akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity

Resolve remaining merge conflict: accept PR changes (remove Charon.code-workspace)

Browse Source
This commit is contained in:
CI
2025-11-29 21:46:08 +00:00
parent fe1338890e e030b139d5
commit 39d5bfcb75
288 changed files with 23487 additions and 5582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/auto-changelog.yml vendored Normal file
View File

@@ -0,0 +1,17 @@
name: Auto Changelog (Release Drafter)
on:
push:
branches: [ main ]
release:
types: [published]
jobs:
update-draft:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Draft Release
uses: release-drafter/release-drafter@v5
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

53
.github/workflows/auto-versioning.yml vendored Normal file
View File

@@ -0,0 +1,53 @@
name: Auto Versioning and Release
on:
push:
branches: [ main ]
permissions:
contents: write
pull-requests: write
jobs:
version:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Generate semantic version (fallback script)
id: semver
run: |
# Ensure git tags are fetched
git fetch --tags --quiet || true
# Get latest tag or default to v0.0.0
TAG=$(git describe --abbrev=0 --tags 2>/dev/null || echo "v0.0.0")
echo "Detected latest tag: $TAG"
# Set outputs for downstream steps
echo "version=$TAG" >> $GITHUB_OUTPUT
echo "release_notes=Fallback: using latest tag only" >> $GITHUB_OUTPUT
echo "changed=false" >> $GITHUB_OUTPUT
- name: Show version
run: |
echo "Next version: ${{ steps.semver.outputs.version }}"
- name: Create annotated tag and push
if: ${{ steps.semver.outputs.changed }}
run: |
git tag -a v${{ steps.semver.outputs.version }} -m "Release v${{ steps.semver.outputs.version }}"
git push origin --tags
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Create GitHub Release (tag-only, no workspace changes)
if: ${{ steps.semver.outputs.changed }}
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ steps.semver.outputs.version }}
name: Release ${{ steps.semver.outputs.version }}
body: ${{ steps.semver.outputs.release_notes }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

52
.github/workflows/benchmark.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
name: Go Benchmark
on:
push:
branches:
- main
- development
paths:
- 'backend/**'
pull_request:
branches:
- main
- development
paths:
- 'backend/**'
workflow_dispatch:
permissions:
contents: write
deployments: write
jobs:
benchmark:
name: Performance Regression Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.25.4'
cache-dependency-path: backend/go.sum
- name: Run Benchmark
working-directory: backend
run: go test -bench=. -benchmem ./... | tee output.txt
- name: Store Benchmark Result
uses: benchmark-action/github-action-benchmark@v1
with:
name: Go Benchmark
tool: 'go'
output-file-path: backend/output.txt
github-token: ${{ secrets.GITHUB_TOKEN }}
auto-push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
# Show alert with commit comment on detection of performance regression
alert-threshold: '150%'
comment-on-alert: true
fail-on-alert: false
# Enable Job Summary for PRs
summary-always: true

77
.github/workflows/codecov-upload.yml vendored Normal file
View File

@@ -0,0 +1,77 @@
name: Upload Coverage to Codecov (Push only)
on:
push:
branches:
- main
- development
- 'feature/**'
permissions:
contents: read
jobs:
backend-codecov:
name: Backend Codecov Upload
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version: '1.25.4'
cache-dependency-path: backend/go.sum
- name: Run Go tests
working-directory: backend
env:
CGO_ENABLED: 1
run: |
go test -race -v -coverprofile=coverage.out ./... 2>&1 | tee test-output.txt
exit ${PIPESTATUS[0]}
- name: Upload backend coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./backend/coverage.out
flags: backend
fail_ci_if_error: true
frontend-codecov:
name: Frontend Codecov Upload
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '24.11.1'
cache: 'npm'
cache-dependency-path: frontend/package-lock.json
- name: Install dependencies
working-directory: frontend
run: npm ci
- name: Run frontend tests and coverage
working-directory: ${{ github.workspace }}
run: |
bash scripts/frontend-test-coverage.sh 2>&1 | tee frontend/test-output.txt
exit ${PIPESTATUS[0]}
- name: Upload frontend coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: ./frontend/coverage
flags: frontend
fail_ci_if_error: true

6
.github/workflows/codeql.yml vendored
View File

@@ -38,6 +38,12 @@ jobs:
with:
languages: ${{ matrix.language }}
- name: Setup Go
if: matrix.language == 'go'
uses: actions/setup-go@v4
with:
go-version: '1.25.4'
- name: Autobuild
uses: github/codeql-action/autobuild@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4

23
.github/workflows/docker-lint.yml vendored Normal file
View File

@@ -0,0 +1,23 @@
name: Docker Lint
on:
push:
branches: [ main, development, 'feature/**' ]
paths:
- 'Dockerfile'
pull_request:
branches: [ main, development ]
paths:
- 'Dockerfile'
jobs:
hadolint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Hadolint
uses: hadolint/hadolint-action@v3.1.0
with:
dockerfile: Dockerfile
failure-threshold: warning

97
.github/workflows/docker-publish.yml vendored
View File

@@ -6,8 +6,7 @@ on:
- main
- development
- feature/beta-release
tags:
- 'v*.*.*'
# Note: Tags are handled by release-goreleaser.yml to avoid duplicate builds
pull_request:
branches:
- main
@@ -18,7 +17,7 @@ on:
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/cpmp
IMAGE_NAME: ${{ github.repository_owner }}/charon
jobs:
build-and-push:
@@ -84,13 +83,24 @@ jobs:
DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' caddy:2-alpine)
echo "image=$DIGEST" >> $GITHUB_OUTPUT
- name: Choose Registry Token
if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
- name: Log in to Container Registry
if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.CPMP_TOKEN }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Extract metadata (tags, labels)
if: steps.skip.outputs.skip_build != 'true'
@@ -102,9 +112,6 @@ jobs:
type=raw,value=latest,enable={{is_default_branch}}
type=raw,value=dev,enable=${{ github.ref == 'refs/heads/development' }}
type=raw,value=beta,enable=${{ github.ref == 'refs/heads/feature/beta-release' }}
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=pr-${{ github.ref_name }},enable=${{ github.event_name == 'pull_request' }}
type=sha,format=short,enable=${{ github.event_name != 'pull_request' }}
@@ -184,6 +191,9 @@ jobs:
if: needs.build-and-push.outputs.skip_build != 'true' && github.event_name != 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- name: Normalize image name
run: |
raw="${{ github.repository_owner }}/${{ github.event.repository.name }}"
@@ -202,38 +212,47 @@ jobs:
echo "tag=sha-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
fi
- name: Choose Registry Token
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "REGISTRY_PASSWORD=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
- name: Log in to GitHub Container Registry
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CPMP_TOKEN }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Pull Docker image
run: docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}
- name: Run container
- name: Create Docker Network
run: docker network create charon-test-net
- name: Run Upstream Service (whoami)
run: |
docker run -d \
--name whoami \
--network charon-test-net \
traefik/whoami
- name: Run Charon Container
run: |
docker run -d \
--name test-container \
--network charon-test-net \
-p 8080:8080 \
-p 80:80 \
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}
- name: Test health endpoint (retries)
run: |
set +e
for i in $(seq 1 30); do
code=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:8080/api/v1/health || echo "000")
if [ "$code" = "200" ]; then
echo "✅ Health check passed on attempt $i"
exit 0
fi
echo "Attempt $i/30: health not ready (code=$code); waiting..."
sleep 2
done
echo "❌ Health check failed after retries"
docker logs test-container || true
exit 1
- name: Run Integration Test
run: ./scripts/integration-test.sh
- name: Check container logs
if: always()
@@ -241,7 +260,10 @@ jobs:
- name: Stop container
if: always()
run: docker stop test-container && docker rm test-container
run: |
docker stop test-container whoami || true
docker rm test-container whoami || true
docker network rm charon-test-net || true
- name: Create test summary
if: always()
@@ -249,4 +271,27 @@ jobs:
echo "## 🧪 Docker Image Test Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Image**: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.tag.outputs.tag }}" >> $GITHUB_STEP_SUMMARY
echo "- **Health Check**: ${{ job.status == 'success' && '✅ Passed' || '❌ Failed' }}" >> $GITHUB_STEP_SUMMARY
echo "- **Integration Test**: ${{ job.status == 'success' && '✅ Passed' || '❌ Failed' }}" >> $GITHUB_STEP_SUMMARY
trivy-pr-app-only:
name: Trivy (PR) - App-only
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Build image locally for PR
run: |
docker build -t charon:pr-${{ github.sha }} .
- name: Extract `charon` binary from image
run: |
CONTAINER=$(docker create charon:pr-${{ github.sha }})
docker cp ${CONTAINER}:/app/charon ./charon_binary || true
docker rm ${CONTAINER} || true
- name: Run Trivy filesystem scan on `charon` (fail PR on HIGH/CRITICAL)
run: |
docker run --rm -v $HOME/.cache/trivy:/root/.cache/trivy -v $PWD:/workdir aquasec/trivy:latest fs --exit-code 1 --severity CRITICAL,HIGH /workdir/charon_binary
shell: bash

59
.github/workflows/docs.yml vendored
View File

@@ -54,7 +54,7 @@ jobs:
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Caddy Proxy Manager Plus - Documentation</title>
<title>Charon - Documentation</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css">
<style>
:root {
@@ -151,7 +151,7 @@ jobs:
</head>
<body>
<header>
<h1>🚀 Caddy Proxy Manager Plus</h1>
<h1>🚀 Charon</h1>
<p>Make your websites easy to reach - No coding required!</p>
</header>
@@ -159,25 +159,25 @@ jobs:
<section>
<h2>👋 Welcome!</h2>
<p style="font-size: 1.1rem; color: #cbd5e1;">
This documentation will help you get started with Caddy Proxy Manager Plus.
This documentation will help you get started with Charon.
Whether you're a complete beginner or an experienced developer, we've got you covered!
</p>
</section>
<h2 style="margin-top: 3rem;">📚 Getting Started</h2>
<div class="grid">
<div class="card">
<h3>✨ Features <span class="badge badge-beginner">Overview</span></h3>
<p>See everything CPMP can do - security, monitoring, automation, and more!</p>
<a href="docs/features.html">View All Features →</a>
</div>
<div class="card">
<h3>🏠 Getting Started Guide <span class="badge badge-beginner">Start Here</span></h3>
<p>Your first setup in just 5 minutes! We'll walk you through everything step by step.</p>
<a href="docs/getting-started.html">Read the Guide →</a>
</div>
<div class="card">
<h3>📖 README <span class="badge badge-beginner">Essential</span></h3>
<p>Learn what the app does, how to install it, and see examples of what you can build.</p>
<a href="README.html">Read More →</a>
</div>
<div class="card">
<h3>📥 Import Guide</h3>
<p>Already using Caddy? Learn how to bring your existing configuration into the app.</p>
@@ -185,21 +185,6 @@ jobs:
</div>
</div>
<h2 style="margin-top: 3rem;">🔒 Security</h2>
<div class="grid">
<div class="card">
<h3>🛡️ Security Features</h3>
<p>CrowdSec integration, WAF, geo-blocking, rate limiting, and access control lists.</p>
<a href="docs/security.html">Learn More →</a>
</div>
<div class="card">
<h3>🔐 ACME Staging</h3>
<p>Test SSL certificates without hitting rate limits using Let's Encrypt staging.</p>
<a href="docs/acme-staging.html">View Guide →</a>
</div>
</div>
<h2 style="margin-top: 3rem;">🔧 Developer Documentation</h2>
<div class="grid">
<div class="card">
@@ -214,18 +199,6 @@ jobs:
<a href="docs/database-schema.html">View Schema →</a>
</div>
<div class="card">
<h3>🐛 Debugging Guide <span class="badge badge-advanced">Advanced</span></h3>
<p>Troubleshoot Docker containers, inspect logs, and test Caddy configuration.</p>
<a href="docs/debugging-local-container.html">Debug Issues →</a>
</div>
<div class="card">
<h3>⚙️ GitHub Setup <span class="badge badge-advanced">Advanced</span></h3>
<p>Set up CI/CD workflows, Docker builds, and documentation deployment.</p>
<a href="docs/github-setup.html">View Setup →</a>
</div>
<div class="card">
<h3>✨ Contributing Guide</h3>
<p>Want to help make this better? Learn how to contribute code, docs, or ideas.</p>
@@ -247,15 +220,15 @@ jobs:
Stuck? Have questions? We're here to help!
</p>
<div style="display: flex; gap: 1rem; flex-wrap: wrap; margin-top: 1rem;">
<a href="https://github.com/Wikid82/cpmp/discussions"
<a href="https://github.com/Wikid82/charon/discussions"
style="background: white; color: #1e40af; padding: 0.5rem 1rem; border-radius: 6px; text-decoration: none;">
💬 Ask a Question
</a>
<a href="https://github.com/Wikid82/cpmp/issues"
<a href="https://github.com/Wikid82/charon/issues"
style="background: white; color: #1e40af; padding: 0.5rem 1rem; border-radius: 6px; text-decoration: none;">
🐛 Report a Bug
</a>
<a href="https://github.com/Wikid82/cpmp"
<a href="https://github.com/Wikid82/charon"
style="background: white; color: #1e40af; padding: 0.5rem 1rem; border-radius: 6px; text-decoration: none;">
⭐ View on GitHub
</a>
@@ -316,10 +289,10 @@ jobs:
</head>
<body>
<nav>
<a href="/cpmp/">🏠 Home</a>
<a href="/cpmp/docs/index.html">📚 Docs</a>
<a href="/cpmp/docs/getting-started.html">🚀 Get Started</a>
<a href="https://github.com/Wikid82/cpmp">⭐ GitHub</a>
<a href="/charon/">🏠 Home</a>
<a href="/charon/docs/index.html">📚 Docs</a>
<a href="/charon/docs/getting-started.html">🚀 Get Started</a>
<a href="https://github.com/Wikid82/charon">⭐ GitHub</a>
</nav>
<main>
HEADER

1
.github/workflows/propagate-changes.yml vendored
View File

@@ -103,4 +103,5 @@ jobs:
}
}
env:
CHARON_TOKEN: ${{ secrets.CHARON_TOKEN }}
CPMP_TOKEN: ${{ secrets.CPMP_TOKEN }}

36
.github/workflows/quality-checks.yml vendored
View File

@@ -22,8 +22,10 @@ jobs:
- name: Run Go tests
id: go-tests
working-directory: backend
env:
CGO_ENABLED: 1
run: |
go test -v -coverprofile=coverage.out ./... 2>&1 | tee test-output.txt
go test -race -v -coverprofile=coverage.out ./... 2>&1 | tee test-output.txt
exit ${PIPESTATUS[0]}
- name: Go Test Summary
@@ -45,13 +47,12 @@ jobs:
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Upload coverage to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./backend/coverage.out
flags: backend
fail_ci_if_error: true
# Codecov upload moved to `codecov-upload.yml` which is push-only.
- name: Enforce module-specific coverage (backend)
working-directory: ${{ github.workspace }}
run: bash scripts/check-module-coverage.sh --backend-only
continue-on-error: false
- name: Run golangci-lint
uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0
@@ -78,11 +79,11 @@ jobs:
working-directory: frontend
run: npm ci
- name: Run frontend tests
- name: Run frontend tests and coverage
id: frontend-tests
working-directory: frontend
working-directory: ${{ github.workspace }}
run: |
npm run test:coverage 2>&1 | tee test-output.txt
bash scripts/frontend-test-coverage.sh 2>&1 | tee frontend/test-output.txt
exit ${PIPESTATUS[0]}
- name: Frontend Test Summary
@@ -106,13 +107,12 @@ jobs:
echo '```' >> $GITHUB_STEP_SUMMARY
fi
- name: Upload coverage to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
directory: ./frontend/coverage
flags: frontend
fail_ci_if_error: true
# Codecov upload moved to `codecov-upload.yml` which is push-only.
- name: Enforce module-specific coverage (frontend)
working-directory: ${{ github.workspace }}
run: bash scripts/check-module-coverage.sh --frontend-only
continue-on-error: false
- name: Run frontend lint
working-directory: frontend

58
.github/workflows/release-goreleaser.yml vendored Normal file
View File

@@ -0,0 +1,58 @@
name: Release (GoReleaser)
on:
push:
tags:
- 'v*'
permissions:
contents: write
packages: write
jobs:
goreleaser:
runs-on: ubuntu-latest
env:
# Use the built-in GITHUB_TOKEN by default for GitHub API operations.
# If you need to provide a PAT with elevated permissions, add a CHARON_TOKEN secret
# at the repo or organization level and update the env here accordingly.
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: '1.25.4'
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: '24.11.1'
- name: Build Frontend
working-directory: frontend
run: |
# Inject version into frontend build from tag (if present)
VERSION=$${GITHUB_REF#refs/tags/}
echo "VITE_APP_VERSION=$$VERSION" >> $GITHUB_ENV
npm ci
npm run build
- name: Install Cross-Compilation Tools (Zig)
uses: goto-bus-stop/setup-zig@v2
with:
version: 0.13.0
# GITHUB_TOKEN is set from CHARON_TOKEN or CPMP_TOKEN (fallback), defaulting to GITHUB_TOKEN
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v5
with:
distribution: goreleaser
version: latest
args: release --clean
# CGO settings are handled in .goreleaser.yaml via Zig

133
.github/workflows/release.yml vendored
View File

@@ -1,133 +0,0 @@
name: Release
on:
push:
tags:
- 'v*.*.*'
permissions:
contents: write
packages: write
jobs:
build-frontend:
name: Build Frontend
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: '24.11.1'
cache: 'npm'
cache-dependency-path: frontend/package-lock.json
- name: Install Dependencies
working-directory: frontend
run: npm ci
- name: Build
working-directory: frontend
run: npm run build
- name: Archive Frontend
working-directory: frontend
run: tar -czf ../frontend-dist.tar.gz dist/
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: frontend-dist
path: frontend-dist.tar.gz
build-backend:
name: Build Backend
runs-on: ubuntu-latest
strategy:
matrix:
goos: [linux]
goarch: [amd64, arm64]
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version: '1.25.4'
- name: Build
working-directory: backend
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 1
run: |
# Install dependencies for CGO (sqlite)
if [ "${{ matrix.goarch }}" = "arm64" ]; then
sudo apt-get update && sudo apt-get install -y gcc-aarch64-linux-gnu
export CC=aarch64-linux-gnu-gcc
fi
go build -ldflags "-s -w -X github.com/Wikid82/CaddyProxyManagerPlus/backend/internal/version.Version=${{ github.ref_name }}" -o ../cpmp-${{ matrix.goos }}-${{ matrix.goarch }} ./cmd/api
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: backend-${{ matrix.goos }}-${{ matrix.goarch }}
path: cpmp-${{ matrix.goos }}-${{ matrix.goarch }}
build-caddy:
name: Build Caddy
runs-on: ubuntu-latest
strategy:
matrix:
goos: [linux]
goarch: [amd64, arm64]
steps:
- uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
- uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version: '1.25.4'
- name: Install xcaddy
run: go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
- name: Build Caddy
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
run: |
xcaddy build v2.9.1 \
--replace github.com/quic-go/quic-go=github.com/quic-go/quic-go@v0.49.1 \
--replace golang.org/x/crypto=golang.org/x/crypto@v0.35.0 \
--output caddy-${{ matrix.goos }}-${{ matrix.goarch }}
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: caddy-${{ matrix.goos }}-${{ matrix.goarch }}
path: caddy-${{ matrix.goos }}-${{ matrix.goarch }}
create-release:
name: Create Release
needs: [build-frontend, build-backend, build-caddy]
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
path: artifacts
- name: Display structure of downloaded files
run: ls -R artifacts
- name: Create GitHub Release
uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2
with:
files: |
artifacts/frontend-dist/frontend-dist.tar.gz
artifacts/backend-linux-amd64/cpmp-linux-amd64
artifacts/backend-linux-arm64/cpmp-linux-arm64
artifacts/caddy-linux-amd64/caddy-linux-amd64
artifacts/caddy-linux-arm64/caddy-linux-arm64
generate_release_notes: true
prerelease: ${{ contains(github.ref_name, 'alpha') || contains(github.ref_name, 'beta') || contains(github.ref_name, 'rc') }}
token: ${{ secrets.CPMP_TOKEN }}
build-and-publish:
needs: create-release
uses: ./.github/workflows/docker-publish.yml # Reusable workflow present; path validated
secrets: inherit

12
.github/workflows/renovate.yml vendored
View File

@@ -18,10 +18,20 @@ jobs:
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6
with:
fetch-depth: 1
- name: Choose Renovate Token
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "RENOVATE_TOKEN=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "RENOVATE_TOKEN=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
- name: Run Renovate
uses: renovatebot/github-action@03026bd55840025343414baec5d9337c5f9c7ea7 # v44.0.4
with:
configurationFile: .github/renovate.json
token: ${{ secrets.CPMP_TOKEN }}
token: ${{ env.RENOVATE_TOKEN }}
env:
LOG_LEVEL: info

11
.github/workflows/renovate_prune.yml vendored
View File

@@ -22,10 +22,19 @@ jobs:
BRANCH_PREFIX: "renovate/" # adjust if you use a different prefix
steps:
- name: Choose GitHub Token
run: |
if [ -n "${{ secrets.CHARON_TOKEN }}" ]; then
echo "Using CHARON_TOKEN" >&2
echo "GITHUB_TOKEN=${{ secrets.CHARON_TOKEN }}" >> $GITHUB_ENV
else
echo "Using CPMP_TOKEN fallback" >&2
echo "GITHUB_TOKEN=${{ secrets.CPMP_TOKEN }}" >> $GITHUB_ENV
fi
- name: Prune renovate branches
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
with:
github-token: ${{ secrets.CPMP_TOKEN }}
github-token: ${{ env.GITHUB_TOKEN }}
script: |
const owner = context.repo.owner;
const repo = context.repo.repo;