From 724a8d69a98911779bb1dc8d66075c9b9e363e5a Mon Sep 17 00:00:00 2001
From: rajashish147 <rajashish147@gmail.com>
Date: Sat, 28 Mar 2026 22:31:05 +0530
Subject: [PATCH] feat: enhance OpenSSL verification in Docker image to ensure
 Node.js runtime integrity

---
 .github/workflows/deploy.yml | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 916cfd3..4645906 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -257,14 +257,22 @@ jobs:
       - name: Verify Node.js runtime crypto
         run: |
           IMAGE_NAME="fieldtrack-backend:${{ steps.meta.outputs.sha_short }}"
-          OPENSSL_VERSION=$(docker run --rm "$IMAGE_NAME" node -p "process.versions.openssl" 2>&1)
-          EXIT_CODE=$?
-          if [ $EXIT_CODE -ne 0 ] || [ -z "$OPENSSL_VERSION" ]; then
-            echo "::error::Node.js OpenSSL binding check failed"
-            echo "Output: $OPENSSL_VERSION"
-            exit 1
-          fi
-          echo "✓ Runtime crypto verified: OpenSSL $OPENSSL_VERSION"
+          echo "Testing image: $IMAGE_NAME"
+          
+          # First, verify the image exists and can start
+          echo "Checking if image is available..."
+          docker images "$IMAGE_NAME" || (echo "❌ Image not found"; exit 1)
+          
+          # Test Node.js and OpenSSL binding
+          echo "Verifying Node.js runtime..."
+          docker run --rm "$IMAGE_NAME" node -e "
+            const openssl = process.versions.openssl;
+            if (!openssl) {
+              console.error('ERROR: OpenSSL not linked to Node.js runtime');
+              process.exit(1);
+            }
+            console.log('✓ OpenSSL version:', openssl);
+          "
 
       # Capture the content-addressable image digest.
       # With cache scoping and cache busting, digest should always reproduce correctly.