digitalocean-app-platformlisted

# DigitalOcean App Platform Reviews App Platform app specs for the mistakes that cause downtime, leaked secrets, and broken routing. Ships a stdlib-only validator, `do_app_spec_lint.py`, that ingests the spec as JSON (recommended), the block-YAML DO emits, or the `digitalocean_app` Terraform resource, and reports findings with a rule id, severity, and a one-line fix. ## When to invoke - Reviewing or authoring an `app.yaml` / `.do/app.yaml` / `digitalocean_app`. - A service has downtime on deploy or flaps with no warning (health check / HA). - DigitalOcean warns that `routes` is deprecated. - A credential may be sitting in an env `value` in plaintext. - Ingress routing behaves unexpectedly (overlapping prefixes). ## Cross-cutting rules 1. **Prefer JSON input.** `doctl apps spec get <app-id> --format json` is the most reliable input; the YAML path is a subset parser and rejects anchors, flow collections, and folded/literal scalars. 2. **Never put a literal secret in an env `value`.** Use `type: SECRET` and a `${VAR}` substitution. Values containing `${...}` (GitHub secrets, `${db.X}` bindable refs, `${APP_URL}` app-wide vars) are references, not literals. 3. **The app spec is the source of truth.** App Platform reconciles to the spec on every deploy; fix the spec, not the running app. ## Running the validator ```bash # JSON (recommended) doctl apps spec get <app-id> --format json > spec.json python3 scripts/do_app_spec_lint.py spec.json # YAML subset, or