|
|
475bcde7ed
|
ci: Use standalone release script to fix JSON escaping issues
Build .deb Package / build-and-package (push) Successful in 2m10s
- Shell/curl JSON escaping caused HTTP 422 errors
- Created scripts/create-release.py for reliable Gitea release creation
- Uses Python urllib for proper JSON handling and multipart upload
- Supports GITEA_TOKEN/GITHUB_TOKEN env vars with fallback
|
2026-04-24 12:30:23 +00:00 |
|
|
|
4e992afacc
|
feat: Add .deb packaging for Ubuntu 24.04 release
- debian/control: Package metadata with dependencies
- debian/postinst: Service user, dirs, JWT key gen, config, cron setup
- debian/prerm: Graceful service stop before upgrade
- debian/postrm: Purge cleanup (user, data, config, cron)
- debian/changelog: 1.0.0-1 initial release
- debian/install: File manifest
- scripts/build-package.sh: Full build pipeline (cargo release, frontend, dpkg-deb)
- .gitignore: Exclude *.deb and package-build/
|
2026-04-24 00:58:38 +00:00 |
|
|
|
297bf1bd83
|
feat(M11+M12): Email notifications, audit hardening, deployment packaging, backup/DR, integration testing
M11 - Email Notifications + Audit Logging Hardening:
- Email notifier (lettre crate) with templates for patch failure, job completion, maintenance reminders
- Audit log hash chaining (prev_hash + row_hash) for tamper-evident logging
- Periodic + on-demand audit integrity verification
- Audit logging for all config changes and certificate operations
- Frontend: email settings integration, audit integrity verification action
M12 - Deployment Packaging, Backup/DR, Integration Testing:
- scripts/backup.sh: Nightly pg_dump, CA backup (GPG), config backup (secrets excluded unless encrypted)
- scripts/setup.sh: Enhanced with backup dir, seed migration, backup cron, systemd target install
- systemd units: Restart=always, WatchdogSec, ReadWritePaths, security hardening
- systemd/patch-manager.target: Service target for coordinated lifecycle
- docs/runbooks/restore.md: Full DR runbook with RPO 24h / RTO 4h targets
- scripts/integration-test.sh: 9 test suites covering full API lifecycle
- scripts/performance-test.sh: NFR validation (dashboard <5s, CIDR /22 <10s, API <2s)
- docs/security-review.md: Comprehensive security control verification
- docs/compliance-mapping.md: HIPAA (6 sections) + PCI-DSS v4.0 (9 requirements) mapped
|
2026-04-24 00:45:51 +00:00 |
|
|
|
da5a94d838
|
feat(M1): Project scaffolding, DB schema, core infrastructure
- Initialize Rust workspace with 7 crates (pm-web, pm-worker, pm-core,
pm-agent-client, pm-auth, pm-ca, pm-reports)
- React + TypeScript + Vite + MUI frontend scaffold
- Full PostgreSQL schema: all 17 tables with indexes and constraints
- pm-core: config (TOML+env), db (SQLx pool + migrations), error
(unified AppError + JSON envelope), request_id (ULID middleware),
logging (tracing JSON/pretty)
- pm-web: Axum skeleton, /status/health endpoint, static file serving
- pm-worker: Tokio skeleton, heartbeat writer, schema version check
- Embedded sqlx migrations with advisory lock (single-writer)
- systemd unit files, setup.sh, build-frontend.sh
- config.example.toml with all configuration keys
- docs/runbooks/restore.md
- cargo check passes with zero warnings
Closes M1.
|
2026-04-23 15:55:53 +00:00 |
|
