739895d81e
Fixes CrowdSec not starting automatically on container boot and LAPI binding failures due to permission issues. Changes: - Fix Dockerfile: Add charon:charon ownership for CrowdSec directories - Move reconciliation from routes.go goroutine to main.go initialization - Add mutex protection to prevent concurrent reconciliation - Increase LAPI startup timeout from 30s to 60s - Add config validation in entrypoint script Testing: - Backend coverage: 85.4% (✅ meets requirement) - Frontend coverage: 87.01% (✅ exceeds requirement) - Security: 0 Critical/High vulnerabilities (✅ Trivy + Go scans) - All CrowdSec-specific tests passing (✅ 100%) Technical Details: - Reconciliation now runs synchronously during app initialization (after DB migrations, before HTTP server starts) - Maintains "GUI-controlled" design philosophy per entrypoint docs - Follows principle of least privilege (charon user, not root) - No breaking changes to API or behavior Documentation: - Implementation guide: docs/implementation/crowdsec_startup_fix_COMPLETE.md - Migration guide: docs/implementation/crowdsec_startup_fix_MIGRATION.md - QA report: docs/reports/qa_report_crowdsec_startup_fix.md Related: #crowdsec-startup-timeout
3.7 KiB
Executable File
3.7 KiB
Executable File