chore: git cache cleanup

2026-03-04 18:34:49 +00:00
parent c32cce2a88
commit 27c252600a
2001 changed files with 683185 additions and 0 deletions
--- a/docs/actions/nightly-build-failure.md
+++ b/docs/actions/nightly-build-failure.md
@@ -0,0 +1,53 @@
+
+**Status**: ✅ RESOLVED (January 30, 2026)
+
+## Summary
+
+The nightly build failed during the GoReleaser release step while attempting
+to cross-compile for macOS.
+
+## Failure details
+
+Run link:
+[GitHub Actions run][nightly-run]
+
+Relevant log excerpt:
+
+```text
+release failed after 4m19s
+error=
+  build failed: exit status 1: go: downloading github.com/gin-gonic/gin v1.11.0
+  info: zig can provide libc for related target x86_64-macos.11-none
+target=darwin_amd64_v1
+The process '/opt/hostedtoolcache/goreleaser-action/2.13.3/x64/goreleaser'
+failed with exit code 1
+```
+
+## Root cause
+
+GoReleaser failed while cross-compiling the darwin_amd64_v1 target using Zig
+to provide libc. The nightly workflow configures Zig for cross-compilation,
+so the failure is likely tied to macOS toolchain compatibility or
+dependencies.
+
+## Recommended fixes
+
+- Ensure go.mod includes all platform-specific dependencies needed for macOS.
+- Confirm Zig is installed and available in the runner environment.
+- Update .goreleaser.yml to explicitly enable Zig for darwin builds.
+- If macOS builds are not required, remove darwin targets from the build
+  matrix.
+- Review detailed logs for a specific Go or Zig error to pinpoint the failing
+  package or build step.
+
+## Resolution
+
+Fixed by updating `.goreleaser.yml` to properly configure Zig toolchain for macOS cross-compilation and ensuring all platform-specific dependencies are available.
+
+## References
+
+- .github/workflows/nightly-build.yml
+- .goreleaser.yml
+
+[nightly-run]:
+  https://github.com/Wikid82/Charon/actions/runs/21503512215/job/61955865462
--- a/docs/actions/playwright-e2e-failures.md
+++ b/docs/actions/playwright-e2e-failures.md
@@ -0,0 +1,46 @@
+
+**Status**: ✅ RESOLVED (January 30, 2026)
+
+## Summary
+
+The run failed on main while passing on feature and development branches.
+
+## Failure details
+
+The primary error is a socket hang up during a security test in
+`zzz-admin-whitelist-blocking.spec.ts`:
+
+```text
+Error: apiRequestContext.post: socket hang up at
+tests/security-enforcement/zzz-admin-whitelist-blocking.spec.ts:126:21
+```
+
+The test POSTs to [the admin reset endpoint][admin-reset], but the test
+container cannot reach the admin API endpoint. This blocks the emergency
+reset and fails the test.
+
+## Likely cause
+
+The admin backend at [http://localhost:2020][admin-base] is not running or
+not reachable from the test runner container.
+
+## Recommended fixes
+
+- Ensure the admin backend is running and accessible from the test runner.
+- Confirm the workflow starts the required service and listens on port 2020.
+- If using Docker Compose, ensure the test container can reach the admin API
+  container (use `depends_on` and compatible networking).
+- If the endpoint should be served by the app under test, verify environment
+  variables and config expose the admin API on the correct port.
+
+## Optional code adjustment
+
+If Playwright must target a non-default admin endpoint, read it from an
+environment variable such as `CHARON_ADMIN_API_URL`.
+
+## Resolution
+
+Fixed by ensuring proper Docker Compose networking configuration and verifying admin backend service availability before test execution. Tests now properly wait for service readiness.
+
+[admin-reset]: http://localhost:2020/emergency/security-reset
+[admin-base]: http://localhost:2020
--- a/docs/actions/trivy-scan-failure.md
+++ b/docs/actions/trivy-scan-failure.md
@@ -0,0 +1,49 @@
+**Status**: ✅ RESOLVED (January 30, 2026)
+
+https://github.com/Wikid82/Charon/actions/runs/21503634925/job/61955008214
+
+Run # Normalize image name for reference
+🔍 Extracting binary from: ghcr.io/wikid82/charon:feature/beta-release
+invalid reference format
+Error: Process completed with exit code 1.
+
+The failure is caused by an invalid Docker image reference format when trying to extract the charon binary. In the logs:
+
+invalid reference format
+
+This happens during the construction of the IMAGE_REF environment variable in this step:
+
+bash
+if [[ "${{ steps.pr-info.outputs.is_push }}" == "true" ]]; then
+  IMAGE_REF="ghcr.io/${IMAGE_NAME}:${{ github.event.workflow_run.head_branch }}"
+else
+  IMAGE_REF="ghcr.io/${IMAGE_NAME}:pr-${{ steps.pr-info.outputs.pr_number }}"
+fi
+If the PR number is missing or blank, IMAGE_REF becomes invalid (e.g., ghcr.io/wikid82/charon:pr-), which is not a valid tag. The extraction then fails.
+
+Solution:
+
+Add a check to ensure steps.pr-info.outputs.pr_number is set before constructing IMAGE_REF for PRs. If it’s missing/empty, exit or skip with a clear message.
+Suggested code improvement for the “Extract charon binary from container” step:
+
+YAML
+- name: Extract charon binary from container
+  if: steps.check-artifact.outputs.artifact_exists == 'true'
+  id: extract
+  run: |
+    IMAGE_NAME=$(echo "${{ github.repository_owner }}/charon" | tr '[:upper:]' '[:lower:]')
+    if [[ "${{ steps.pr-info.outputs.is_push }}" == "true" ]]; then
+      IMAGE_REF="ghcr.io/${IMAGE_NAME}:${{ github.event.workflow_run.head_branch }}"
+    else
+      if [[ -z "${{ steps.pr-info.outputs.pr_number }}" ]]; then
+        echo "❌ PR number missing, cannot form Docker image reference."
+        exit 1
+      fi
+      IMAGE_REF="ghcr.io/${IMAGE_NAME}:pr-${{ steps.pr-info.outputs.pr_number }}"
+    fi
+    echo "🔍 Extracting binary from: ${IMAGE_REF}"
+    ...
+This ensures the workflow does not attempt to use an invalid image tag when the PR number is missing. Adjust similar logic throughout the workflow to handle missing variables gracefully.
+## Resolution
+
+Fixed by adding proper validation for PR number before constructing Docker image reference, ensuring IMAGE_REF is never constructed with empty/missing variables. Branch name sanitization also implemented to handle slashes in feature branch names.