infra

Author	SHA1	Message	Date
Jeremie Fraeys	0eb8c1b139	feat(hardening): add container security scanning with Trivy - Add container-scanning.yml task file for vulnerability scans - Add systemd timer and service for scheduled scans - Add container-security-scan.sh script for manual scans - Integrate Trivy for Docker image vulnerability detection Implements: Automated container security monitoring	2026-03-06 14:27:20 -05:00
Jeremie Fraeys	2610b904a2	Update secrets management and authentication scripts - Update vault.example.yml with current secret structure - Enhance gen-auth-secrets.sh for improved OIDC client generation	2026-02-21 18:31:36 -05:00
Jeremie Fraeys	67eb2227dd	refactor(scripts): simplify forgejo actions secret helper Keep only app_ssh_access essentials: generate keypairs, upload plaintext Actions secrets, optionally update vault public keys.	2026-01-21 23:15:38 -05:00
Jeremie Fraeys	872d0cbe49	fix(forgejo): clearer PAT scope error for user/org secrets Exit cleanly on 403 for user/org scoped secrets and surface required token scope(s) when provided by the API.	2026-01-21 23:10:48 -05:00
Jeremie Fraeys	0814900598	fix(scripts): python3.9 compatibility + better Forgejo secret errors - Replace PEP604 unions with typing.Optional for broader Python compatibility - Print actionable guidance when user/org-scoped secret API calls return 403	2026-01-21 23:09:44 -05:00
Jeremie Fraeys	35796b1069	feat(forgejo): set Actions secrets at user/org scope - Add --scope {user,org,repo} (default user) to upsert Actions secrets\n- Keep repo support and add --org for org scope\n- Include security caveat in CLI help and warning output	2026-01-21 23:07:02 -05:00
Jeremie Fraeys	a3da8deb0f	feat(actions-ssh): use register/deregister keys for services access - Add app_ssh_access role to install forced-command keys for infra-register-stdin and infra-deregister\n- Ensure required infra-controller runtime directories exist on services host\n- Add helper script to generate/register both Actions SSH secrets and update vault public keys	2026-01-20 17:10:02 -05:00
Jeremie Fraeys	997aff6be3	initial infra commit	2026-01-19 15:02:13 -05:00

8 commits