sharang/certifai
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases Activity

Compare commits

merge into: sharang/certifai:feat/m7.1-realm-claims
Branches Tags
sharang/certifai:main sharang/certifai:feat/m7.1-realm-claims sharang/certifai:feat/compliance-scanner-link sharang/certifai:feat/litellm-usage-stats sharang/certifai:feat/keycloak-theme-social-footer sharang/certifai:feat/CAI-2 sharang/certifai:feat/CAI-4 sharang/certifai:feat/CAI-1
..
pull from: sharang/certifai:feat/compliance-scanner-link
Branches Tags
sharang/certifai:feat/m7.1-realm-claims sharang/certifai:main sharang/certifai:feat/compliance-scanner-link sharang/certifai:feat/litellm-usage-stats sharang/certifai:feat/keycloak-theme-social-footer sharang/certifai:feat/CAI-2 sharang/certifai:feat/CAI-4 sharang/certifai:feat/CAI-1

2 Commits
feat/m7.1-realm-claims .. feat/compliance-scanner-link

Author SHA1 Message Date
Sharang Parnerkar 6067368ace style: fix cargo fmt in auth_check.rs
CI / Format (push) Successful in 3s
Details
CI / Format (pull_request) Successful in 3s
Details
CI / Clippy (pull_request) Successful in 2m49s
Details
CI / Security Audit (pull_request) Has been skipped
Details
CI / Clippy (push) Successful in 2m53s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Tests (push) Has been skipped
Details
CI / Tests (pull_request) Has been skipped
Details
CI / Deploy (push) Has been skipped
Details
CI / Deploy (pull_request) Has been skipped
Details
CI / E2E Tests (push) Has been skipped
Details
CI / E2E Tests (pull_request) Has been skipped
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 09:21:33 +01:00
Sharang Parnerkar dc4cb40171 feat(sidebar): add compliance scanner link from env config
CI / Format (push) Failing after 3s
Details
CI / Clippy (pull_request) Successful in 2m58s
Details
CI / Security Audit (pull_request) Has been skipped
Details
CI / Deploy (push) Has been skipped
Details
CI / E2E Tests (push) Has been skipped
Details
CI / Clippy (push) Successful in 3m5s
Details
CI / Security Audit (push) Has been skipped
Details
CI / Tests (push) Has been skipped
Details
CI / Format (pull_request) Failing after 3s
Details
CI / Tests (pull_request) Has been skipped
Details
CI / E2E Tests (pull_request) Has been skipped
Details
CI / Deploy (pull_request) Has been skipped
Details 
Read COMPLIANCE_SCANNER_URL from environment via ServiceUrls config and
surface it through AuthInfo to the sidebar. The link renders with a
shield icon and opens in a new tab, only when the URL is configured.
Includes i18n translations for all five locales.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 09:10:51 +01:00
3 changed files with 343 additions and 620 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yml
+5 -25
View File
@@ -262,30 +262,10 @@ jobs:
needs: [test]
if: github.ref == 'refs/heads/main'
container:
image: docker:27-cli
image: alpine:latest
steps:
- name: Checkout
- name: Trigger Coolify deploy
run: |
apk add --no-cache git curl openssl
git init
git remote add origin "${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
git fetch --depth=1 origin "${GITHUB_SHA}"
git checkout FETCH_HEAD
- name: Build and push image
run: |
IMAGE=registry.meghsakha.com/certifai-dashboard
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
docker login registry.meghsakha.com -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin
docker build -t "$IMAGE:latest" -t "$IMAGE:${GITHUB_SHA}" .
docker push "$IMAGE:latest"
docker push "$IMAGE:${GITHUB_SHA}"
- name: Trigger orca redeploy
run: |
PAYLOAD=$(printf '{"ref":"refs/heads/main","repository":{"full_name":"sharang/certifai"},"head_commit":{"id":"%s","message":"CI deploy"}}' "${GITHUB_SHA}")
SIG=$(printf '%s' "$PAYLOAD" | openssl dgst -sha256 -hmac "${{ secrets.ORCA_WEBHOOK_SECRET }}" | awk '{print $2}')
echo "Calling orca webhook for sharang/certifai@${GITHUB_SHA}"
RESP=$(curl -fsS -w "\nHTTP %{http_code}" -X POST "http://46.225.100.82:6880/api/v1/webhooks/github" \
-H "Content-Type: application/json" \
-H "X-Hub-Signature-256: sha256=$SIG" \
-d "$PAYLOAD")
echo "$RESP"
apk add --no-cache curl
curl -sf "${{ secrets.COOLIFY_WEBHOOK }}" \
-H "Authorization: Bearer ${{ secrets.COOLIFY_TOKEN }}"
Cargo.lock
Generated
+332 -393
View File
File diff suppressed because it is too large Load Diff
keycloak/realm-export.json
+6 -202
View File
@@ -53,7 +53,7 @@
"description": "CERTifAI administration dashboard",
"enabled": true,
"publicClient": true,
"directAccessGrantsEnabled": true,
"directAccessGrantsEnabled": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"serviceAccountsEnabled": false,
@@ -73,8 +73,7 @@
"defaultClientScopes": [
"openid",
"profile",
"email",
"tenant-context"
"email"
],
"optionalClientScopes": [
"offline_access"
@@ -107,8 +106,7 @@
"defaultClientScopes": [
"openid",
"profile",
"email",
"tenant-context"
"email"
],
"optionalClientScopes": [
"offline_access"
@@ -141,8 +139,7 @@
"defaultClientScopes": [
"openid",
"profile",
"email",
"tenant-context"
"email"
],
"optionalClientScopes": [
"offline_access"
@@ -272,105 +269,6 @@
}
}
]
},
{
"name": "tenant-context",
"description": "Breakpilot platform tenant + org claims (M7.1)",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"name": "tenant_id",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "tenant_id",
"claim.name": "tenant_id",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String"
}
},
{
"name": "tenant_slug",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "tenant_slug",
"claim.name": "tenant_slug",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String"
}
},
{
"name": "tenant_status",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "tenant_status",
"claim.name": "tenant_status",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String"
}
},
{
"name": "plan",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "plan",
"claim.name": "plan",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String"
}
},
{
"name": "org_roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "org_roles",
"claim.name": "org_roles",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String",
"multivalued": "true",
"aggregate.attrs": "true"
}
},
{
"name": "products",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "products",
"claim.name": "products",
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true",
"jsonType.label": "String",
"multivalued": "true",
"aggregate.attrs": "true"
}
}
]
}
],
"users": [
@@ -391,15 +289,7 @@
"realmRoles": [
"admin",
"user"
],
"attributes": {
"tenant_id": ["00000000-0000-0000-0000-000000000001"],
"tenant_slug": ["acme"],
"tenant_status": ["active"],
"plan": ["professional"],
"org_roles": ["IT_ADMIN", "CXO"],
"products": ["compliance", "certifai"]
}
]
},
{
"username": "user@certifai.local",
@@ -417,93 +307,7 @@
],
"realmRoles": [
"user"
],
"attributes": {
"tenant_id": ["00000000-0000-0000-0000-000000000001"],
"tenant_slug": ["acme"],
"tenant_status": ["active"],
"plan": ["professional"],
"org_roles": ["USER"],
"products": ["compliance"]
}
},
{
"username": "frozen@acme.local",
"email": "frozen@acme.local",
"firstName": "Frozen",
"lastName": "Tenant",
"enabled": true,
"emailVerified": true,
"credentials": [
{
"type": "password",
"value": "frozen",
"temporary": false
}
],
"realmRoles": [
"user"
],
"attributes": {
"tenant_id": ["00000000-0000-0000-0000-000000000002"],
"tenant_slug": ["frozenco"],
"tenant_status": ["frozen"],
"plan": ["starter"],
"org_roles": ["IT_ADMIN"],
"products": ["compliance"]
}
},
{
"username": "archived@acme.local",
"email": "archived@acme.local",
"firstName": "Archived",
"lastName": "Tenant",
"enabled": true,
"emailVerified": true,
"credentials": [
{
"type": "password",
"value": "archived",
"temporary": false
}
],
"realmRoles": [
"user"
],
"attributes": {
"tenant_id": ["00000000-0000-0000-0000-000000000003"],
"tenant_slug": ["archiveco"],
"tenant_status": ["archived"],
"plan": ["starter"],
"org_roles": ["IT_ADMIN"],
"products": ["compliance"]
}
},
{
"username": "trial@acme.local",
"email": "trial@acme.local",
"firstName": "Trial",
"lastName": "Tenant",
"enabled": true,
"emailVerified": true,
"credentials": [
{
"type": "password",
"value": "trial",
"temporary": false
}
],
"realmRoles": [
"user"
],
"attributes": {
"tenant_id": ["00000000-0000-0000-0000-000000000004"],
"tenant_slug": ["trialco"],
"tenant_status": ["trial"],
"plan": ["starter"],
"org_roles": ["IT_ADMIN"],
"products": ["compliance"]
}
]
}
]
}