-
Notifications
You must be signed in to change notification settings - Fork 182
Patch 1 #6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Patch 1 #6
Changes from all commits
e939fb7
46381a4
0914a41
f11ce8e
f0491b8
b7c1364
ee78003
d8dcd86
bd50330
22fc9fb
c52d5bf
0549310
0b2497b
f17809b
01134d1
3542024
de1ea15
2b91e76
c642f7b
6505266
ce090fd
debebf0
a5c1195
2d0c074
0811795
e5c34c9
3ccbaeb
c3e8fb8
f441cf5
caae7ba
e0541fb
dabd14e
9b764e4
4ed1e37
b7a6a1b
1054209
f0fdc8e
4502afe
c76ffb4
b2634fc
dc8b03c
df0c64a
dcffe47
18df5c3
d92022e
3b8dc12
cd13eed
1b6def6
fc61e44
e630505
2b9df3a
1b0bb5e
2f562da
287280b
b09bc9f
228d59b
3acc289
a724e36
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,31 @@ | ||||||||||||||||||||||
| #!/bin/bash | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| # Initializing variables | ||||||||||||||||||||||
| file_to_find="../backend/.env.docker" | ||||||||||||||||||||||
| alreadyUpdate=$(sed -n "4p" ../backend/.env.docker) | ||||||||||||||||||||||
| RED='\033[0;31m' | ||||||||||||||||||||||
| GREEN='\033[0;32m' | ||||||||||||||||||||||
| YELLOW='\033[0;33m' | ||||||||||||||||||||||
| NC='\033[0m' | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| # Use curl to fetch the public IPv4 address from the metadata service | ||||||||||||||||||||||
| ipv4_address=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| echo -e " ${GREEN}System Public Ipv4 address ${NC} : ${ipv4_address}" | ||||||||||||||||||||||
|
|
||||||||||||||||||||||
| if [[ "${alreadyUpdate}" == "FRONTEND_URL=\"http://${ipv4_address}:5173\"" ]] | ||||||||||||||||||||||
| then | ||||||||||||||||||||||
| echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}" | ||||||||||||||||||||||
| exit -1; | ||||||||||||||||||||||
| else | ||||||||||||||||||||||
|
Comment on lines
+16
to
+20
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Non‑zero exit on idempotent run will break Jenkins
- echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}"
- exit -1;
+ echo -e "${YELLOW}${file_to_find} already matches current IPv4. No changes.${NC}"
+ exit 0📝 Committable suggestion
Suggested change
🧰 Tools🪛 Shellcheck (0.11.0)[error] 19-19: Can only exit with status 0-255. Other data should be written to stdout/stderr. (SC2242) 🤖 Prompt for AI Agents |
||||||||||||||||||||||
| if [ -f ${file_to_find} ] | ||||||||||||||||||||||
| then | ||||||||||||||||||||||
| echo -e "${GREEN}${file_to_find}${NC} found.." | ||||||||||||||||||||||
| echo -e "${YELLOW}Configuring env variables in ${NC} ${file_to_find}" | ||||||||||||||||||||||
| sleep 7s; | ||||||||||||||||||||||
| sed -i -e "s|FRONTEND_URL.*|FRONTEND_URL=\"http://${ipv4_address}:5173\"|g" ${file_to_find} | ||||||||||||||||||||||
| echo -e "${GREEN}env variables configured..${NC}" | ||||||||||||||||||||||
| else | ||||||||||||||||||||||
| echo -e "${RED}ERROR : File not found..${NC}" | ||||||||||||||||||||||
| fi | ||||||||||||||||||||||
| fi | ||||||||||||||||||||||
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,31 @@ | ||||||||||||||||||||||||||
| #!/bin/bash | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
| # Initializing variables | ||||||||||||||||||||||||||
| file_to_find="../frontend/.env.docker" | ||||||||||||||||||||||||||
| alreadyUpdate=$(cat ../frontend/.env.docker) | ||||||||||||||||||||||||||
| RED='\033[0;31m' | ||||||||||||||||||||||||||
| GREEN='\033[0;32m' | ||||||||||||||||||||||||||
| YELLOW='\033[0;33m' | ||||||||||||||||||||||||||
| NC='\033[0m' | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
| # Use curl to fetch the public IPv4 address from the metadata service | ||||||||||||||||||||||||||
| ipv4_address=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
| echo -e " ${GREEN}System Public Ipv4 address ${NC} : ${ipv4_address}" | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
|
Comment on lines
+11
to
+15
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Harden IPv4 retrieval (timeout + fail if empty; IMDSv2 preferred) Add curl timeouts and validate the value before proceeding. If empty, abort without touching the file. Consider IMDSv2 when on AWS. -# Use curl to fetch the public IPv4 address from the metadata service
-ipv4_address=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4)
+## Fetch public IPv4 (AWS IMDS). Use timeouts; abort if empty.
+ipv4_address=$(curl -s --connect-timeout 2 -m 4 http://169.254.169.254/latest/meta-data/public-ipv4 || true)
+if [ -z "${ipv4_address}" ]; then
+ echo -e "${RED}ERROR: Could not determine public IPv4 (metadata unavailable). Aborting without changes.${NC}"
+ exit 1
+fi📝 Committable suggestion
Suggested change
🤖 Prompt for AI Agents |
||||||||||||||||||||||||||
| if [[ "${alreadyUpdate}" == "VITE_API_PATH=\"http://${ipv4_address}:31100\"" ]] | ||||||||||||||||||||||||||
| then | ||||||||||||||||||||||||||
| echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}" | ||||||||||||||||||||||||||
| exit -1; | ||||||||||||||||||||||||||
| else | ||||||||||||||||||||||||||
|
Comment on lines
+16
to
+20
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do not exit with -1; return success on idempotent run
Apply: - echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}"
- exit -1;
+ echo -e "${YELLOW}${file_to_find} already matches current IPv4. No changes.${NC}"
+ exit 0🧰 Tools🪛 Shellcheck (0.11.0)[error] 19-19: Can only exit with status 0-255. Other data should be written to stdout/stderr. (SC2242) 🤖 Prompt for AI Agents |
||||||||||||||||||||||||||
| if [ -f ${file_to_find} ] | ||||||||||||||||||||||||||
| then | ||||||||||||||||||||||||||
| echo -e "${GREEN}${file_to_find}${NC} found.." | ||||||||||||||||||||||||||
| echo -e "${YELLOW}Configuring env variables in ${NC} ${file_to_find}" | ||||||||||||||||||||||||||
| sleep 7s; | ||||||||||||||||||||||||||
| sed -i -e "s|VITE_API_PATH.*|VITE_API_PATH=\"http://${ipv4_address}:31100\"|g" ${file_to_find} | ||||||||||||||||||||||||||
| echo -e "${GREEN}env variables configured..${NC}" | ||||||||||||||||||||||||||
| else | ||||||||||||||||||||||||||
| echo -e "${RED}ERROR : File not found..${NC}" | ||||||||||||||||||||||||||
| fi | ||||||||||||||||||||||||||
| fi | ||||||||||||||||||||||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Set the Instance ID and path to the .env file | ||
| INSTANCE_ID="i-0c7c9d3d4e8c3a012" | ||
|
|
||
| # Retrieve the public IP address of the specified EC2 instance | ||
| ipv4_address=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query 'Reservations[0].Instances[0].PublicIpAddress' --output text) | ||
|
|
||
| # Initializing variables | ||
| file_to_find="../backend/.env.docker" | ||
| alreadyUpdate=$(sed -n "4p" ../backend/.env.docker) | ||
| RED='\033[0;31m' | ||
| GREEN='\033[0;32m' | ||
| YELLOW='\033[0;33m' | ||
| NC='\033[0m' | ||
|
|
||
| # Use curl to fetch the public IPv4 address from the metadata service | ||
|
|
||
| echo -e " ${GREEN}System Public Ipv4 address ${NC} : ${ipv4_address}" | ||
|
|
||
| if [[ "${alreadyUpdate}" == "FRONTEND_URL=\"http://${ipv4_address}:5173\"" ]] | ||
| then | ||
| echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}" | ||
| exit -1; | ||
| else | ||
| if [ -f ${file_to_find} ] | ||
| then | ||
| echo -e "${GREEN}${file_to_find}${NC} found.." | ||
| echo -e "${YELLOW}Configuring env variables in ${NC} ${file_to_find}" | ||
| sleep 7s; | ||
| sed -i -e "s|FRONTEND_URL.*|FRONTEND_URL=\"http://${ipv4_address}:5173\"|g" ${file_to_find} | ||
| echo -e "${GREEN}env variables configured..${NC}" | ||
| else | ||
| echo -e "${RED}ERROR : File not found..${NC}" | ||
| fi | ||
| fi |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Set the Instance ID and path to the .env file | ||
| INSTANCE_ID="i-0c7c9d3d4e8c3a012" | ||
|
|
||
| # Retrieve the public IP address of the specified EC2 instance | ||
| ipv4_address=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query 'Reservations[0].Instances[0].PublicIpAddress' --output text) | ||
|
|
||
| # Initializing variables | ||
| file_to_find="../frontend/.env.docker" | ||
| alreadyUpdate=$(cat ../frontend/.env.docker) | ||
| RED='\033[0;31m' | ||
| GREEN='\033[0;32m' | ||
| YELLOW='\033[0;33m' | ||
| NC='\033[0m' | ||
|
|
||
| echo -e " ${GREEN}System Public Ipv4 address ${NC} : ${ipv4_address}" | ||
|
|
||
| if [[ "${alreadyUpdate}" == "VITE_API_PATH=\"http://${ipv4_address}:31100\"" ]] | ||
| then | ||
| echo -e "${YELLOW}${file_to_find} file is already updated to the current host's Ipv4 ${NC}" | ||
| exit -1; | ||
| else | ||
| if [ -f ${file_to_find} ] | ||
| then | ||
| echo -e "${GREEN}${file_to_find}${NC} found.." | ||
| echo -e "${YELLOW}Configuring env variables in ${NC} ${file_to_find}" | ||
| sleep 7s; | ||
| sed -i -e "s|VITE_API_PATH.*|VITE_API_PATH=\"http://${ipv4_address}:31100\"|g" ${file_to_find} | ||
| echo -e "${GREEN}env variables configured..${NC}" | ||
| else | ||
| echo -e "${RED}ERROR : File not found..${NC}" | ||
| fi | ||
| fi |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| @Library('Shared') _ | ||
| pipeline { | ||
| agent {label 'Node'} | ||
|
|
||
| parameters { | ||
| string(name: 'FRONTEND_DOCKER_TAG', defaultValue: '', description: 'Frontend Docker tag of the image built by the CI job') | ||
| string(name: 'BACKEND_DOCKER_TAG', defaultValue: '', description: 'Backend Docker tag of the image built by the CI job') | ||
| } | ||
|
|
||
| stages { | ||
| stage("Workspace cleanup"){ | ||
| steps{ | ||
| script{ | ||
| cleanWs() | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Git: Code Checkout') { | ||
| steps { | ||
| script{ | ||
| code_checkout("https://github.com/DevMadhup/wanderlust.git","devops") | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Verify: Docker Image Tags') { | ||
| steps { | ||
| script{ | ||
| echo "FRONTEND_DOCKER_TAG: ${params.FRONTEND_DOCKER_TAG}" | ||
| echo "BACKEND_DOCKER_TAG: ${params.BACKEND_DOCKER_TAG}" | ||
| } | ||
| } | ||
| } | ||
|
|
||
|
|
||
| stage("Update: Kubernetes manifests"){ | ||
| steps{ | ||
| script{ | ||
| dir('kubernetes'){ | ||
| sh """ | ||
| sed -i -e 's/backend-wanderlust.*/backend-wanderlust:${params.BACKEND_DOCKER_TAG}/g' backend.yaml | ||
| """ | ||
| } | ||
|
|
||
| dir('kubernetes'){ | ||
| sh """ | ||
| sed -i -e 's/frontend-wanderlust.*/frontend-wanderlust:${params.FRONTEND_DOCKER_TAG}/g' frontend.yaml | ||
| """ | ||
|
Comment on lines
+41
to
+49
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Broken image tag substitution: patterns don’t match manifests Manifest images are madhupdevops/wanderlust-*-beta, but sed searches backend-wanderlust/frontend-wanderlust. Tags won’t update. Apply: - sed -i -e 's/backend-wanderlust.*/backend-wanderlust:${params.BACKEND_DOCKER_TAG}/g' backend.yaml
+ sed -i -E "s|(image:\s*madhupdevops/wanderlust-backend-beta:).*|\1${params.BACKEND_DOCKER_TAG}|" backend.yaml
@@
- sed -i -e 's/frontend-wanderlust.*/frontend-wanderlust:${params.FRONTEND_DOCKER_TAG}/g' frontend.yaml
+ sed -i -E "s|(image:\s*madhupdevops/wanderlust-frontend-beta:).*|\1${params.FRONTEND_DOCKER_TAG}|" frontend.yamlOptional: guard empty tags to avoid producing invalid manifests. + if [ -z "${params.BACKEND_DOCKER_TAG}" ] || [ -z "${params.FRONTEND_DOCKER_TAG}" ]; then
+ error "Missing required image tags"
+ fi
🤖 Prompt for AI Agents |
||
| } | ||
|
|
||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("Git: Code update and push to GitHub"){ | ||
| steps{ | ||
| script{ | ||
| withCredentials([gitUsernamePassword(credentialsId: 'Github-cred', gitToolName: 'Default')]) { | ||
| sh ''' | ||
| echo "Checking repository status: " | ||
| git status | ||
|
|
||
| echo "Adding changes to git: " | ||
| git add . | ||
|
|
||
| echo "Commiting changes: " | ||
| git commit -m "Updated environment variables" | ||
|
|
||
| echo "Pushing changes to github: " | ||
| git push https://github.com/DevMadhup/wanderlust.git devops | ||
| ''' | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,119 @@ | ||
| @Library('Shared') _ | ||
| pipeline { | ||
| agent any | ||
|
|
||
| environment{ | ||
| SONAR_HOME = tool "Sonar" | ||
| } | ||
| stages { | ||
|
|
||
| stage("Workspace cleanup"){ | ||
| steps{ | ||
| script{ | ||
| cleanWs() | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Git: Code Checkout') { | ||
| steps { | ||
| script{ | ||
| code_checkout("https://github.com/DevMadhup/wanderlust.git","devops") | ||
| } | ||
|
Comment on lines
+21
to
+22
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Avoid hardcoding branch; checkout the PR/target branch Hardcoding "devops" ignores the branch that triggered the build. Use BRANCH_NAME/CHANGE_BRANCH or a parameter to ensure the pipeline builds the intended ref. - code_checkout("https://github.com/DevMadhup/wanderlust.git","devops")
+ // For multibranch/PRs:
+ code_checkout("https://github.com/DevMadhup/wanderlust.git", env.CHANGE_BRANCH ?: env.BRANCH_NAME ?: "main")🤖 Prompt for AI Agents |
||
| } | ||
| } | ||
|
|
||
| stage("OWASP: Dependency check"){ | ||
| steps{ | ||
| script{ | ||
| owasp_dependency() | ||
| } | ||
| } | ||
| post{ | ||
| success{ | ||
| archiveArtifacts artifacts: '**/dependency-check-report.xml', followSymlinks: false, onlyIfSuccessful: true | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("Trivy: Filesystem scan"){ | ||
| steps{ | ||
| script{ | ||
| trivy_scan() | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("SonarQube: Code Analysis"){ | ||
| steps{ | ||
| script{ | ||
| sonarqube_analysis("Sonar","wanderlust","wanderlust") | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("SonarQube: Code Quality Gates"){ | ||
| steps{ | ||
| script{ | ||
| sonarqube_code_quality() | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage('Exporting environment variables') { | ||
| parallel{ | ||
| stage("Backend env setup"){ | ||
| steps { | ||
| script{ | ||
| dir("Automations"){ | ||
| sh "bash updateBackend.sh" | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("Frontend env setup"){ | ||
| steps { | ||
| script{ | ||
| dir("Automations"){ | ||
| sh "bash updateFrontend.sh" | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
Comment on lines
+63
to
+85
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Parallel env setup will fail if update scripts return non‑zero on no‑op Given the current scripts use - sh "bash updateBackend.sh"
+ sh "bash updateBackend.sh"
...
- sh "bash updateFrontend.sh"
+ sh "bash updateFrontend.sh"And in the meantime (temporary mitigation): sh "bash updateBackend.sh || true"
sh "bash updateFrontend.sh || true"🤖 Prompt for AI Agents |
||
|
|
||
| stage("Docker: Build Images"){ | ||
| steps{ | ||
| script{ | ||
| dir('backend'){ | ||
| docker_build("backend-wanderlust","test-image-donot-use","madhupdevops") | ||
| } | ||
|
|
||
| dir('frontend'){ | ||
| docker_build("frontend-wanderlust","test-image-donot-use","madhupdevops") | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| stage("Docker: Push to DockerHub"){ | ||
| steps{ | ||
| script{ | ||
| docker_push("backend-wanderlust","test-image-donot-use","madhupdevops") | ||
| docker_push("frontend-wanderlust","test-image-donot-use","madhupdevops") | ||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| post{ | ||
| success{ | ||
| build job: "Wanderlust-CD", parameters: [ | ||
| string(name: 'FRONTEND_DOCKER_TAG', value: "test-image-donot-use"), | ||
| string(name: 'BACKEND_DOCKER_TAG', value: "test-image-donot-use") | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -95,6 +95,33 @@ _I'd love for you to make the most of this project - it's all about learning, he | |
| npm run dev | ||
| ``` | ||
|
|
||
| ### Setting up with Docker | ||
|
|
||
| 1. **Ensure Docker and Docker Compose are Installed** | ||
|
|
||
| 2. **Clone the Repository** | ||
|
|
||
| ``` bash | ||
|
|
||
| git clone https://github.com/{your-username}/wanderlust.git | ||
| ``` | ||
| 3. **Navigate to the Project Directory** | ||
|
|
||
| ```bash | ||
|
|
||
| cd wanderlust | ||
|
|
||
| ``` | ||
| 4. **Update Environment Variables** - If you anticipate the IP address of the instance might change, update the `.env.sample` file with the new IP address. | ||
|
|
||
| 5. **Run Docker Compose** | ||
|
|
||
| ```bash | ||
|
|
||
| docker-compose up | ||
| ``` | ||
| This command will build the Docker images and start the containers for the backend and frontend, enabling you to access the Wanderlust application. | ||
|
|
||
|
Comment on lines
+98
to
+124
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🛠️ Refactor suggestion | 🟠 Major Fix Docker setup instructions: update .env.docker files, not .env.sample docker-compose uses backend/.env.docker and frontend/.env.docker. Editing .env.sample won’t apply to containers. Suggested wording:
🤖 Prompt for AI Agents |
||
| ## 🌟 Ready to Contribute? | ||
|
|
||
| Kindly go through [CONTRIBUTING.md](https://github.com/krishnaacharyaa/wanderlust/blob/main/.github/CONTRIBUTING.md) to understand everything from setup to contributing guidelines. | ||
|
|
||
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,10 @@ | ||||||||||||||||||||||||||||||||||||||||||
| MONGODB_URI="mongodb://mongo-service/wanderlust" | ||||||||||||||||||||||||||||||||||||||||||
| REDIS_URL="redis://redis-service:6379" | ||||||||||||||||||||||||||||||||||||||||||
| PORT=8080 | ||||||||||||||||||||||||||||||||||||||||||
| FRONTEND_URL="http://13.52.243.88:5173" | ||||||||||||||||||||||||||||||||||||||||||
| ACCESS_COOKIE_MAXAGE=120000 | ||||||||||||||||||||||||||||||||||||||||||
| ACCESS_TOKEN_EXPIRES_IN='120s' | ||||||||||||||||||||||||||||||||||||||||||
| REFRESH_COOKIE_MAXAGE=120000 | ||||||||||||||||||||||||||||||||||||||||||
| REFRESH_TOKEN_EXPIRES_IN='120s' | ||||||||||||||||||||||||||||||||||||||||||
| JWT_SECRET=70dd8b38486eee723ce2505f6db06f1ee503fde5eb06fc04687191a0ed665f3f98776902d2c89f6b993b1c579a87fedaf584c693a106f7cbf16e8b4e67e9d6df | ||||||||||||||||||||||||||||||||||||||||||
| NODE_ENV=Development | ||||||||||||||||||||||||||||||||||||||||||
|
Comment on lines
+1
to
+10
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Remove hard-coded JWT secret from repo and use secrets/placeholders A real-looking JWT_SECRET is committed (detected by gitleaks). This is a security blocker. Replace with a placeholder and inject via secret manager, CI/CD, or a local untracked .env. -JWT_SECRET=70dd8b38486eee723ce2505f6db06f1ee503fde5eb06fc04687191a0ed665f3f98776902d2c89f6b993b1c579a87fedaf584c693a106f7cbf16e8b4e67e9d6df
+JWT_SECRET=change-meAdditional recommendations:
📝 Committable suggestion
Suggested change
🧰 Tools🪛 dotenv-linter (3.3.0)[warning] 1-1: [QuoteCharacter] The value has quote characters (', ") (QuoteCharacter) [warning] 2-2: [QuoteCharacter] The value has quote characters (', ") (QuoteCharacter) [warning] 3-3: [UnorderedKey] The PORT key should go before the REDIS_URL key (UnorderedKey) [warning] 4-4: [QuoteCharacter] The value has quote characters (', ") (QuoteCharacter) [warning] 4-4: [UnorderedKey] The FRONTEND_URL key should go before the MONGODB_URI key (UnorderedKey) [warning] 5-5: [UnorderedKey] The ACCESS_COOKIE_MAXAGE key should go before the FRONTEND_URL key (UnorderedKey) [warning] 6-6: [QuoteCharacter] The value has quote characters (', ") (QuoteCharacter) [warning] 6-6: [UnorderedKey] The ACCESS_TOKEN_EXPIRES_IN key should go before the FRONTEND_URL key (UnorderedKey) [warning] 8-8: [QuoteCharacter] The value has quote characters (', ") (QuoteCharacter) [warning] 9-9: [UnorderedKey] The JWT_SECRET key should go before the MONGODB_URI key (UnorderedKey) [warning] 10-10: [UnorderedKey] The NODE_ENV key should go before the PORT key (UnorderedKey) 🪛 Gitleaks (8.28.0)[high] 9-9: Detected a Generic API Key, potentially exposing access to various services and sensitive operations. (generic-api-key) 🤖 Prompt for AI Agents |
||||||||||||||||||||||||||||||||||||||||||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| MONGODB_URI="mongodb://127.0.0.1/wanderlust" | ||
| REDIS_URL="127.0.0.1:6379" | ||
| REDIS_URL="127.0.0.1:6379" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Validate IPv4 and add curl timeouts; abort safely if unavailable
Prevent writing an empty IP to the env file when metadata is unreachable.
🤖 Prompt for AI Agents