denshooter/cloudlense
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c545c93b4f15659de8fdd0093f9bfe5b54e9078
cloudlense/website-monitoring-frontend/.github/workflows/cron-scan.yml
T
Dennis 1c545c93b4 feat: production hardening + smart subpage scanning with layout dedup 
Security:
- Add CRON_SECRET auth to /api/cron/* endpoints
- Add admin role verification to /api/admin/* routes
- Add org membership check to /api/billing/usage
- Add security headers (HSTS, X-Frame-Options, CSP, etc.)
- Add env variable validation at startup
- Add rate limiting to backend API (30 req/min per IP)

Infrastructure:
- Multi-stage Dockerfiles with non-root user + healthchecks
- Updated cron workflow to pass CRON_SECRET header
- Updated .env.example with all optional vars

Smart subpage scanning:
- Crawler now computes template_hash (DOM structure without content)
- Scanner scans ALL unique-layout pages, not just main page
- Pages with same layout (e.g. product pages) scanned only once
- Deduplication by template_hash, fallback to content_hash
- Main page always scanned with high priority
- Re-checks subscription limits before each page scan

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-03-06 07:44:32 +01:00

69 lines
2.4 KiB
YAML
Raw Blame History

name: Lighthouse Scan & Uptime Cron
on:
schedule:
- cron: '0 */6 * * *' # Lighthouse scans every 6 hours
- cron: '*/5 * * * *' # Uptime checks every 5 minutes
workflow_dispatch:
inputs:
mode:
description: 'Job to run'
required: true
default: 'all'
type: choice
options:
- all
- scan
- uptime
jobs:
uptime:
runs-on: ubuntu-latest
if: github.event.schedule == '*/5 * * * *' || github.event.inputs.mode == 'uptime' || github.event.inputs.mode == 'all'
steps:
- name: Run Uptime Checks
run: |
DEPLOYMENT_URL="${DEPLOYMENT_URL:-https://your-domain.com}"
echo "Running uptime checks at: $DEPLOYMENT_URL/api/cron/uptime"
response=$(curl -s -w "\n%{http_code}" -H "Authorization: Bearer $CRON_SECRET" "$DEPLOYMENT_URL/api/cron/uptime")
http_code=$(echo "$response" | tail -n1)
response_body=$(echo "$response" | head -n -1)
echo "Status: $http_code"
echo "Body: $response_body"
if [ "$http_code" -eq 200 ]; then
echo "✅ Uptime checks completed"
else
echo "❌ Uptime checks failed: $http_code"
exit 1
fi
env:
DEPLOYMENT_URL: ${{ secrets.DEPLOYMENT_URL }}
CRON_SECRET: ${{ secrets.CRON_SECRET }} CRON_SECRET: ${{ secrets.CRON_SECRET }}
scan:
runs-on: ubuntu-latest
if: github.event.schedule == '0 */6 * * *' || github.event.inputs.mode == 'scan' || github.event.inputs.mode == 'all'
steps:
- name: Trigger Lighthouse Scan
run: |
DEPLOYMENT_URL="${DEPLOYMENT_URL:-https://your-domain.com}"
echo "Triggering scan at: $DEPLOYMENT_URL/api/cron/scan?mode=all"
response=$(curl -s -w "\n%{http_code}" -X POST -H "Authorization: Bearer $CRON_SECRET" "$DEPLOYMENT_URL/api/cron/scan?mode=all")
http_code=$(echo "$response" | tail -n1)
response_body=$(echo "$response" | head -n -1)
echo "Status: $http_code"
echo "Body: $response_body"
if [ "$http_code" -eq 200 ]; then
echo "✅ Scan triggered successfully"
else
echo "❌ Failed to trigger scan: $http_code"
exit 1
fi
env:
DEPLOYMENT_URL: ${{ secrets.DEPLOYMENT_URL }}
Reference in New Issue View Git Blame Copy Permalink