pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity
109 Commits 2 Branches 0 Tags
ad7f4e2b1c62b3929b9d4b01949caa0ac25cf7e7
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Patrick Plate ad7f4e2b1c
CI — Build, Lint & Security Scan / backend (push) Failing after 1m54s
Details
CI — Build, Lint & Security Scan / image-scan (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / frontend (push) Has been cancelled
Details
CI — Build, Lint & Security Scan / secrets-scan (push) Has been cancelled
Details
Deploy to TrueNAS / deploy (push) Has been cancelled
Details
feat(ci): add security scanning pipeline — OWASP, Trivy, Gitleaks, pnpm audit 
New CI workflow (.gitea/workflows/ci.yml) runs on every push to main:
- Backend: Maven compile + test + OWASP Dependency-Check (fails on CVSS>=7)
- Frontend: pnpm lint + type-check + pnpm audit (fails on High/Critical)
- Docker image scan: Trivy for both backend/frontend images (High/Critical)
- Secrets detection: Gitleaks full-repo scan

Deploy workflow remains independent (self-hosted runner limitation).
Both workflows run in parallel on push to main.
2026-06-19 09:15:20 +02:00
.gitea/workflows
feat(ci): add security scanning pipeline — OWASP, Trivy, Gitleaks, pnpm audit
2026-06-19 09:15:20 +02:00
.mvn/wrapper
feat(sprint-1): CannaManage foundation — compliance engine, JPA entities, tests TC-001→TC-025
2026-04-12 20:30:12 +02:00
cannamanage-api
fix(security): suppress CSRF false positive + upgrade next 15.5.19 + dep overrides
2026-06-19 09:09:40 +02:00
cannamanage-domain
feat: Sprint 14 — Marketing & Monetization
2026-06-18 20:28:35 +02:00
cannamanage-frontend
fix(security): suppress CSRF false positive + upgrade next 15.5.19 + dep overrides
2026-06-19 09:09:40 +02:00
cannamanage-service
feat: Sprint 14 — Marketing & Monetization
2026-06-18 20:28:35 +02:00
deploy
feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
2026-06-12 22:11:43 +02:00
docs
feat: Sprint 14 — Marketing & Monetization
2026-06-18 20:28:35 +02:00
scripts
feat(sprint8): Phase 5+6 — Integration, schedulers, tier enforcement, testing
2026-06-15 09:22:49 +02:00
.gitignore
feat: Sprint 14 — Marketing & Monetization
2026-06-18 20:28:35 +02:00
.snyk
fix(security): suppress CSRF false positive + upgrade next 15.5.19 + dep overrides
2026-06-19 09:09:40 +02:00
docker-compose.prod.yml
feat(sprint-6): Phase 1 — Production deployment infrastructure (IONOS)
2026-06-12 22:11:43 +02:00
docker-compose.test.local.yml
test: add full-stack Playwright integration test infrastructure
2026-06-18 14:43:16 +02:00
docker-compose.test.yml
test: add full-stack Playwright integration test infrastructure
2026-06-18 14:43:16 +02:00
docker-compose.truenas.yml
ci(deploy): auto-deploy to TrueNAS via self-hosted Gitea Actions runner
2026-06-16 18:52:18 +02:00
docker-compose.yml
fix(deploy): use valid base64 JWT secret in docker-compose
2026-06-13 10:08:34 +02:00
Dockerfile.backend
feat(sprint-5): Phase 1 — Docker Compose full stack, CORS, Next.js upgrade
2026-06-12 19:51:24 +02:00
mvnw
feat(sprint-1): CannaManage foundation — compliance engine, JPA entities, tests TC-001→TC-025
2026-04-12 20:30:12 +02:00
mvnw.cmd
feat(sprint-1): CannaManage foundation — compliance engine, JPA entities, tests TC-001→TC-025
2026-04-12 20:30:12 +02:00
pom.xml
fix(security): bump Spring Boot 4.0.6 → 4.0.7 — fixes CVE insecure temp file
2026-06-19 09:03:12 +02:00
README.md
feat: Sprint 13 — Production Hardening (security fixes, CI gate, rate limiting, tests)
2026-06-18 16:08:05 +02:00

README.md

CannaManage

Full-stack management platform for German cannabis cultivation associations (Anbauvereinigungen) under the CanG/KCanG regulatory framework.

Tech Stack

Layer Technology
Frontend Next.js 15, React 19, TypeScript, Tailwind CSS 4, shadcn/ui
Backend Spring Boot 3.5, Java 17, Spring Security (JWT + session)
Database PostgreSQL 16, Flyway migrations
Infrastructure Docker Compose, Gitea Actions CI/CD, TrueNAS deployment

Project Structure

cannamanage/
├── cannamanage-api/        # Spring Boot REST API (entry point)
├── cannamanage-service/    # Business logic layer
├── cannamanage-domain/     # JPA entities, enums, value objects
├── cannamanage-frontend/   # Next.js frontend (pnpm)
├── deploy/                 # Deployment scripts & nginx config
├── docker-compose.yml      # Local development stack
└── .gitea/workflows/       # CI/CD pipeline

Local Development

Prerequisites

  • Java 17+
  • Maven 3.9+
  • Node.js 22+ with pnpm 10+
  • Docker & Docker Compose

Backend

# Start PostgreSQL
docker compose up -d db

# Run Spring Boot
mvn spring-boot:run -f cannamanage-api/pom.xml -Dspring-boot.run.profiles=local

Frontend

cd cannamanage-frontend
pnpm install
pnpm dev

The frontend runs on http://localhost:3000, backend on http://localhost:8080.

Full Stack (Docker)

docker compose up --build

Deployment

Push to main triggers the Gitea Actions CI pipeline which:

  1. Runs backend tests (mvn test)
  2. Runs frontend lint (pnpm lint)
  3. Builds Docker images
  4. Deploys to TrueNAS via Docker Compose
  5. Verifies backend health + frontend availability

Manual deploy:

cd deploy && ./deploy.sh

Environment Variables

Variable Purpose Default
CANNAMANAGE_SECURITY_JWT_SECRET JWT signing key (base64, 256-bit) — (required)
CORS_ORIGINS Allowed CORS origins (comma-separated) http://localhost:3000
SMTP_HOST / SMTP_PORT Mail server for invites localhost:1025
SCHEDULERS_ENABLED Enable background jobs true

License

Proprietary — Patrick Plate

Reference in New Issue View Git Blame Copy Permalink
S
Description
CannaManage — B2B SaaS for German Cannabis Social Clubs (Anbauvereinigungen)
Readme 7.8 MiB
Languages
Java 61%
TypeScript 38.1%
JavaScript 0.4%
CSS 0.3%
Shell 0.2%