Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5946aa47d5ec2c154a7b51c82a96e8ed2f790d1b
breakpilot-core/.gitea/workflows/pitch-cleanup.yml
T
Sharang Parnerkar 5946aa47d5
Build pitch-deck / build-push-deploy (push) Successful in 1m37s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 38s
Details
CI / test-python-voice (push) Successful in 32s
Details
CI / test-bqas (push) Successful in 30s
Details
fix(pitch-deck): GDPR compliance — automated cleanup, full Art. 13 notice 
- runDataCleanup() replaces maskOverdueInvestors(): now also anonymizes
  never-activated invites after 90 days, deletes sessions + magic links
  older than 30 days, NULLs IPs in audit logs older than 30 days, and
  redacts email from audit log details JSONB for masked investors
- New /api/admin/cleanup POST endpoint for scheduled invocation
- New .gitea/workflows/pitch-cleanup.yml: daily cron at 02:00 UTC calls
  the cleanup endpoint so anonymization is genuinely automatic, not lazy
- Switch masking window from first_activity_at to last_login_at (30 days
  of inactivity; resets on each login)
- Both auth pages: DSGVO footer now covers all Art. 13 requirements —
  data categories, retention cutoffs, Art. 15–21 rights, contact address,
  LfDI Baden-Württemberg as supervisory authority

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-01 15:11:51 +02:00

37 lines
1.2 KiB
YAML
Raw Blame History

# Daily GDPR data cleanup for the pitch deck.
# Calls /api/admin/cleanup which runs runDataCleanup():
# - anonymizes investors inactive 30+ days
# - anonymizes never-activated invites after 90 days
# - deletes sessions + magic links older than 30 days
# - anonymizes IPs in audit logs older than 30 days
#
# Requires Gitea Actions secret: PITCH_ADMIN_SECRET
name: Pitch deck — GDPR cleanup
on:
schedule:
- cron: '0 2 * * *'
jobs:
cleanup:
runs-on: docker
container:
image: alpine:3.19
steps:
- name: Run data cleanup
env:
PITCH_ADMIN_SECRET: ${{ secrets.PITCH_ADMIN_SECRET }}
run: |
apk add --no-cache curl
RESPONSE=$(curl -sSf -w "\n%{http_code}" -X POST \
-H "Authorization: Bearer $PITCH_ADMIN_SECRET" \
-H "Content-Type: application/json" \
https://pitch.breakpilot.com/api/admin/cleanup) \
|| { echo "Cleanup request failed"; exit 1; }
HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
BODY=$(echo "$RESPONSE" | head -n-1)
echo "Response: $BODY"
[ "$HTTP_CODE" = "200" ] || { echo "Unexpected status $HTTP_CODE"; exit 1; }
echo "GDPR cleanup completed successfully"
Reference in New Issue View Git Blame Copy Permalink