oleks/cms-plugins
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

harden(deploy): apply safe fixes from review report-only items

Browse Source 
- #3 Liveness probe targets full SSR DB-querying / route, coupling pod liveness to SQLite
- #4 Chart values-staging/production.yaml are dead config under Flux; drift trap
- #6 tsconfig includes gitignored emdash-env.d.ts that only the dev server generates
- #7 Dockerfile package-lock glob + npm install fallback can silently build an unlocked image
- #8 Dockerfile creates runtime user without pinning its GID
- #9 entrypoint.sh gates `emdash init` on data.db absence, skipping migrations on PVC reuse
- #10 pullPolicy: Always vs digest pinning
- #11 Dockerfile state symlinks contradict the STATE_DIR contract; Dockerfile does not set ENV STATE_DIR
- #12 astro is a production dependency, so npm prune --omit=dev keeps build-only tooling
- #14 Two ImageUpdateAutomations write back to the same anton-helm-workloads main branch
- #16 memoryCache provider is per-process; correctness depends implicitly on replicas:1
- #17 Root catch-all [slug].astro couples nav links to pages-collection rows + DB hit per unmatched path
- #18 Detail pages render a 200-style body under a 404 status and have no try/catch around getEmDash* calls
- #19 vite allowedHosts hardcodes ddev hostnames (dev-only; no prod impact)
This commit is contained in:
Oleks
2026-06-02 04:50:54 +03:00
parent 0c2cea8c25
commit 8c119efff8
15 changed files with 157 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker/entrypoint.sh
+9 -6
View File
@@ -4,11 +4,14 @@ set -eu
# Ensure persistent state dirs exist (volume may be empty on first boot).
mkdir -p /app/state/uploads
# Bootstrap on first run: create data.db and apply migrations.
# emdash init is expected to be idempotent on subsequent boots.
if [ ! -f /app/state/data.db ]; then
echo "[entrypoint] no data.db found in /app/state, running emdash init"
node_modules/.bin/emdash init
fi
# Run emdash init on EVERY boot, before exec'ing the server. It is idempotent:
# runMigrations applies only pending migrations (no-op when all are applied) and
# init skips re-seeding once collections exist. Under `set -e` a non-zero exit
# aborts before `exec "$@"`, so a failed/partial init surfaces as a crash-loop
# with logs instead of a silently half-migrated boot. (Gating on the mere
# presence of data.db would skip pending migrations on image upgrades against an
# existing PVC and never recover a partial first-run init.)
echo "[entrypoint] running emdash init (applies pending migrations, skips re-seed when collections exist)"
node_modules/.bin/emdash init
exec "$@"