feat(infra): infrastructure automation scripts and workflows (#471, #472, #473, #474)#589
Merged
BigBen-7 merged 1 commit intoJun 2, 2026
Conversation
…ad testing
- Issue 471: generate-docs.sh (Terraform/K8s docs), generate-diagrams.py
(Mermaid network/dependency diagrams), auto-generated docs dir,
updated docs-generation.yml CI workflow with infra-docs job
- Issue 472: chaos-tests/{pod-failure,network-latency,resource-exhaustion,
failover}.sh, run-chaos-experiment.sh dispatcher, chaos-engineering.md
- Issue 473: harden-security.sh (SSH, firewall, SA audit, permission audit,
baseline checks), security/hardening-config.yml, security-hardening.md
- Issue 474: load-tests/api-load-test.js (k6), load-tests/locustfile.py,
run-load-test.sh, load-testing.md
Closes PinSpace-Org#471, Closes PinSpace-Org#472, Closes PinSpace-Org#473, Closes PinSpace-Org#474
|
@authenticeasy-sys Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
BigBen-7
approved these changes
Jun 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements all four infrastructure automation issues in a single PR.
Issue #471 — Automated documentation generation
infrastructure/scripts/generate-docs.sh— generates Terraform docs, K8s resource inventory, and dependency graph intoinfrastructure/docs/auto-generated/infrastructure/scripts/generate-diagrams.py— generates Mermaid network and Terraform dependency diagramsinfrastructure/docs/auto-generated/— output directory (tracked with.gitkeep)infrastructure/ci/docs-generation.yml— updated CI workflow with newgenerate-infra-docsjob (triggers on push tomainwhen infra files change, installs terraform-docs, runs both scripts, commits results)Issue #472 — Chaos engineering test suite
infrastructure/scripts/chaos-tests/pod-failure.sh— deletes a random pod and validates K8s self-healinginfrastructure/scripts/chaos-tests/network-latency.sh— injects latency viatc neteminfrastructure/scripts/chaos-tests/resource-exhaustion.sh— CPU/memory stress on a running podinfrastructure/scripts/chaos-tests/failover.sh— scales deployment to 0 and restores, validates rolloutinfrastructure/scripts/run-chaos-experiment.sh— dispatcher for all experimentsinfrastructure/docs/chaos-engineering.md— usage docsIssue #473 — Automated security hardening
infrastructure/scripts/harden-security.sh— SSH hardening, UFW/iptables firewall rules, K8s service account audit, world-writable permission remediation, baseline pass/fail checksinfrastructure/security/hardening-config.yml— declarative config for all hardening settingsinfrastructure/docs/security-hardening.md— usage docsIssue #474 — Automated load testing
infrastructure/scripts/load-tests/api-load-test.js— k6 script with ramp-up/sustained/peak stages and p95 < 500ms thresholdinfrastructure/scripts/load-tests/locustfile.py— Locust alternativeinfrastructure/scripts/run-load-test.sh— dispatcher supporting both k6 and Locustinfrastructure/docs/load-testing.md— usage docsWorkflow Fixes
docs-generation.yml: addedgenerate-infra-docsjob, fixedgit addto use|| truefor optional paths, added[skip ci]to auto-commit message to prevent loopsTesting
python3 -c "import yaml; yaml.safe_load(...)"chmod +x)Closes #471
Closes #472
Closes #473
Closes #474