126 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
nessi	597579376f	[NX-204 Issue] Add secret management guidelines and enhance security notes ... Introduced a comprehensive guide for secure production secret handling (`docs/security/secret-management.md`). Updated `.env.example` files with clearer comments on best practices, emphasizing not hardcoding secrets and implementing rotation strategies. Enhanced README with a new section linking to the secret management documentation. 0.2.4	2026-02-15 12:29:40 +01:00
nessi	f25792b8d8	Adjust Nginx PID file path in Dockerfile ... Modified the PID file location in the Nginx configuration to use `/tmp/nginx/nginx.pid` instead of the default paths. This ensures compatibility and avoids permission issues during container runtime.	2026-02-15 12:20:04 +01:00
nessi	6093c5dea8	[NX-203 Issue] Add production proxy profile with validation and documentation ... Introduced a secure, repeatable production proxy profile for reverse proxy and HTTPS deployment, including NGINX configuration, environment variables, and CORS guidance. Added CI workflow for static validation of proxy guardrails and detailed documentation to ensure best practices in deployment.	2026-02-15 12:10:41 +01:00
nessi	84bc7b0384	Update NEXAPG version to 0.2.4 ... Bumped the version of NEXAPG from 0.2.2 to 0.2.4 in the configuration file. This ensures the application is aligned with the latest changes or fixes in the updated version.	2026-02-15 11:29:11 +01:00
nessi	3932aa56f7	[NX-202 Issue] Add pip-audit CI enforcement for Python dependency security ... This commit integrates pip-audit to enforce vulnerability checks in CI. Dependencies with unresolved HIGH/CRITICAL vulnerabilities will block builds unless explicitly allowlisted. The process is documented, with a strict policy to ensure exceptions are trackable and time-limited.	2026-02-15 10:44:33 +01:00
nessi	9657bd7a36	Merge branch 'main' of https://git.nesterovic.cc/nessi/NexaPG into development	2026-02-15 10:33:56 +01:00
nessi	574e2eb9a5	Ensure valid Docker Hub namespace in release workflow ... Added validation to normalize input, reject invalid namespaces, and check for proper formatting in the Docker Hub namespace. This prevents configuration mistakes and ensures compliance with naming requirements.	2026-02-15 10:32:44 +01:00
Sascha Nesterovic	21a8023bf1	Merge pull request 'Fix CI stability: resolve Docker Scout write/auth issues and harden PG matrix checkout' (#35) from development into main ... Reviewed-on: #35 0.2.3	2026-02-14 22:12:28 +00:00
nessi	328f69ea5e	Update GitHub Actions workflows for improved functionality ... Removed the read-only flag from Docker volume mounts in the container CVE scan workflow to allow modifications. Added `max-parallel` and `fetch-depth` configurations to the PostgreSQL compatibility matrix workflow for better performance and efficiency.	2026-02-14 22:04:58 +01:00
nessi	c0077e3dd8	Add -u root flag to container CVE scan workflow ... This ensures the container runs with root user privileges, providing better compatibility and avoiding potential permission issues. The change affects the development workflow configuration for container CVE scanning.	2026-02-14 19:47:34 +01:00
nessi	af6ea11079	Refactor Docker Scout integration in CVE scan workflow ... Simplified the Docker Scout configuration logic by removing unnecessary checks and utilizing Docker's standard auth configuration. Updated environment variable usage and volume mounts to streamline the setup process for scanning containers.	2026-02-14 19:32:50 +01:00
nessi	5a7f32541f	Add Docker Scout login fallback and temporary caching. ... This update introduces a fallback mechanism for Docker Scout login when DockerHub credentials are unavailable, ensuring the workflow does not fail. It also replaces direct Docker config usage with temporary caching to improve flexibility and reduce dependency on runner environment setups.	2026-02-14 19:03:30 +01:00
nessi	dd3f18bb06	Make Docker Scout scans non-blocking and update config paths. ... Set `continue-on-error: true` for Docker Scout steps to ensure workflows proceed even if scans fail. Updated volume paths and environment variables for Docker config and credentials to improve scanning compatibility.	2026-02-14 18:55:52 +01:00
nessi	f4b18b6cf1	Update Docker Hub Scout config to use local login credentials ... Replaced the use of Docker Hub secrets with a mounted local docker configuration file for authentication. Added a check to ensure the login config exists before running scans, preventing unnecessary failures. This change enhances flexibility and aligns with local environment setups.	2026-02-14 18:50:46 +01:00
nessi	a220e5de99	Add Docker Hub authentication for Scout scans ... This update ensures Docker Scout scans use Docker Hub authentication. If the required credentials are absent, the scans are skipped with a corresponding message. This improves security and prevents unnecessary scan failures.	2026-02-14 18:31:10 +01:00
nessi	a5ffafaf9e	Update CVE scanning workflow to use JSON format and new tools ... Replaced Trivy output format from table to JSON for better processing. Added a summary step to parse and count severities using a Python script. Integrated Docker Scout scans for both backend and frontend, and updated uploaded artifacts to include the new JSON and Scout scan outputs.	2026-02-14 18:24:08 +01:00
nessi	d17752b611	Add CVE scan workflow for development branch ... This commit introduces a GitHub Actions workflow to scan for CVEs in backend and frontend container images. It uses Trivy for scanning and uploads the reports as artifacts, providing better visibility into vulnerabilities in development builds.	2026-02-14 18:16:54 +01:00
nessi	fe05c40426	Merge branch 'main' of https://git.nesterovic.cc/nessi/NexaPG into development	2026-02-14 17:47:34 +01:00
nessi	5a0478f47d	harden(frontend): switch to nginx:alpine-slim with non-root runtime and nginx dir permission fixes	2026-02-14 17:47:26 +01:00
Sascha Nesterovic	1cea82f5d9	Merge pull request 'Update frontend to use unprivileged Nginx on port 8080' (#34) from development into main ... Reviewed-on: #34 0.2.2	2026-02-14 16:18:34 +00:00
nessi	418034f639	Update NEXAPG_VERSION to 0.2.2 ... Bumped the version from 0.2.1 to 0.2.2 in the configuration file. This likely reflects a new release or minor update to the application.	2026-02-14 17:17:57 +01:00
nessi	489dde812f	Update frontend to use unprivileged Nginx on port 8080 ... Switch from `nginx:1.29-alpine-slim` to `nginxinc/nginx-unprivileged:stable-alpine` for improved security by running as a non-root user. Changed the exposed port from 80 to 8080 in the configurations to reflect the unprivileged setup. Adjusted the `docker-compose.yml` and `nginx.conf` accordingly.	2026-02-14 17:13:18 +01:00
Sascha Nesterovic	c2e4e614e0	Merge pull request 'CI cleanup: remove temporary Alpine smoke job, keep PG matrix on development, and keep Alpine backend default' (#33) from development into main ... Reviewed-on: #33 0.2.1	2026-02-14 16:00:57 +00:00
nessi	344071193c	Update NEXAPG_VERSION to 0.2.1 ... Bumped the version from 0.2.0 to 0.2.1 to reflect recent changes or updates. This ensures the system aligns with the latest versioning conventions.	2026-02-14 16:58:31 +01:00
nessi	03118e59d7	Remove backend Alpine smoke (PG16) job from CI workflow ... The backend Alpine smoke test targeting PostgreSQL 16 was removed from the CI configuration. This cleanup simplifies the workflow by eliminating redundancy, as the functionality might be covered elsewhere or deemed unnecessary.	2026-02-14 16:58:10 +01:00
nessi	15fea78505	Update Python base image to Alpine version for backend ... This change switches the base image from "slim" to "alpine" to reduce the overall image size and improve security. The updated image is more lightweight and better suited for environments where optimization is critical.	2026-02-14 16:52:10 +01:00
nessi	89d3a39679	Add new features and enhancements to CI workflows and backend. ... Enhanced CI workflows by adding an Alpine-based smoke test for the backend with PostgreSQL 16. Updated the Docker build process to support dynamic base images and added provenance, SBOM, and labels to Docker builds. Extended branch compatibility checks and refined backend configurations for broader usage scenarios.	2026-02-14 16:48:10 +01:00
Sascha Nesterovic	f614eb1cf8	Merge pull request 'NX-10x: Reliability, error handling, runtime UX hardening, and migration safety gate (NX-101, NX-102, NX-103, NX-104)' (#32) from development into main ... Reviewed-on: #32 0.2.0	2026-02-14 15:28:44 +00:00
nessi	6de3100615	[NX-104 Issue] Filter out restrict/unrestrict lines in schema comparison. ... Updated the pg_dump commands in the migration-safety workflow to use `sed` for removing restrict/unrestrict lines. This ensures consistent schema comparison by ignoring irrelevant metadata.	2026-02-14 16:23:05 +01:00
nessi	cbe1cf26fa	[NX-104 Issue] Add migration safety CI workflow ... Introduces a GitHub Actions workflow to ensure Alembic migrations are safe and reversible. The workflow validates schema consistency by testing upgrade and downgrade operations and comparing schemas before and after the roundtrip.	2026-02-14 16:07:36 +01:00
nessi	5c566cd90d	[NX-103 Issue] Add offline state handling for unreachable targets ... Introduced a mechanism to detect and handle when a target is unreachable, including a detailed offline state message with host and port information. Updated the UI to display a card notifying users of the target's offline status and styled the card accordingly in CSS.	2026-02-14 15:58:22 +01:00
nessi	1ad237d750	Optimize collector loop to account for actual execution time. ... Previously, the loop did not consider the time spent on `collect_once`, potentially causing delays. By adjusting the sleep duration dynamically, the poll interval remains consistent as intended.	2026-02-14 15:50:31 +01:00
nessi	d9dfde1c87	[NX-102 Issue] Add exponential backoff with jitter for retry logic ... Introduced an exponential backoff mechanism with a configurable base, max delay, and jitter factor to handle retries for target failures. This improves resilience by reducing the load during repeated failures and avoids synchronized retry storms. Additionally, stale target cleanup logic has been implemented to prevent unnecessary state retention.	2026-02-14 11:44:49 +01:00
nessi	117710cc0a	[NX-101 Issue] Refactor error handling to use consistent API error format ... Replaced all inline error messages with the standardized `api_error` helper for consistent error response formatting. This improves clarity, maintainability, and ensures uniform error structures across the application. Updated logging for collector failures to include error class and switched to warning level for target unreachable scenarios.	2026-02-14 11:30:56 +01:00
nessi	9aecbea68b	Add consistent API error handling and documentation ... Introduced standardized error response formats for API errors, including middleware for consistent request IDs and exception handlers. Updated the frontend to parse and process these error responses, and documented the error format in the README for reference.	2026-02-13 17:30:05 +01:00
Sascha Nesterovic	cd91b20278	Merge pull request 'Replace python-jose with PyJWT and update its usage' (#6) from development into main ... Reviewed-on: #6 0.1.8	2026-02-13 12:23:40 +00:00
nessi	fd9853957a	Merge branch 'main' of https://git.nesterovic.cc/nessi/NexaPG into development	2026-02-13 13:20:49 +01:00
nessi	9c68f11d74	Replace python-jose with PyJWT and update its usage. ... Switched the dependency from `python-jose` to `PyJWT` to handle JWT encoding and decoding. Updated related code to use `PyJWT`'s `InvalidTokenError` instead of `JWTError`. Also bumped the application version from `0.1.7` to `0.1.8`.	2026-02-13 13:20:46 +01:00
Sascha Nesterovic	6848a66d88	Merge pull request 'Update backend requirements - security hardening' (#5) from development into main ... Reviewed-on: #5 0.1.7	2026-02-13 12:07:48 +00:00
nessi	a9a49eba4e	Merge branch 'main' of https://git.nesterovic.cc/nessi/NexaPG into development	2026-02-13 13:01:26 +01:00
nessi	9ccde7ca37	Update backend requirements - security hardening	2026-02-13 13:01:22 +01:00
Sascha Nesterovic	88c3345647	Merge pull request 'Use lighter base images for frontend containers' (#4) from development into main ... Reviewed-on: #4 0.1.6	2026-02-13 11:43:59 +00:00
nessi	d9f3de9468	Use lighter base images for frontend containers ... Switched Node.js and Nginx images from 'bookworm' to 'alpine' variants to reduce image size. Added `apk upgrade --no-cache` for updated Alpine packages in the Nginx container. This optimizes resource usage and enhances performance.	2026-02-13 11:26:52 +01:00
Sascha Nesterovic	e62aaaf5a0	Merge pull request 'Update base images in Dockerfile to use bookworm variants' (#3) from development into main ... Reviewed-on: #3 0.1.5	2026-02-13 10:20:20 +00:00
nessi	ef84273868	Update base images in Dockerfile to use bookworm variants ... Replaced alpine with bookworm-slim for Node.js and nginx to bookworm. This ensures compatibility with the latest updates and improves consistency across images. Adjusted the health check command for nginx accordingly.	2026-02-13 11:15:17 +01:00
Sascha Nesterovic	6c59b21088	Merge pull request 'Add first and last name fields for users' (#2) from development into main ... Reviewed-on: #2 0.1.4	2026-02-13 10:09:02 +00:00
nessi	cd1795b9ff	Add first and last name fields for users ... This commit introduces optional `first_name` and `last_name` fields to the user model, including database migrations, backend, and frontend support. It enhances user profiles, updates user creation and editing flows, and refines the UI to display full names where available.	2026-02-13 10:57:10 +01:00
nessi	e0242bc823	Refactor deployment process to use prebuilt Docker images ... Replaced local builds with prebuilt backend and frontend Docker images for simplified deployment. Updated documentation and Makefile to reflect the changes and added a bootstrap script for quick setup of deployment files. Removed deprecated `VITE_API_URL` variable and references to streamline the setup.	2026-02-13 10:43:34 +01:00
Sascha Nesterovic	75f8106ca5	Merge pull request 'Merge Fixes and Technical changes from development into main branch' (#1) from development into main ... Reviewed-on: #1 0.1.3	2026-02-13 09:13:04 +00:00
nessi	4e4f8ad5d4	Update NEXAPG version to 0.1.3 ... This increments the application version from 0.1.2 to 0.1.3. It likely reflects bug fixes, improvements, or minor feature additions.	2026-02-13 10:11:00 +01:00