Skip to content

chore: configuration updates #492

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
petermasking merged 7 commits into from
Jun 10, 2026
Merged

chore: configuration updates #492

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3d8cdf2
#491: social domain config updates
petermasking Jun 10, 2026
cf571e4
#491: actions to fixed sha
basmasking Jun 10, 2026
34a37b5
#491: vite dedupe dependencies
basmasking Jun 10, 2026
90e7b60
#491: updated dependencies
basmasking Jun 10, 2026
da0f1c1
#491: moved vite client types to tsconfig
basmasking Jun 10, 2026
e79134e
#491: limit cooldown to 2 days
basmasking Jun 10, 2026
229ffe6
#491: don't persist the credentials
basmasking Jun 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 19 additions & 17 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,23 @@

version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "monthly"

# Maintain dependencies for jitar
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "monthly"
commit-message:
# Prefix all commit messages with "npm"
prefix: "npm"
open-pull-requests-limit: 1
pull-request-branch-name:
# Separate sections of the branch name with a hyphen
separator: "-"
# Maintain dependencies for jitar
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "monthly"
commit-message:
# Prefix all commit messages with "npm"
prefix: "npm"
open-pull-requests-limit: 1
pull-request-branch-name:
# Separate sections of the branch name with a hyphen
separator: "-"
cooldown:
default-days: 4
Comment on lines +23 to +24

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚖️ Poor tradeoff

Consider security implications of the 4-day cooldown period.

The cooldown policy delays follow-up dependency update PRs by 4 days after a merge. Combined with open-pull-requests-limit: 1, this significantly throttles updates. While this reduces PR noise, it may delay critical security patches by up to 4 days, potentially leaving the system exposed to known vulnerabilities.

Consider either:

  • Reducing the cooldown period for faster security response
  • Documenting that critical security updates should be manually expedited
  • Verifying that Dependabot security alerts bypass the cooldown (behavior may vary)
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/dependabot.yml around lines 23 - 24, The current Dependabot config
sets a 4-day cooldown ("cooldown: default-days: 4") combined with
"open-pull-requests-limit: 1", which can delay critical security patches; update
the config or repo processes to ensure timely security fixes by either lowering
"default-days" (e.g., to 0–1), adding documentation that critical/security
updates are manually expedited, and/or verifying Dependabot security alerts
bypass the cooldown behavior; locate and change the "cooldown: default-days: 4"
entry (and consider adjusting "open-pull-requests-limit: 1") and add a short
note in your security/operations docs describing the manual escalation path if
Dependabot’s default behavior does not bypass the cooldown.

10 changes: 5 additions & 5 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,16 +32,16 @@ jobs:
fail-fast: false
matrix:
language: [ 'typescript' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support

steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
Comment thread
basmasking marked this conversation as resolved.
with:
persist-credentials: false

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
source-root: development
languages: ${{ matrix.language }}
Expand All @@ -68,6 +68,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
category: "/language:${{matrix.language}}"
7 changes: 5 additions & 2 deletions .github/workflows/nodejsci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,13 @@ jobs:
node-version: [ lts/* ]

steps:
- uses: actions/checkout@v6
- name: Checkout repository
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: ${{ matrix.node-version }}
cache: npm
Expand Down
2 changes: 1 addition & 1 deletion .npmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
min-release-age=4
min-release-age=2
4 changes: 2 additions & 2 deletions deployment/docker/keycloak/comify-realm.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -666,8 +666,8 @@
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://localhost:3000/rpc/domain/authentication/login",
"http://localhost:5173/rpc/domain/authentication/login"
"http://localhost:3000/rpc/social/domain/authentication/login",
"http://localhost:5173/rpc/social/domain/authentication/login"
],
"webOrigins": [
"https://www.keycloak.org"
Expand Down
1 change: 1 addition & 0 deletions development/insights/app/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"extends": "../../../tsconfig.json",
"compilerOptions": {
"types": ["vite/client"],
"jsx": "react-jsx",
"noEmit": true,
"paths": {
Expand Down
1 change: 0 additions & 1 deletion development/insights/app/vite-env.d.ts
View file
Open in desktop

This file was deleted.

3 changes: 3 additions & 0 deletions development/insights/app/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ export default defineConfig({
assetsDir: 'assets',
emptyOutDir: true
},
resolve: {
dedupe: ['react', 'react-dom'],
},
plugins: [
react(),
tsconfigPaths(),
Expand Down
1 change: 1 addition & 0 deletions development/moderation/app/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"extends": "../../../tsconfig.json",
"compilerOptions": {
"types": ["vite/client"],
"jsx": "react-jsx",
"noEmit": true,
"paths": {
Expand Down
1 change: 0 additions & 1 deletion development/moderation/app/vite-env.d.ts
View file
Open in desktop

This file was deleted.

3 changes: 3 additions & 0 deletions development/moderation/app/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ export default defineConfig({
assetsDir: 'assets',
emptyOutDir: true
},
resolve: {
dedupe: ['react', 'react-dom'],
},
plugins: [
react(),
tsconfigPaths(),
Expand Down
1 change: 1 addition & 0 deletions development/social/app/tsconfig.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
{
"extends": "../../../tsconfig.json",
"compilerOptions": {
"types": ["vite/client"],
"jsx": "react-jsx",
"noEmit": true,
"paths": {
Expand Down
1 change: 0 additions & 1 deletion development/social/app/vite-env.d.ts
View file
Open in desktop

This file was deleted.

3 changes: 3 additions & 0 deletions development/social/app/vite.config.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@ export default defineConfig({
assetsDir: 'assets',
emptyOutDir: true
},
resolve: {
dedupe: ['react', 'react-dom'],
},
plugins: [
react(),
tsconfigPaths(),
Expand Down
2 changes: 1 addition & 1 deletion example.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ AUTHENTICATION_DRIVER="openid"
OPENID_ISSUER="http://localhost:8080/realms/comify"
OPENID_CLIENT_ID="openid"
OPENID_CLIENT_SECRET=""
OPENID_REDIRECT_PATH="/rpc/domain/authentication/login"
OPENID_REDIRECT_PATH="/rpc/social/domain/authentication/login"
OPENID_SIGNING_SECRET="development"
OPENID_LOGIN_TTL=1800000
OPENID_ALLOW_INSECURE_REQUESTS=false
Expand Down
Loading
Loading