akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

Merge branch 'feature/beta-release' into development

Browse Source
This commit is contained in:
Jeremy
2025-12-03 09:20:34 -05:00
committed by GitHub
parent 0cf27ef647 dbdb3fe7be
commit 377c331ff9
195 changed files with 20461 additions and 3473 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/docker-publish.yml vendored
View File

@@ -84,13 +84,16 @@ jobs:
echo "image=$DIGEST" >> $GITHUB_OUTPUT
- name: Choose Registry Token
id: choose-registry-token
if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_OUTPUT
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_OUTPUT
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
@@ -100,7 +103,7 @@ jobs:
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ env.REGISTRY_PASSWORD }}
password: ${{ steps.choose-registry-token.outputs.REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels)
if: steps.skip.outputs.skip_build != 'true'
@@ -213,12 +216,15 @@ jobs:
fi
- name: Choose Registry Token
id: choose-registry-token
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_OUTPUT
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_OUTPUT
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
@@ -227,7 +233,7 @@ jobs:
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ env.REGISTRY_PASSWORD }}
password: ${{ steps.choose-registry-token.outputs.REGISTRY_PASSWORD }}
- name: Pull Docker image
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}

13
.github/workflows/quality-checks.yml vendored
View File

@@ -21,11 +21,11 @@ jobs:
- name: Run Go tests
id: go-tests
working-directory: backend
working-directory: ${{ github.workspace }}
env:
CGO_ENABLED: 1
run: |
go test -race -v -coverprofile=coverage.out ./... 2>&1 | tee test-output.txt
bash scripts/go-test-coverage.sh 2>&1 | tee backend/test-output.txt
exit ${PIPESTATUS[0]}
- name: Go Test Summary
@@ -49,10 +49,6 @@ jobs:
# Codecov upload moved to `codecov-upload.yml` which is push-only.
- name: Enforce module-specific coverage (backend)
working-directory: ${{ github.workspace }}
run: bash scripts/check-module-coverage.sh --backend-only
continue-on-error: false
- name: Run golangci-lint
uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
@@ -109,10 +105,7 @@ jobs:
# Codecov upload moved to `codecov-upload.yml` which is push-only.
- name: Enforce module-specific coverage (frontend)
working-directory: ${{ github.workspace }}
run: bash scripts/check-module-coverage.sh --frontend-only
continue-on-error: false
- name: Run frontend lint
working-directory: frontend

74
.github/workflows/waf-integration.yml vendored Normal file
View File

@@ -0,0 +1,74 @@
name: WAF Integration Tests
on:
push:
branches: [ main, development, 'feature/**' ]
paths:
- 'backend/internal/caddy/**'
- 'backend/internal/models/security*.go'
- 'scripts/coraza_integration.sh'
- 'Dockerfile'
- '.github/workflows/waf-integration.yml'
pull_request:
branches: [ main, development ]
paths:
- 'backend/internal/caddy/**'
- 'backend/internal/models/security*.go'
- 'scripts/coraza_integration.sh'
- 'Dockerfile'
- '.github/workflows/waf-integration.yml'
# Allow manual trigger
workflow_dispatch:
jobs:
waf-integration:
name: Coraza WAF Integration
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
- name: Build Docker image
run: |
docker build \
--build-arg VCS_REF=${{ github.sha }} \
-t charon:local .
- name: Run WAF integration tests
id: waf-test
run: |
chmod +x scripts/coraza_integration.sh
scripts/coraza_integration.sh 2>&1 | tee waf-test-output.txt
exit ${PIPESTATUS[0]}
- name: WAF Integration Summary
if: always()
run: |
echo "## 🛡️ WAF Integration Test Results" >> $GITHUB_STEP_SUMMARY
if [ "${{ steps.waf-test.outcome }}" == "success" ]; then
echo "✅ **All WAF tests passed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Test Results:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
grep -E "^✓|^===|^Coraza" waf-test-output.txt || echo "See logs for details"
grep -E "^✓|^===|^Coraza" waf-test-output.txt >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
else
echo "❌ **WAF tests failed**" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Failure Details:" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
grep -E "^✗|Unexpected|Error|failed" waf-test-output.txt | head -20 >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Cleanup
if: always()
run: |
docker rm -f charon-debug || true
docker rm -f coraza-backend || true
docker network rm containers_default || true