Skip to content

Commit 0c7dba6

Browse files
authored
Merge pull request #5 from Cameroon-Developer-Network/feat/cve-sync-and-config
feat: complete Phase 2 - API server, Dashboard, and CVE sync
2 parents 1813a61 + 08d77ca commit 0c7dba6

54 files changed

Lines changed: 11038 additions & 397 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/ci.yml

Lines changed: 44 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ on:
44
pull_request:
55
branches: [main, develop]
66
push:
7-
branches: [develop]
7+
branches: [main, develop]
88

99
concurrency:
1010
group: ci-${{ github.ref }}
@@ -114,10 +114,11 @@ jobs:
114114
steps:
115115
- uses: actions/checkout@v4
116116

117+
- name: Install cargo-audit
118+
run: cargo install cargo-audit
119+
117120
- name: Rust audit
118-
uses: rustsec/audit-check@v1
119-
with:
120-
token: ${{ secrets.GITHUB_TOKEN }}
121+
run: cargo audit --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2026-0097
121122

122123
- name: Setup Node.js
123124
uses: actions/setup-node@v4
@@ -132,3 +133,42 @@ jobs:
132133
- name: npm audit (web)
133134
working-directory: apps/web
134135
run: pnpm install --frozen-lockfile && pnpm audit --audit-level=high
136+
137+
# ─── Deploy (Latest) ──────────────────────────────────────────────────────
138+
deploy:
139+
name: Deploy — Build & Push (Latest)
140+
needs: [rust, web, vscode, audit]
141+
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
142+
runs-on: ubuntu-latest
143+
permissions:
144+
contents: read
145+
packages: write
146+
steps:
147+
- name: Checkout repository
148+
uses: actions/checkout@v4
149+
150+
- name: Log in to the Container registry
151+
uses: docker/login-action@v3
152+
with:
153+
registry: ghcr.io
154+
username: ${{ github.actor }}
155+
password: ${{ secrets.GITHUB_TOKEN }}
156+
157+
- name: Build and push API (latest)
158+
uses: docker/build-push-action@v5
159+
with:
160+
context: .
161+
file: crates/server/Dockerfile
162+
push: true
163+
tags: ghcr.io/${{ github.repository }}-api:latest
164+
cache-from: type=gha
165+
cache-to: type=gha,mode=max
166+
167+
- name: Build and push Web (latest)
168+
uses: docker/build-push-action@v5
169+
with:
170+
context: ./apps/web
171+
push: true
172+
tags: ghcr.io/${{ github.repository }}-web:latest
173+
cache-from: type=gha
174+
cache-to: type=gha,mode=max

.github/workflows/release.yml

Lines changed: 57 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ jobs:
1111
runs-on: ubuntu-latest
1212
permissions:
1313
contents: write
14+
packages: write
1415
steps:
1516
- uses: actions/checkout@v4
1617

@@ -30,3 +31,59 @@ jobs:
3031
generate_release_notes: true
3132
draft: false
3233
prerelease: ${{ contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}
34+
35+
docker-publish:
36+
name: Build & publish images
37+
runs-on: ubuntu-latest
38+
permissions:
39+
contents: read
40+
packages: write
41+
steps:
42+
- name: Checkout repository
43+
uses: actions/checkout@v4
44+
45+
- name: Log in to the Container registry
46+
uses: docker/login-action@v3
47+
with:
48+
registry: ghcr.io
49+
username: ${{ github.actor }}
50+
password: ${{ secrets.GITHUB_TOKEN }}
51+
52+
- name: Extract metadata (API)
53+
id: meta-api
54+
uses: docker/metadata-action@v5
55+
with:
56+
images: ghcr.io/${{ github.repository }}-api
57+
tags: |
58+
type=semver,pattern={{version}}
59+
type=raw,value=latest,enable=${{ !contains(github.ref, '-') }}
60+
61+
- name: Build and push Zenvra API
62+
uses: docker/build-push-action@v5
63+
with:
64+
context: .
65+
file: crates/server/Dockerfile
66+
push: true
67+
tags: ${{ steps.meta-api.outputs.tags }}
68+
labels: ${{ steps.meta-api.outputs.labels }}
69+
cache-from: type=gha
70+
cache-to: type=gha,mode=max
71+
72+
- name: Extract metadata (Web)
73+
id: meta-web
74+
uses: docker/metadata-action@v5
75+
with:
76+
images: ghcr.io/${{ github.repository }}-web
77+
tags: |
78+
type=semver,pattern={{version}}
79+
type=raw,value=latest,enable=${{ !contains(github.ref, '-') }}
80+
81+
- name: Build and push Zenvra Web
82+
uses: docker/build-push-action@v5
83+
with:
84+
context: ./apps/web
85+
push: true
86+
tags: ${{ steps.meta-web.outputs.tags }}
87+
labels: ${{ steps.meta-web.outputs.labels }}
88+
cache-from: type=gha
89+
cache-to: type=gha,mode=max

.gitignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,11 @@ node_modules
1212
.next
1313
out
1414
dist
15+
build
1516

1617
# VS Code extension output
1718
extensions/vscode/out
19+
extensions/vscode/*.vsix
1820

1921
# OS
2022
.DS_Store
@@ -32,3 +34,6 @@ coverage
3234
.idea
3335
*.swp
3436
*.swo
37+
*~
38+
*.tmp
39+
deploy-ghcr.sh

CONFIG_GUIDE.md

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
# Zenvra Configuration & Hardcoded Values
2+
3+
## Current State
4+
5+
### ✅ Already Configurable via Environment Variables
6+
7+
1. **Backend API URL**`PUBLIC_API_URL` (default: `http://localhost:8080`)
8+
- Used in: `apps/web/src/lib/api.ts`, `apps/web/src/lib/stores/aiConfig.svelte.ts`
9+
- Allows pointing to different API endpoints (local dev, staging, production)
10+
11+
2. **AI Provider Configuration** — Persisted in localStorage
12+
- **Provider**: anthropic, openai, google, custom (user-selected)
13+
- **API Key**: User-provided via Settings UI
14+
- **Model**: User-selected from available models for provider
15+
- **Endpoint**: Optional, user-provided for custom providers
16+
- Allows bring-your-own-key pattern ✓
17+
18+
3. **Database URL**`DATABASE_URL` in `.env` (for server)
19+
- Allows local dev, Docker, or cloud databases
20+
21+
4. **CVE Data Feeds**`NVD_API_KEY` in `.env`
22+
- Synced on server startup or manual trigger
23+
24+
### ⚠️ Hardcoded Values to Consider
25+
26+
1. **Server Port**`8080` (hardcoded in server)
27+
- Suggestion: Make configurable via `PORT` env var
28+
29+
2. **Web Dev Port**`5173` (Vite default)
30+
- Vite automatically uses next available port if occupied
31+
32+
3. **Database Credentials**`postgres:postgres@localhost:5433/zenvra`
33+
- Should be parameterized in `.env`
34+
35+
4. **Scan Engines** — Hardcoded in CLI/server (sast, sca, secrets, ai_code)
36+
- Already configurable per-request via `--disable` flag and API
37+
38+
5. **Severity Thresholds** — Default `low` in CLI
39+
- Already configurable via `--severity` flag
40+
41+
### 📋 Recommended Next Steps
42+
43+
1. **Server** — Add `PORT` and `HOST` env vars
44+
2. **Web** — Consider `PUBLIC_APP_NAME`, `PUBLIC_VERSION` for UI
45+
3. **Database** — Already parametrized in `.env`
46+
4. **AI Config** — Already per-user via localStorage + Settings UI
47+
48+
## How to Use Development Environment
49+
50+
```bash
51+
# Terminal 1: Start PostgreSQL + Redis
52+
docker compose up -d postgres redis
53+
54+
# Terminal 2: Start API Server
55+
set -a && source .env && set +a
56+
cargo run -p zenvra-server
57+
58+
# Terminal 3: Sync CVE data
59+
cargo run -p zenvra-server -- sync
60+
61+
# Terminal 4: Start Web Frontend
62+
cd apps/web
63+
pnpm dev
64+
65+
# Open http://localhost:5174 in browser
66+
```
67+
68+
## API Endpoints
69+
70+
- `/health` — Health check
71+
- `/api/v1/scan` — Submit code scan (returns scan ID)
72+
- `/api/v1/scan/:id/events` — Stream scan results via SSE
73+
- `/api/v1/history` — Get scan history
74+
- `/api/v1/sync` — Trigger manual CVE sync
75+
- `/api/v1/ai/models` — Fetch available AI models for provider

0 commit comments

Comments
 (0)