6 Commits

Author SHA1 Message Date
wmj 34b03f3aa3 ci: use synology-specific runner label
Build & Deploy Mobile / build-and-deploy (push) Failing after 28s
2026-07-07 04:34:59 +02:00
wmj 8c14ae8f96 ci: add Gitea Actions workflow for build and deploy
Build & Deploy Mobile / build-and-deploy (push) Failing after 59s
2026-07-06 23:50:04 +02:00
wmj 31fbb6c260 ci: add Gitea Actions workflow for build & deploy
Build & Deploy Mobile / build-and-deploy (push) Waiting to run
Adds CI/CD pipeline that:
- Builds Docker image on push to staging branch
- Pushes to GHCR
- Deploys to Swarm service
2026-07-06 23:49:02 +02:00
pi-agent 0098d9ca4a feat: auto-healing system — HEALTHCHECK, rate-limiter cleanup, auto-rollback CI, watchdog
- Dockerfile: add HEALTHCHECK (30s interval, 10s timeout, 3 retries)
- rate-limit.ts: auto-cleanup stale entries every 5 min (prevents memory leak)
- scripts/auto-heal.sh: watchdog for Synology cron — auto-restarts container,
  reloads nginx gateway, escalates on excessive failures
- CI workflow: auto-rollback on deploy failure (tags :rollback image,
  reverts if health check fails after deploy)
2026-06-28 02:52:11 +08:00
pi-agent de48918acf security: fix critical webhook direct upgrade path, seed auth, CORS Vary header
- Webhook polar/route: block direct ?userId=&tier= upgrades in production (NODE_ENV guard)
- Seed route: require ADMIN_SECRET via x-admin-secret header
- Feedback route: require FEEDBACK_ADMIN_TOKEN env var in production
- CORS middleware: add Vary: Origin header for caching correctness
- MOCK_PAYMENTS: add NODE_ENV production guard
- Wallet top-up: add production guard for mock mode when POLAR_ACCESS_TOKEN unset
2026-06-28 01:15:45 +08:00
root 913fa94fb9 Add CI workflow 2026-06-21 19:20:51 +02:00