knacky/mimic-big
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: align doc references with compose.yml rename (code-reviewer M1)

Browse Source 
Three docs still referenced the old docker-compose.yml path. Replace
with compose.yml so a future reader cloning at this hash finds the
file at the documented path.

- CHANGELOG.md:31 — backend skeleton recap line.
- docs/architecture.md:28 — deployment artifacts note (D-010 scope).
- tasks/todo.md:9 — B0.1 task description.

Also adds a "CI follow-ups (sprint 1+)" section to tasks/todo.md
capturing the 3 MINOR + 6 NIT deferred from code-reviewer's review
of chore/podman-and-ci, plus a FERNET-KEY tracker for the secret
provisioning before c2_credential.config_fernet (D-004) is wired.
This commit is contained in:
knacky
2026-05-22 19:49:16 +02:00
parent 1380672c03
commit df6294ed7b
3 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -28,7 +28,7 @@ UX wireframes (mock data). No real connector, no reporting until PR1/PR2/PR3 lan
#### Backend skeleton (`feature/backend-skeleton`) #### Backend skeleton (`feature/backend-skeleton`)
- `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest, coverage 70 %), - `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest, coverage 70 %),
`Makefile` (Docker/Podman auto-detect), multi-stage `Dockerfile`, `docker-compose.yml` for `Makefile` (Docker/Podman auto-detect), multi-stage `Dockerfile`, `compose.yml` for
Postgres dev DB, `.env.example`. Postgres dev DB, `.env.example`.
- Full §8 data model in SQLAlchemy 2 typed mapped classes: `engagement`, `c2_credential`, - Full §8 data model in SQLAlchemy 2 typed mapped classes: `engagement`, `c2_credential`,
`host`, `user`, `group`, `permission`, `group_permission`, `user_group`, `host`, `user`, `group`, `permission`, `group_permission`, `user_group`,

2
docs/architecture.md
View File

@@ -25,7 +25,7 @@ mimic/
Deployment artifacts (Ansible playbook, prod compose) live outside the repo Deployment artifacts (Ansible playbook, prod compose) live outside the repo
in the RT infra repo (D-010). Mimic ships only Dockerfiles and a dev in the RT infra repo (D-010). Mimic ships only Dockerfiles and a dev
`docker-compose.yml`. `compose.yml`.
## Backend module tree ## Backend module tree

30
tasks/todo.md
View File

@@ -6,7 +6,7 @@ Repo skeleton + foundational modules. Nothing that depends on PR1/PR2/PR3.
- [x] B0.1 — `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest, - [x] B0.1 — `backend/` Python 3.12+ project: `pyproject.toml` (ruff, mypy strict, pytest,
coverage 70 %), `Makefile` (Docker/Podman auto), multi-stage `Dockerfile`, coverage 70 %), `Makefile` (Docker/Podman auto), multi-stage `Dockerfile`,
`docker-compose.yml` for Postgres dev DB, `.env.example`. `compose.yml` for Postgres dev DB, `.env.example`.
- [x] B0.2 — Alembic baseline migration `202605210001_initial_schema` creates every table, - [x] B0.2 — Alembic baseline migration `202605210001_initial_schema` creates every table,
enum, index, and the idempotent grants for the audit write-only Postgres role. **No enum, index, and the idempotent grants for the audit write-only Postgres role. **No
`ttp_version` table** (D-009). Groups `rt_operator`, `rt_lead`, `soc_analyst` seeded `ttp_version` table** (D-009). Groups `rt_operator`, `rt_lead`, `soc_analyst` seeded
@@ -111,6 +111,34 @@ Tracked from code-review verdict on `feature/backend-skeleton` @ 12d131c:
- [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR. - [ ] R0.2 — Verify mypy strict and ruff clean before approving any backend PR.
- [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR. - [ ] R0.3 — Verify TS strict, no `useEffect(fetch)`, exhaustive deps before approving any frontend PR.
## CI follow-ups (sprint 1+) (`devops`)
Raised by `code-reviewer` during review of `chore/podman-and-ci` (M2-M3 + N1-N6).
None blocking, all deferred to sprint 1+.
- [ ] M2 — `backend/Makefile` `$(COMPOSE)` detection: invert legacy `docker-compose` v1
probe, prefer the Compose v2 plugin (`$(CONTAINER) compose`) first.
- [ ] M3 — `.gitea/workflows/ci.yml` backend job: chain `apt-get update && apt-get install`
in one `RUN`-style step and drop `rm -rf /var/lib/apt/lists/*` (no-op in an
ephemeral CI container).
- [ ] N1 — Smoke workflow `cat /etc/os-release | head -3` → use `head -3 /etc/os-release`
(moot once smoke.yml is removed; track here in case smoke is reintroduced).
- [ ] N2 — `.gitea/workflows/ci.yml` `pull_request:` trigger: restrict to `branches: [main]`
to avoid double-running on PR retargets.
- [ ] N3 — Anticipate single-runner serialization: jobs will queue. Plan a second
runner (different host or `capacity: >1`) before scaling sprint 2+ workload.
- [ ] N4 — Add top-level `concurrency: { group: ${{ github.ref }}, cancel-in-progress: true }`
to cancel superseded PR runs.
- [ ] N5 — CI uses `MIMIC_DATABASE_AUDIT_URL == MIMIC_DATABASE_URL` (same role).
Acceptable for unit tests; integration tests covering the audit write-only
role must provision a separate `mimic_audit_writer` role in the Postgres
service before they can run.
- [ ] N6 — Cache pip + npm via `actions/cache@v4` (verify Gitea Actions fork support
before adoption; fallback to manual cache volume on the runner if unsupported).
- [ ] FERNET-KEY — Provision `FERNET_KEY_TEST` Gitea repo secret before sprint 1
wires `c2_credential.config_fernet` (D-004). `config.py:32` accepts an empty
default at boot but `Fernet(b"")` raises `ValueError` at first use.
## Conventions ## Conventions
- Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`. - Branches: `feature/<scope>`, `fix/<scope>`, `docs/<scope>`, `chore/<scope>`. Long-lived: `main`.