInputs,
-      // eslint-disable-next-line camelcase
-      astro_port: "4321"
+      /* eslint-disable camelcase */
+      astro_port: "4321",
       // Hardcoded to SSR port
+      vault_password: generateSecret(),
+      app_keys: `${generateSecret()},${generateSecret()}`,
+      api_token_salt: generateSecret(),
+      admin_jwt_secret: generateSecret(),
+      transfer_token_salt: generateSecret(),
+      jwt_secret: generateSecret()
+      /* eslint-enable camelcase */
     };
     return copyTemplateFile(
       join4(integrationRoot, file.template),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@smi-digital/create-smi-app",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "",
   "main": "dist/index.js",
   "bin": {

package/templates/.husky/pre-commit CHANGED Viewed

@@ -1 +1,28 @@
-npx lint-staged
+#!/usr/bin/env sh
+# 1. Run standard linters and formatters
+npx lint-staged
+# 2. Ansible-Vault Security Guard
+# Find any staged files that end in .env and start with "production"
+STAGED_ENV_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '^production\..*\.env$')
+for file in $STAGED_ENV_FILES; do
+  # Read the first line of the file
+  FIRST_LINE=$(head -n 1 "$file")
+  # Check if the first line indicates it is an Ansible Vault file
+  if [[ "$FIRST_LINE" != "\$ANSIBLE_VAULT;"* ]]; then
+    echo ""
+    echo "🚨 SECURITY ALERT: Unencrypted Production Secrets Detected! 🚨"
+    echo "File: $file"
+    echo ""
+    echo "You are attempting to commit a plain-text production .env file."
+    echo "Please encrypt it using Ansible-Vault before committing:"
+    echo ""
+    echo "  ansible-vault encrypt $file"
+    echo ""
+    echo "Commit aborted."
+    exit 1
+  fi
+done

package/templates/base/gitignore.template CHANGED Viewed

@@ -1,2 +1,7 @@
 node_modules
-*.env
+*.env
+# Allow encrypted production env files to be committed
+!production.*.env
+# Ansible Vault Password (NEVER COMMIT THIS)
+.vault-password

package/templates/integrations/strapi-astro/.vault-password.template ADDED Viewed

	@@ -0,0 +1 @@
1	+ __VAULT_PASSWORD__

package/templates/integrations/strapi-astro/integration.config.json CHANGED Viewed

@@ -69,6 +69,18 @@
     {
       "template": "frontend/src/middleware.ts.template",
       "target": "frontend/src/middleware.ts"
+    },
+    {
+      "template": ".vault-password.template",
+      "target": ".vault-password"
+    },
+    {
+      "template": "production.frontend.env.template",
+      "target": "production.frontend.env"
+    },
+    {
+      "template": "production.backend.env.template",
+      "target": "production.backend.env"
     }
   ]
 }

package/templates/integrations/strapi-astro/production.backend.env.template ADDED Viewed

@@ -0,0 +1,19 @@
+# ==============================================================================
+# PRODUCTION BACKEND SECRETS (Strapi)
+#
+# 🚨 SECURITY WARNING 🚨
+# This file MUST be encrypted before committing to Git!
+# Run: ansible-vault encrypt production.backend.env --vault-password-file .vault-password
+# ==============================================================================
+# Strapi System Keys (Automatically generated by create-smi-app)
+APP_KEYS=__APP_KEYS__
+API_TOKEN_SALT=__API_TOKEN_SALT__
+ADMIN_JWT_SECRET=__ADMIN_JWT_SECRET__
+TRANSFER_TOKEN_SALT=__TRANSFER_TOKEN_SALT__
+JWT_SECRET=__JWT_SECRET__
+# Production Settings
+HOST=0.0.0.0
+PORT=1337
+NODE_ENV=production

package/templates/integrations/strapi-astro/production.frontend.env.template ADDED Viewed

@@ -0,0 +1,14 @@
+# ==============================================================================
+# PRODUCTION FRONTEND SECRETS (Astro SSR)
+#
+# 🚨 SECURITY WARNING 🚨
+# This file MUST be encrypted before committing to Git!
+# Run: ansible-vault encrypt production.frontend.env --vault-password-file .vault-password
+# ==============================================================================
+# Internal Docker Network routing (Do not change)
+PUBLIC_API_URL=http://__APP_NAME__-strapi:1337
+# Add your client-specific 3rd party secrets below
+# STRIPE_SECRET_KEY=sk_live_...
+# SENDGRID_API_KEY=SG...