akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

fix: Implement dependency digest tracking for nightly builds

Browse Source 
- Updated Docker Compose files to use digest-pinned images for CI contexts.
- Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums.
- Added Renovate configuration for tracking Go tool versions and digest updates.
- Introduced a new design document outlining the architecture and data flow for dependency tracking.
- Created tasks and requirements documentation to ensure compliance with the new digest pinning policy.
- Updated security documentation to reflect the new digest pinning policy and exceptions.
This commit is contained in:
GitHub Actions
2026-01-30 06:38:56 +00:00
parent dcb3e704a3
commit 6675f2a169
19 changed files with 545 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.docker/compose/docker-compose.playwright-ci.yml
View File

@@ -27,7 +27,11 @@ services:
# Charon Application - Core E2E Testing Service
# =============================================================================
charon-app:
image: ${CHARON_E2E_IMAGE:-charon:e2e-test}
# CI default (digest-pinned via workflow output):
# CHARON_E2E_IMAGE_DIGEST=ghcr.io/wikid82/charon:nightly@sha256:<digest>
# Local override (tag-based):
# CHARON_E2E_IMAGE=charon:e2e-test
image: ${CHARON_E2E_IMAGE_DIGEST:-${CHARON_E2E_IMAGE:-charon:e2e-test}}
container_name: charon-playwright
restart: "no"
# CI generates CHARON_ENCRYPTION_KEY dynamically in GitHub Actions workflow
@@ -96,7 +100,7 @@ services:
# CrowdSec - Security Testing Service (Optional Profile)
# =============================================================================
crowdsec:
image: crowdsecurity/crowdsec:latest
image: crowdsecurity/crowdsec:latest@sha256:63b595fef92de1778573b375897a45dd226637ee9a3d3db9f57ac7355c369493
container_name: charon-playwright-crowdsec
profiles:
- security-tests
@@ -122,7 +126,7 @@ services:
# MailHog - Email Testing Service (Optional Profile)
# =============================================================================
mailhog:
image: mailhog/mailhog:latest
image: mailhog/mailhog:latest@sha256:8d76a3d4ffa32a3661311944007a415332c4bb855657f4f6c57996405c009bea
container_name: charon-playwright-mailhog
profiles:
- notification-tests