mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-29 16:17:43 +02:00
7455df03b2
Some checks are pending
CD Mac Mini / Detect Changes (push) Waiting to run
CD Mac Mini / Deploy (push) Blocked by required conditions
CI / Detect Changes (push) Waiting to run
CI / Validate (push) Waiting to run
CI / Build mana-search (push) Blocked by required conditions
CI / Build mana-sync (push) Blocked by required conditions
CI / Build mana-api-gateway (push) Blocked by required conditions
CI / Build mana-crawler (push) Blocked by required conditions
Mirror to Forgejo / Push to Forgejo (push) Waiting to run
Behebt den Blank-Secrets-Bug der vorigen Rewrites (d5c0c020d/2448a50cc):
deren label-getriebenes rm+compose-up hat für ${VAR}-Interpolations-Apps
(Secrets aus der Deploy-Shell, nicht env_file) LEERE Secrets einkompiliert,
weil der launchd-Watchdog diese Vars nicht hat. So wurde comicello-api am
2026-05-26 zerlegt (Postgres-PW + MANA_SERVICE_KEY leer → 28P01) — dieselbe
Falle wie mana-auth KEK 2026-04-08.
Sichere Architektur:
- Bestehende Container heilen NUR via `docker start` (stuck/exited) bzw.
`docker restart` (crash-loop, Backoff) → behält die einkompilierte Env,
kann nie Secrets leeren. Projektübergreifend (auch nicht-mana-*), via
Restart-Policy-Gate (nur always/unless-stopped; watchtower etc. nie).
- Compose-recreate NUR für fehlende mana-core-Container — sicher, weil
Core seine Env via env_file (+ co-located .env) im Compose-Dir trägt;
zusätzlich --no-build (Watchdog baut nie ein Image → kein OOM-Crash).
- Komplett fehlende App-Container (${VAR}-Apps) werden NICHT auto-neu-
erstellt (Blank-Secret-Risiko) — brauchen echten Re-Deploy.
- DRY_RUN side-effect-frei.
bash -n + DRY_RUN + Live-Lauf auf dem Server grün. Verifiziert: docker
compose/rm nur in der Core-Reconcile, App-Recovery nur start/restart.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| demo/personas/chor-taegerwilen | ||
| dev | ||
| mac-mini | ||
| personas | ||
| test-data | ||
| test-reporting | ||
| audit-bundle.mjs | ||
| audit-complexity.mjs | ||
| audit-crypto-registry.mjs | ||
| audit-encrypted-tools.ts | ||
| audit-i18n-coverage.mjs | ||
| audit-icon-usage.mjs | ||
| audit-module-coupling.mjs | ||
| audit-modules.mjs | ||
| audit-port-drift.mjs | ||
| audit-test-coverage.mjs | ||
| audit-workspace-deps.mjs | ||
| backup-monitoring.sh | ||
| build-complexity-map.mjs | ||
| check-status.sh | ||
| create-gift-codes.mjs | ||
| deploy-metrics.sh | ||
| ecosystem-audit.mjs | ||
| fix-mixed-imports.mjs | ||
| generate-dockerfiles.mjs | ||
| generate-env.mjs | ||
| generate-status-page.sh | ||
| i18n-hardcoded-baseline.json | ||
| i18n-missing-baseline.json | ||
| lighthouse-audit.sh | ||
| migrate-theme-tokens.mjs | ||
| migrate-transition-all.mjs | ||
| run-integration-tests.sh | ||
| run-tests-with-coverage.sh | ||
| setup-databases.sh | ||
| setup-secrets.mjs | ||
| test-chat-auth.sh | ||
| validate-cloudflared-config.mjs | ||
| validate-dockerfiles.mjs | ||
| validate-i18n-keys.mjs | ||
| validate-i18n-parity.mjs | ||
| validate-llm-strings.mjs | ||
| validate-monorepo.mjs | ||
| validate-no-hardcoded-strings.mjs | ||
| validate-no-recursive-turbo.mjs | ||
| validate-pg-schema-isolation.mjs | ||
| validate-theme-parity.mjs | ||
| validate-theme-utilities.mjs | ||
| validate-theme-variables.mjs | ||
| validate-tier-patches.mjs | ||