marcel/familienarchiv
1
0
Fork 0
Code Issues 113 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
dec0001bd10ac4d8cecec621ed2ae6d081219cbb
familienarchiv/.gitea/workflows
History
Marcel dec0001bd1 ci(obs): chmod 600 obs-secrets.env after creation in both workflows 
The heredoc creates the file with default umask permissions (644 —
world-readable). Setting 600 immediately after creation prevents other
processes on the host from reading the Grafana, GlitchTip, and Postgres
credentials. Defence-in-depth for the single-tenant VPS.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-16 08:53:49 +02:00
..
ci.yml
fix(ci): isolate compose-idempotency network from archiv-net collisions
2026-05-15 16:33:07 +02:00
coverage-flake-probe.yml
ci(workflows): downgrade upload-artifact v4 → v3 — Gitea act_runner limitation (ADR-014)
2026-05-14 10:58:19 +02:00
nightly.yml
ci(obs): chmod 600 obs-secrets.env after creation in both workflows
2026-05-16 08:53:49 +02:00
release.yml
ci(obs): chmod 600 obs-secrets.env after creation in both workflows
2026-05-16 08:53:49 +02:00