feat(infrastructure): complete devops overhaul, dockerization, and security hardening#2
Merged
Merged
Conversation
Removed an outdated email address for reporting vulnerabilities.
There was a problem hiding this comment.
Pull request overview
This PR introduces production-oriented repository infrastructure for Sentinel-Scan: Docker-based local orchestration, GitHub Actions CI, Dependabot automation, and a set of contributor/security documentation updates, plus a frontend tweak to avoid displaying API keys in the UI.
Changes:
- Add Docker Compose orchestration and Dockerfiles for backend/frontend dev containers.
- Add GitHub automation (CI workflow, Dependabot config, main branch ruleset JSON).
- Update/add project documentation and governance files; refactor frontend “API Sources” page to use
VITE_*runtime flags.
Reviewed changes
Copilot reviewed 16 out of 21 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
docker-compose.yml |
Updates build contexts/mounts, adds .env loading, and adjusts backend/frontend commands. |
docker/backend.Dockerfile |
Aligns build context to repo root and switches uvicorn module path to backend.main:app. |
docker/frontend.Dockerfile |
Adds a Node-based container to run the Vite dev server on port 3000. |
.github/workflows/ci.yml |
Adds CI jobs for backend lint/tests, frontend lint, and docker-compose build verification. |
.github/dependabot.yml |
Enables Dependabot updates for pip/npm/docker/github-actions. |
.github/rulesets/main.json |
Adds a programmatic ruleset for main branch protection and required checks. |
.env.example |
Expands environment template for backend + Vite frontend flags. |
dashboard/frontend/vite.config.js |
Forces Vite dev server to use port 3000. |
dashboard/frontend/src/pages/ApiSources.jsx |
Removes API key display and derives “connected/disconnected” from VITE_*_ENABLED flags. |
README.md |
Updates docs links and contributing/roles section; removes placeholder contact info. |
CONTRIBUTING.md |
Adds contribution workflow and maintainer role notes. |
SECURITY.md |
Adds a basic vulnerability disclosure policy. |
LICENSE |
Adds MIT license text. |
backend/README.md |
Minor plugin section wording tweaks. |
docs/DOCKER_INSTALL.md |
Adds Windows Docker installation + run instructions. |
docs/GETTING_STARTED.md |
Redacts example MongoDB connection string. |
docs/QUICKSTART.md |
Redacts example MongoDB connection string. |
docs/TESTING.md |
Adds backend testing walkthrough and troubleshooting. |
docs/QUICK_REFERENCE.md |
Adds a high-level command/status reference. |
docs/PROJECT_STRUCTURE.md |
Adds an (aspirational) repo layout + workflow guide. |
docs/PLATFORM_DESIGN.md |
Adds a comprehensive architecture/blueprint document. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| @@ -0,0 +1,21 @@ | |||
| # MIT License | |||
| @@ -138,12 +143,9 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file | |||
| - Visualized with [React](https://react.dev/) | |||
| - Inspired by the cybersecurity community | |||
|
|
|||
Comment on lines
6
to
12
| MONGODB_URL=mongodb://localhost:27017 | ||
| MONGODB_DB_NAME=sentinel_scan | ||
|
|
||
| # Message Broker / Cache | ||
| REDIS_URL=redis://localhost:6379/0 | ||
| CELERY_BROKER_URL=redis://localhost:6379/0 | ||
| CELERY_RESULT_BACKEND=redis://localhost:6379/0 |
Comment on lines
+8
to
+9
| # Install dependencies | ||
| RUN npm install |
| If you discover a potential security vulnerability in Sentinel-Scan, please do not disclose it publicly. | ||
|
|
||
| Instead, send an email to the Infrastructure & Security Maintainer detailing your findings: | ||
| - (Email)[raiuga6@gmail.com] |
| environment: | ||
| - VITE_API_URL=http://localhost:8000 | ||
| env_file: | ||
| - .env |
Comment on lines
65
to
66
| environment: | ||
| - VITE_API_URL=http://localhost:8000 |
| flake8 backend/ --count --max-complexity=10 --max-line-length=127 --statistics | ||
| - name: Run Backend Tests | ||
| run: | | ||
| pytest backend/ |
Comment on lines
+1
to
+3
| FROM node:18-alpine | ||
|
|
||
| WORKDIR /app |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR transforms the Sentinel-Scan MVP into a production-ready repository by establishing core DevOps infrastructure, containerization, CI/CD automation, and community governance standards.
It explicitly separates local development secrets from code and hardens the React frontend against potential XSS/credential extraction.
Resolves #1 (Note: If your issue was a different number, change the 1!)
🏗️ Architecture & Infrastructure
frontend.Dockerfileto containerize the Vite/React service with hot-reloading mapped correctly tolocalhost:3000.MONGODB_URLfrom compose files and migrated all connection strings and backend API keys to a secure, git-ignored .env pattern. Included a safe .env.example template for new contributors.🛡️ Security Hardening
VITE_environment flags injected via the Docker container, mitigating XSS credential scraping risks.mainbranch.🤖 CI/CD & Automation
flake8andpytest.eslint.🤝 Community Standards
/docsmodule and cleaned the README of AI-generated boilerplate placeholders.🧪 Testing Instructions
.env.exampleto.env(add arbitrary strings to the mock API keys).docker-compose up -d --build.localhost:3000andlocalhost:8000/docs. Observe successful connectivity and clean API Integration UI.