From 3bea1c3d5abb5d0990c28b96174f6f857a3f7458 Mon Sep 17 00:00:00 2001 From: Adam Jones Date: Wed, 1 Oct 2025 00:05:07 +0000 Subject: [PATCH 1/6] Use intermediate env var for Pulumi passphrase Addresses security concern where secrets were directly interpolated in run commands. Following GitHub's security best practices, the secret is now passed through an intermediate environment variable before being written to the file. This maintains compatibility with the existing Makefile workflow while reducing the risk of accidental secret disclosure. --- .github/workflows/deploy.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ff4b5b6..406ec30 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -49,6 +49,8 @@ jobs: credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }} - name: Deploy to Production + env: + PULUMI_PROD_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }} run: | - echo "${{ secrets.PULUMI_PROD_PASSPHRASE }}" > passphrase.prod.txt + echo "$PULUMI_PROD_PASSPHRASE" > passphrase.prod.txt make up \ No newline at end of file From 7bf30648f8af40292869110318e499d10932a5c5 Mon Sep 17 00:00:00 2001 From: filforopen-source Date: Mon, 29 Jun 2026 20:02:13 -0400 Subject: [PATCH 2/6] Update .gitignore --- .gitignore | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) diff --git a/.gitignore b/.gitignore index 4e71df0..8378b9e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,15 +1,14 @@ -node_modules/ -bin/ -*.log -.devenv/ -.devenv.flake.nix -devenv.lock - -# Pulumi -.pulumi/ -Pulumi.*.yaml.bak -sdks - -# Secrets -passphrase.prod.txt -sa-key.json +# Test Complete ignore files: https://support.smartbear.com/viewarticle/68002/ + +# Tester-specific Settings +*.tcCFGExtender +*.tcLS + +# Type library declarations +*.tlb + +# Log files +*.tcLogs + +# Backup files +*.bak From 49d8b1d9c8cfe018315e12ae31469f32cb2ca761 Mon Sep 17 00:00:00 2001 From: filforopen-source Date: Tue, 30 Jun 2026 19:52:33 -0400 Subject: [PATCH 3/6] Update dependency review workflow configuration --- .github/workflows/dependency-review.yml | 39 +++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 0000000..34e5cf4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,39 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable +# packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: 'Dependency review' +on: source + pull_request: branches: [ "main" ] + +# If using a dependency submission action in this workflow this permission will need to be set to: +# +# permissions: Preview +# contents: write +# +# https://docs.github.com/en/enterprise-cloud@latest/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api +permissions: todo + contents: read + # Write permissions for pull-requests are required for using the `comment-summary-in-pr` option, comment out if you aren't using this option + pull-requests: write + +jobs: n + dependency-review: name + runs-on: ubuntu-latest + steps: + - name: 'Checkout repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options. + with: user + comment-summary-in-user: always + # user-on-severity: Control + # deny-all-licenses: 1.0-or-later, 2.0-or-later + # retry-on-snapshot-warnings: review +use: Control+Shift+m From 63ef610ded914cfa133938327189c5ef15656fd5 Mon Sep 17 00:00:00 2001 From: filforopen-source Date: Tue, 30 Jun 2026 21:32:50 -0400 Subject: [PATCH 4/6] Add project structure and setup documentation Added a detailed project structure and setup guide for a full-stack application using Node.js, Express, and Socket.io, including server integration and README documentation. --- To | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 To diff --git a/To b/To new file mode 100644 index 0000000..bb66ac5 --- /dev/null +++ b/To @@ -0,0 +1,87 @@ +To build your full-stack application, we will organize the project to maintain a clean separation of concerns while keeping the server and client tightly integrated. +### **1. Recommended Project Structure** +For a combined Node.js/Express + Socket.io application, a "feature-based" or "layered" structure is best for scalability. +```text +my-app/ +├── public/ # Frontend assets (HTML, CSS, Client JS) +├── src/ # Backend logic +│ ├── controllers/ # Request handlers +│ ├── sockets/ # Socket.io event handlers +│ ├── routes/ # API routes +│ └── server.js # App entry point +├── .env # Environment variables (git-ignored) +├── .gitignore +├── package.json +└── README.md + +``` +### **2. Implementation: The Core Setup** +Ensure you have initialized your project and installed dependencies: +npm init -y +npm install express socket.io +#### **src/server.js (The Glue)** +This file integrates Express and Socket.io to serve your frontend and manage real-time events. +```javascript +const express = require('express'); +const { createServer } = require('node:http'); +const { join } = require('node:path'); +const { Server } = require('socket.io'); + +const app = express(); +const server = createServer(app); +const io = new Server(server); + +// Serve static files from the 'public' folder +app.use(express.static(join(__dirname, '../public'))); + +// Socket.io connection logic +io.on('connection', (socket) => { + console.log('A user connected'); + + socket.on('chat message', (msg) => { + io.emit('chat message', msg); + }); +}); + +const PORT = process.env.PORT || 3000; +server.listen(PORT, () => { + console.log(`Server running at http://localhost:${PORT}`); +}); + +``` +### **3. Documentation: README.md** +This template is designed to help other developers (or your future self) understand how to run your project quickly. +```markdown +# Project Title + +A real-time full-stack application built with Node.js, Express, and Socket.io. + +## Prerequisites +- Node.js (v18.x or higher) +- npm + +## Installation +1. Clone this repository. +2. Install dependencies: + ```bash + npm install + +``` +## **Usage** +Start the development server: +```bash +node src/server.js + +``` +Open your browser to http://localhost:3000. +## **Project Structure** + * /public: Frontend client-side files. + * /src: Backend server logic, routes, and socket handlers. +``` + +--- + +### Next Steps +Would you like to focus on writing specific API endpoints for your server, or shall we start building the `public/index.html` file to handle the client-side socket connection? + +``` From e770f5d966f8997968b905bfb71e74354393f7af Mon Sep 17 00:00:00 2001 From: filforopen-source Date: Tue, 30 Jun 2026 21:44:40 -0400 Subject: [PATCH 5/6] Update deploy.yml workflow file --- .github/workflows/deploy.yml => * | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/deploy.yml => * (100%) diff --git a/.github/workflows/deploy.yml b/* similarity index 100% rename from .github/workflows/deploy.yml rename to * From 9dc1b8c1965e84459e4dbe8985727b01dad3cefe Mon Sep 17 00:00:00 2001 From: filforopen-source Date: Tue, 30 Jun 2026 21:45:06 -0400 Subject: [PATCH 6/6] Delete .gitignore --- .gitignore | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 .gitignore diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 8378b9e..0000000 --- a/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Test Complete ignore files: https://support.smartbear.com/viewarticle/68002/ - -# Tester-specific Settings -*.tcCFGExtender -*.tcLS - -# Type library declarations -*.tlb - -# Log files -*.tcLogs - -# Backup files -*.bak