Skip to content

feat: expose release readiness/rollback in API + dashboard UI#318

Open
eva57gr wants to merge 4 commits intoLight-Heart-Labs:mainfrom
eva57gr:feat/release-readiness-api
Open

feat: expose release readiness/rollback in API + dashboard UI#318
eva57gr wants to merge 4 commits intoLight-Heart-Labs:mainfrom
eva57gr:feat/release-readiness-api

Conversation

@eva57gr
Copy link
Contributor

@eva57gr eva57gr commented Mar 17, 2026

No description provided.

Lightheartdevs
Lightheartdevs requested changes Mar 17, 2026
View reviewed changes
Copy link
Collaborator

@Lightheartdevs Lightheartdevs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The compose volume mount was broadened from specific directory mounts to ./:/dream-server:ro which mounts the entire install directory (including data/, Docker socket paths, credentials) into the container. Even read-only, this violates least-privilege. Please revert to the granular per-directory mounts.

@Lightheartdevs
Copy link
Collaborator

Lightheartdevs commented Mar 17, 2026

The JSON output mode and version state refactor are useful. However, replacing four targeted bind mounts with ./:/dream-server:ro gives the dashboard-api container read access to the entire install directory (including .env, logs, data). Please revert to targeted mounts and add only the specific additional paths the API needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lightheartdevs Lightheartdevs Lightheartdevs requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eva57gr @Lightheartdevs