Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: wire breakpilot-compliance to Infisical for local dev
CI / detect-changes (pull_request) Successful in 9s
Details
CI / branch-name (pull_request) Successful in 1s
Details
CI / guardrail-integrity (pull_request) Successful in 7s
Details
CI / secret-scan (pull_request) Successful in 11s
Details
CI / dep-audit (pull_request) Failing after 58s
Details
CI / sbom-scan (pull_request) Failing after 1m4s
Details
CI / build-sha-integrity (pull_request) Successful in 6s
Details
CI / validate-canonical-controls (pull_request) Successful in 4s
Details
CI / loc-budget (pull_request) Successful in 25s
Details
CI / go-lint (pull_request) Failing after 22s
Details
CI / python-lint (pull_request) Failing after 13s
Details
CI / nodejs-lint (pull_request) Failing after 1m15s
Details
CI / nodejs-build (pull_request) Successful in 3m12s
Details
CI / test-go (pull_request) Successful in 57s
Details
CI / iace-gt-coverage (pull_request) Successful in 16s
Details
CI / test-python-backend (pull_request) Successful in 25s
Details
CI / test-python-document-crawler (pull_request) Successful in 14s
Details
CI / test-python-dsms-gateway (pull_request) Successful in 10s
Details

Browse Source 
- Add .infisical.json linking the repo to the breakpilot-compliance
  project on the self-hosted secrets.meghsakha.com instance.
- Add Makefile with infisical-aware targets (make dev, dev-build,
  dev-down, secrets, secrets-set). `make dev` runs `infisical run
  --env=dev -- docker compose up`, so secrets are injected at run
  time and .env files no longer touch disk.
- Add INFISICAL_SETUP.md with per-developer onboarding (CLI install,
  login, verify project link, run targets, Claude Code usage patterns,
  troubleshooting).
- Update README Quick Start to drop the cp .env.example .env step and
  point at make dev + INFISICAL_SETUP.md.
- Remove HashiCorp Vault references from CLAUDE.md (core-services list
  + sensitive-files list) and compliance-checklist.md TOM section;
  replace with Infisical.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-06-22 21:00:35 +02:00
parent a4d1105b3c
commit d82f86fc95
6 changed files with 232 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+9 -6
View File
@@ -42,23 +42,26 @@ All containers share the external `breakpilot-network` Docker network and depend
## Quick Start
**Prerequisites:** Docker, Go 1.24+, Python 3.12+, Node.js 20+
**Prerequisites:** Docker, Go 1.24+, Python 3.12+, Node.js 20+, [Infisical CLI](https://infisical.com/docs/cli/overview)
```bash
git clone ssh://git@gitea.meghsakha.com:22222/Benjamin_Boenisch/breakpilot-compliance.git
cd breakpilot-compliance
# Copy and populate secrets (never commit .env)
cp .env.example .env
# One-time per machine: log in to the self-hosted Infisical instance
infisical login --domain https://secrets.meghsakha.com
# Start all services
docker compose up -d
# Start the full stack with secrets injected from Infisical (env=dev)
make dev
```
Secrets are pulled from Infisical (`secrets.meghsakha.com`) at runtime; `.env` files are not used. See [INFISICAL_SETUP.md](./INFISICAL_SETUP.md) for full onboarding, and `make help` for the rest of the targets (`dev-build`, `dev-down`, `secrets`, `secrets-set`).
For the Orca/Hetzner production target (x86_64), use the override:
```bash
docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
make dev ENV=prod # or:
infisical run --env=prod -- docker compose -f docker-compose.yml -f docker-compose.hetzner.yml up -d
```
---