Fix/security headers helmet docs ci wasm batch2#1263
Open
martinzhames wants to merge 5 commits into
Open
Conversation
- Install helmet@8.0.0 as a pinned dependency - Wire helmet in main.ts before SecurityHeadersMiddleware so it provides the standard baseline (frameguard, hidePoweredBy, noSniff, referrerPolicy, xssFilter, dnsPrefetchControl, ieNoOpen, permittedCrossDomainPolicies) - Disable helmet's CSP, COEP, COOP, CORP in favour of the env-aware SecurityHeadersMiddleware that already handles those with dev/prod tuning - Remove the redundant inline header-setting block that duplicated nosniff, X-Frame-Options, X-XSS-Protection, and HSTS in main.ts - Add 'helmet integration contract' test suite to security-headers.middleware.spec.ts verifying the custom layer covers every header helmet would set - Update CORS_AND_SECURITY_HEADERS.md to document the two-layer architecture
- Add contract/docs/CONTRACT_DEPLOY_RUNBOOK.md covering: - Prerequisites and tool version requirements - One-time identity setup for testnet, mainnet, and CI - Build and WASM validation via --dry-run - Testnet and mainnet deploy procedures with flag reference - Post-deploy smoke-test verification commands - Wiring contract IDs into backend and frontend env files - Rollback procedure (redeploy previous WASM, update config) - CI non-interactive dry-run example - Troubleshooting section for common failure modes - Pre/post-deploy checklist - Link runbook from contract/README.md and DEPLOYMENT.md
- Add backend/docs/API_QUICKSTART.md covering: - Local setup via Docker Compose and manual path - Swagger UI location - Full wallet challenge-response auth flow with curl examples - Authenticated request examples (Bearer token, refresh, logout) - Key API areas table (auth, users, creators, subscriptions, posts, etc.) - Request/response conventions (versioning, pagination, correlation IDs) - Rate limiting tiers reference - CSRF token fetch and usage - Idempotency key usage and covered endpoints - Error format and common status codes - Test commands (unit, watch, coverage, e2e) - New endpoint checklist with minimal controller example - Further reading table linking to all related docs - Link quickstart from CONTRIBUTING.md
contract-ci.yml: - Add Swatinem/rust-cache@v2 keyed on contract/target to cache compiled Rust dependencies across runs (registry index, crate sources, build artifacts) - Add actions/cache@v4 step to restore/save compiled WASM release artifacts keyed on Cargo.lock hash — cache is invalidated only when a dependency changes - Gate 'Build wasm target' step behind cache-hit check so the expensive wasm32-unknown-unknown release build is skipped on cache hits - Add 'Upload wasm artifacts' step (actions/upload-artifact@v4) so downstream jobs (contract-release, futurenet-smoke) can download pre-built WASMs instead of rebuilding; retention 7 days contract-release.yml: - Add WASM artifact cache restore step (same key scheme as contract-ci.yml) so the release checklist workflow also benefits from warm caches - Update 'Build WASM release artifacts' step to skip the cargo build when artifacts are restored from cache, with a clear summary message
|
@martinzhames Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses three platform improvement initiatives across documentation and CI:
Added a comprehensive Contract Deployment Runbook to standardize contract deployment workflows.
Added an API Quickstart Guide for New Contributors to reduce onboarding friction and improve developer experience.
Optimized CI by caching contract WASM artifacts to reduce build times and improve pipeline efficiency.
These changes improve maintainability, contributor onboarding, and CI performance while ensuring existing workflows remain unaffected.
Changes Included
Created deployment runbook documentation covering:
Deployment prerequisites and environment setup
Build and release workflow
Contract deployment steps
Verification and post-deployment validation
Rollback and troubleshooting procedures
Added examples and operational guidance for common deployment scenarios.
Updated documentation navigation and references where applicable.
Implemented caching strategy for generated contract WASM artifacts within CI workflows.
Configured cache keys and restore logic to avoid unnecessary recompilation.
Added safeguards to ensure stale or invalid cache entries do not impact build correctness.
Verified compatibility with existing contract build and release pipelines.
Added contributor-focused API quickstart documentation covering:
Local development environment setup
Dependency installation
Running the API locally
Environment configuration
Common development workflows
Testing and verification steps
Included troubleshooting guidance for common onboarding issues.
Added references to relevant project documentation and development standards.
Testing & Validation
Documentation
Reviewed all new documentation for accuracy and completeness.
Verified commands, examples, and referenced workflows.
Confirmed documentation links and navigation paths are valid.
CI
Verified contract build pipeline successfully restores and saves WASM caches.
Confirmed contract tests and WASM release builds complete successfully.
Validated cache misses and cache-hit scenarios behave as expected.
closes #1206
closes #1218
closes #1205
closes #1204