- Update security scan workflow to utilize a dedicated script for checking secrets, improving detection accuracy.
- Modify database connection setup in multiple scripts to use an environment variable fallback for DATABASE_URL, enhancing flexibility in different environments.
- Update CI/CD workflow to use specific Trivy version and change output format for vulnerability results.
- Add fallback npm audit step in case Trivy scan fails.
- Create a new security scan workflow that runs on push and pull request events, including scheduled scans.
- Introduce a security scan script to perform npm audit, Trivy scans, and check for potential secrets in the codebase.
- Ensure results are uploaded as artifacts for review and maintain retention policies for scan results.
- Change Docker image in docker-compose.prod.yml to use 'portfolio-app:latest'.
- Add new scripts for Gitea deployment and setup of Gitea runner.
- Introduce CI/CD workflows for automated testing, security scanning, and deployment in Gitea.
- Enhance package.json with new deployment scripts for Gitea integration.
* update
* cleanup
* fixing linting and tests errors
* Refactor API Parameter Handling and Update Email Transport
✅ Updated API Route Parameters:
- Changed parameter type from `{ id: string }` to `Promise<{ id: string }>` in PUT and DELETE methods for better async handling.
✅ Fixed Email Transport Creation:
- Updated `nodemailer.createTransporter` to `nodemailer.createTransport` for correct transport configuration.
✅ Refactored AnalyticsDashboard Component:
- Changed export from default to named export for better modularity.
✅ Enhanced Email Responder Toast:
- Updated toast structure to include additional properties for better user feedback.
🎯 Overall Improvements:
- Improved async handling in API routes.
- Ensured correct usage of nodemailer.
- Enhanced component exports and user notifications.
✅ Optimized Pre-Push Hook:
- Quick checks only: ESLint, TypeScript, npm audit
- Removed slow tests and build (run in GitHub Actions)
- ~3x faster for small fixes
✅ Added Full Pre-Push Option:
- npm run pre-push:full for complete checks
- Use for important changes or releases
- Includes tests and build locally
🎯 Best Practices:
- Quick checks locally (30 seconds)
- Full validation in GitHub Actions
- Best of both worlds: speed + thoroughness
📝 Usage:
- Normal pushes: npm run pre-push (fast)
- Important changes: npm run pre-push:full (thorough)
✅ Pre-Push Hook System:
- Created scripts/pre-push.sh with comprehensive checks
- Added Git pre-push hook (.git/hooks/pre-push)
- Added npm run pre-push script
- Added npm run lint:fix script
🔧 Pre-Push Checks:
- Dependencies installation (npm ci)
- ESLint validation (npm run lint)
- Test execution (npm run test)
- Build verification (npm run build)
- Security audit (npm audit)
- TypeScript type check (tsc --noEmit)
✅ GitHub Actions Fix:
- Removed deprecated GHOST_API variables
- Updated environment variables to match current .env
- Fixed test and production environment setup
🎯 Benefits:
- No more failed pushes to GitHub
- All checks run locally before push
- Same checks as GitHub Actions
- Prevents broken code from reaching remote
- Add auto-deploy.sh script with full CI/CD pipeline
- Add quick-deploy.sh for fast development deployments
- Add Git post-receive hook for automatic deployment on push
- Add comprehensive deployment documentation
- Add npm scripts for easy deployment management
- Include health checks, logging, and cleanup
- Support for automatic rollback on failures
