docker/scripts/docs/sanitize-public-docs.py

#!/usr/bin/env python3
import re
import sys
from pathlib import Path

src_generated = Path(sys.argv[1])
src_diagrams = Path(sys.argv[2])
out_dir = Path(sys.argv[3])
out_dir.mkdir(parents=True, exist_ok=True)


def sanitize_text(content: str) -> str:
    content = re.sub(r'\b[a-zA-Z0-9.-]+\.lan\.ddnsgeek\.com\b', '<internal-domain>', content)
    content = re.sub(
        r'\b(?:10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|172\.(?:1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3})\b',
        '<private-ip>',
        content,
    )
    content = re.sub(r'(?i)\b(password|token|api[_-]?key|secret)\s*[:=]\s*[^\s\n]+', r'\1=<redacted>', content)
    content = re.sub(r'(?m)^([A-Z0-9_]*(?:PASSWORD|TOKEN|API_KEY|SECRET)[A-Z0-9_]*)\s*[:=]\s*.*$', r'\1=<redacted>', content)
    return content

for name in ['compose-inventory.md', 'traefik-routes.md', 'prometheus-rules.md']:
    src = src_generated / name
    if src.exists():
        (out_dir / name).write_text(sanitize_text(src.read_text(errors='ignore')))

svg_src = src_diagrams / 'docker-compose.svg'
if svg_src.exists():
    (out_dir / 'docker-compose.svg').write_text(sanitize_text(svg_src.read_text(errors='ignore')))

(out_dir / 'index.md').write_text(
    """# Public Infrastructure Summary

This folder contains sanitized documentation generated from the infrastructure repository.

Sensitive values such as internal domain names, private IP addresses, tokens, passwords, and secrets are redacted.

## Documents

- [Compose Inventory](compose-inventory.md)
- [Traefik Routes](traefik-routes.md)
- [Prometheus Rules](prometheus-rules.md)
- [Docker Compose Diagram](docker-compose.svg)
"""
)