viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(provision): security hardening from code review

Browse source 
- Add input validation: username regex + email format check in pipeline
- Quote variables in .provision-env to prevent shell injection
- Remove dead source command (each Woodpecker command is separate shell)
- Use jq to build JSON payloads (prevents injection via group names)
- Clean up git-crypt key on failure (use ; instead of &&)
- Add Kyverno ndots lifecycle ignore to webhook-handler deployment
This commit is contained in:
Viktor Barzin 2026-03-18 21:25:03 +00:00
parent e51c063600
commit 410c893647
2 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
stacks/webhook_handler/main.tf
View file

@ -229,6 +229,9 @@ resource "kubernetes_deployment" "webhook_handler" {
}
}
}
lifecycle {
ignore_changes = [spec[0].template[0].spec[0].dns_config]
}
}
resource "kubernetes_service" "webhook_handler" {