Sākums Izpētīt Palīdzība
Pierakstīties
chiappa
/
sprint_planer_web
spogulis no https://git.snix.ch/chiappa/sprint_planer_web.git
1
0
Atdalīts 0
Faili Problēmas 0
Pārlūkot izejas kodu

Docs: mark R01-N22 fixed in 43b2fc9

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chiappa 2 dienas atpakaļ
vecāks
43b2fc9c80
revīzija
114de03fc1
1 mainītis faili ar 28 papildinājumiem un 5 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 28 5
      doc/REVIEW_01.md

+ 28 - 5
doc/REVIEW_01.md
Parādīt failu 

@@ -766,12 +766,35 @@ note. Do not delete entries — they're history.
 
 
 ### R01-N22 — Migrator runs at request time, swallows stale cache risk
 
 - **Severity**: MEDIUM (operational hazard).
 
-- **Status**: open.
 
-- **Where**: `public/index.php` lines 73-85; `src/Db/Migrator.php`.
 
-- **What**: Migrations run on every request as `pdo->exec($sql)` (multi-
 
+- **Status**: fixed-in-`43b2fc9` — went with both bullet points from
 
+  the audit's Suggested-fix list. Migrations are now applied by the
 
+  new `bin/migrate.php` CLI, called from `bin/docker-entrypoint.sh`
 
+  before `exec apache2-foreground`, so a failed migration aborts
 
+  container start (`docker logs` carries the stderr) instead of
 
+  leaking into the request path. The web request path only calls
 
+  the new pure-read `Migrator::pendingFiles()` (which diffs files on
 
+  disk against `schema_version` without applying SQL) and emits
 
+  `503 Service Unavailable` + `Retry-After: 30` + a structured
 
+  `error_log` line when anything is pending. Bare-metal deploys that
 
+  skip Docker run the CLI manually as part of the release procedure;
 
+  `doc/admin-manual.md` §5.5 documents both. The 503 path is
 
+  intentionally loud — the alternative (auto-migrating in a request
 
+  that may then crash mid-DDL) is exactly the partial-schema failure
 
+  mode the finding flagged. New `tests/Db/MigratorTest.php` (6
 
+  cases) pins `pendingFiles()` against the real `migrations/`
 
+  folder, virgin-DB / post-migrate / drift-after-deploy paths, the
 
+  ignore-non-`NNN_*.sql` rule, and the `schema_version`-creation
 
+  side-effect. Tests: 311 / 823 (was 305 / 814).
 
+- **Where**:
 
+  - `public/index.php` lines 75-104 (check + 503).
 
+  - `src/Db/Migrator.php` — `pendingFiles()` added; `migrate()`
 
+    unchanged.
 
+  - `bin/migrate.php` (new), `bin/docker-entrypoint.sh` (new).
 
+  - `Dockerfile` — `ENTRYPOINT` + `CMD`.
 
+- **What**: Migrations ran on every request as `pdo->exec($sql)` (multi-
 
   statement). On a fresh deploy, the *first* request after the new code
 
-  ships does the migration; if that request crashes mid-migration (timeout,
 
-  OOM), partial state may persist. SQLite + the migrator's `BEGIN..COMMIT`
 
+  ships did the migration; if that request crashed mid-migration (timeout,
 
+  OOM), partial state could persist. SQLite + the migrator's `BEGIN..COMMIT`
 
   protects most cases, but `ALTER TABLE … ADD COLUMN` is a DDL that's
 
   conditionally inside a tx — see SQLite caveats.
 
 - **Why it matters**: A partially-applied migration leaves the schema in a