akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix: Implement dependency digest tracking for nightly builds

Browse Source 
- Updated Docker Compose files to use digest-pinned images for CI contexts.
- Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums.
- Added Renovate configuration for tracking Go tool versions and digest updates.
- Introduced a new design document outlining the architecture and data flow for dependency tracking.
- Created tasks and requirements documentation to ensure compliance with the new digest pinning policy.
- Updated security documentation to reflect the new digest pinning policy and exceptions.
This commit is contained in:
GitHub Actions
2026-01-30 06:38:56 +00:00
parent dcb3e704a3
commit 6675f2a169
19 changed files with 545 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/skills/utility-update-go-version-scripts/run.sh vendored
View File

@@ -37,6 +37,9 @@ echo "🔄 Updating Go from $CURRENT_VERSION to $REQUIRED_VERSION..."
# Download the new Go version using the official dl tool
echo "📥 Downloading Go $REQUIRED_VERSION..."
# Exception: golang.org/dl requires @latest to resolve the versioned shim.
# Compensating controls: REQUIRED_VERSION is pinned in go.work, and the dl tool
# downloads the official Go release for that exact version.
go install "golang.org/dl/go${REQUIRED_VERSION}@latest"
# Download the SDK