mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(ci): fix pipeline #365 — web build-shared + orchestrator secret scan
Some checks failed
ci/woodpecker/push/web Pipeline failed
Details
ci/woodpecker/push/orchestrator Pipeline failed
Details

Browse Source 
- Add build-shared step to web.yml so lint/typecheck/test can resolve
  @mosaic/shared types (same fix previously applied to api.yml)
- Remove compiled .spec.js/.test.js files from orchestrator production
  image to prevent Trivy secret scanning false positives from test
  fixtures (fake AWS keys and RSA private keys in secret-scanner tests)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-12 17:25:49 -06:00
parent 3833805a93
commit 3b12adf8f7
3 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/orchestrator/Dockerfile
View File

@@ -83,6 +83,8 @@ COPY --from=builder --chown=nestjs:nodejs /app/packages ./packages
# Copy built orchestrator application
COPY --from=builder --chown=nestjs:nodejs /app/apps/orchestrator/dist ./apps/orchestrator/dist
# Remove compiled test files from production (contain test fixtures that trigger Trivy secret scanning)
RUN find ./apps/orchestrator/dist -name '*.spec.js' -o -name '*.spec.js.map' -o -name '*.test.js' -o -name '*.test.js.map' | xargs rm -f 2>/dev/null || true
COPY --from=builder --chown=nestjs:nodejs /app/apps/orchestrator/package.json ./apps/orchestrator/
# Copy app's node_modules which contains symlinks to root node_modules