diff --git a/.github/workflows/cerberus-integration.yml b/.github/workflows/cerberus-integration.yml index e3825329..b6b8884e 100644 --- a/.github/workflows/cerberus-integration.yml +++ b/.github/workflows/cerberus-integration.yml @@ -32,67 +32,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - # Determine the correct image tag based on trigger context - # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - - name: Determine image tag - id: image - env: - EVENT: ${{ github.event_name == 'pull_request' && 'pull_request' || github.event.workflow_run.event }} - REF: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.workflow_run.head_branch }} - SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.event.workflow_run.head_sha }} - MANUAL_TAG: ${{ inputs.image_tag }} - run: | - # Manual trigger uses provided tag - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - if [[ -n "$MANUAL_TAG" ]]; then - echo "tag=${MANUAL_TAG}" >> $GITHUB_OUTPUT - else - # Default to latest if no tag provided - echo "tag=latest" >> $GITHUB_OUTPUT - fi - echo "source_type=manual" >> $GITHUB_OUTPUT - exit 0 - fi - - # Extract 7-character short SHA - SHORT_SHA=$(echo "$SHA" | cut -c1-7) - - if [[ "$EVENT" == "pull_request" ]]; then - # Direct PR trigger uses github.event.pull_request.number - # workflow_run trigger uses pull_requests array - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - PR_NUM="${{ github.event.pull_request.number }}" - else - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') - fi - - if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then - echo "❌ ERROR: Could not determine PR number" - echo "Event: $EVENT" - echo "Ref: $REF" - echo "SHA: $SHA" - echo "Pull Requests JSON: ${{ toJson(github.event.workflow_run.pull_requests) }}" - exit 1 - fi - - # Immutable tag with SHA suffix prevents race conditions - echo "tag=pr-${PR_NUM}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=pr" >> $GITHUB_OUTPUT - else - # Branch push: sanitize branch name and append SHA - # Sanitization: lowercase, replace / with -, remove special chars - SANITIZED=$(echo "$REF" | \ - tr '[:upper:]' '[:lower:]' | \ - tr '/' '-' | \ - sed 's/[^a-z0-9-._]/-/g' | \ - sed 's/^-//; s/-$//' | \ - sed 's/--*/-/g' | \ - cut -c1-121) # Leave room for -SHORT_SHA (7 chars) - - echo "tag=${SANITIZED}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=branch" >> $GITHUB_OUTPUT - fi - # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag diff --git a/.github/workflows/crowdsec-integration.yml b/.github/workflows/crowdsec-integration.yml index 225072e4..590c423b 100644 --- a/.github/workflows/crowdsec-integration.yml +++ b/.github/workflows/crowdsec-integration.yml @@ -32,104 +32,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - # Determine the correct image tag based on trigger context - # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - - name: Determine image tag - id: image - env: - EVENT: ${{ github.event_name == 'pull_request' && 'pull_request' || github.event.workflow_run.event }} - REF: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.workflow_run.head_branch }} - SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.event.workflow_run.head_sha }} - MANUAL_TAG: ${{ inputs.image_tag }} - run: | - # Manual trigger uses provided tag - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - if [[ -n "$MANUAL_TAG" ]]; then - echo "tag=${MANUAL_TAG}" >> $GITHUB_OUTPUT - else - # Default to latest if no tag provided - echo "tag=latest" >> $GITHUB_OUTPUT - fi - echo "source_type=manual" >> $GITHUB_OUTPUT - exit 0 - fi - - # Extract 7-character short SHA - SHORT_SHA=$(echo "$SHA" | cut -c1-7) - - if [[ "$EVENT" == "pull_request" ]]; then - # Direct PR trigger uses github.event.pull_request.number - # workflow_run trigger uses pull_requests array - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - PR_NUM="${{ github.event.pull_request.number }}" - else - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') - fi - - if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then - echo "❌ ERROR: Could not determine PR number" - echo "Event: $EVENT" - echo "Ref: $REF" - echo "SHA: $SHA" - echo "Pull Requests JSON: ${{ toJson(github.event.workflow_run.pull_requests) }}" - exit 1 - fi - - # Immutable tag with SHA suffix prevents race conditions - echo "tag=pr-${PR_NUM}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=pr" >> $GITHUB_OUTPUT - else - # Branch push: sanitize branch name and append SHA - # Sanitization: lowercase, replace / with -, remove special chars - SANITIZED=$(echo "$REF" | \ - tr '[:upper:]' '[:lower:]' | \ - tr '/' '-' | \ - sed 's/[^a-z0-9-._]/-/g' | \ - sed 's/^-//; s/-$//' | \ - sed 's/--*/-/g' | \ - cut -c1-121) # Leave room for -SHORT_SHA (7 chars) - - echo "tag=${SANITIZED}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=branch" >> $GITHUB_OUTPUT - fi - - echo "sha=${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "Determined image tag: $(cat $GITHUB_OUTPUT | grep tag=)" - - # Pull image from registry with retry logic (dual-source strategy) - # Try registry first (fast), fallback to artifact if registry fails - - name: Pull Docker image from registry - id: pull_image - uses: nick-fields/retry@v3 - with: - timeout_minutes: 5 - max_attempts: 3 - retry_wait_seconds: 10 - command: | - IMAGE_NAME="ghcr.io/${{ github.repository_owner }}/charon:${{ steps.image.outputs.tag }}" - echo "Pulling image: $IMAGE_NAME" - docker pull "$IMAGE_NAME" - docker tag "$IMAGE_NAME" charon:local - echo "✅ Successfully pulled from registry" - continue-on-error: true - - # Fallback: Download artifact if registry pull failed - - name: Fallback to artifact download - if: steps.pull_image.outcome == 'failure' - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SHA: ${{ steps.image.outputs.sha }} - run: | - echo "⚠️ Registry pull failed, falling back to artifact..." - - # Determine artifact name based on source type - if [[ "${{ steps.image.outputs.source_type }}" == "pr" ]]; then - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') - ARTIFACT_NAME="pr-image-${PR_NUM}" - else - ARTIFACT_NAME="push-image" - fi - # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag diff --git a/.github/workflows/e2e-tests.yml b/.github/workflows/e2e-tests.yml index 21c388aa..30778ed7 100644 --- a/.github/workflows/e2e-tests.yml +++ b/.github/workflows/e2e-tests.yml @@ -40,10 +40,6 @@ on: workflow_dispatch: inputs: - image_tag: - description: 'Docker image tag to test (e.g., pr-123-abc1234)' - required: false - type: string browser: description: 'Browser to test' required: false diff --git a/.github/workflows/rate-limit-integration.yml b/.github/workflows/rate-limit-integration.yml index 56ed8f14..47c79c30 100644 --- a/.github/workflows/rate-limit-integration.yml +++ b/.github/workflows/rate-limit-integration.yml @@ -32,67 +32,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - # Determine the correct image tag based on trigger context - # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - - name: Determine image tag - id: image - env: - EVENT: ${{ github.event_name == 'pull_request' && 'pull_request' || github.event.workflow_run.event }} - REF: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.workflow_run.head_branch }} - SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.event.workflow_run.head_sha }} - MANUAL_TAG: ${{ inputs.image_tag }} - run: | - # Manual trigger uses provided tag - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - if [[ -n "$MANUAL_TAG" ]]; then - echo "tag=${MANUAL_TAG}" >> $GITHUB_OUTPUT - else - # Default to latest if no tag provided - echo "tag=latest" >> $GITHUB_OUTPUT - fi - echo "source_type=manual" >> $GITHUB_OUTPUT - exit 0 - fi - - # Extract 7-character short SHA - SHORT_SHA=$(echo "$SHA" | cut -c1-7) - - if [[ "$EVENT" == "pull_request" ]]; then - # Direct PR trigger uses github.event.pull_request.number - # workflow_run trigger uses pull_requests array - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - PR_NUM="${{ github.event.pull_request.number }}" - else - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') - fi - - if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then - echo "❌ ERROR: Could not determine PR number" - echo "Event: $EVENT" - echo "Ref: $REF" - echo "SHA: $SHA" - echo "Pull Requests JSON: ${{ toJson(github.event.workflow_run.pull_requests) }}" - exit 1 - fi - - # Immutable tag with SHA suffix prevents race conditions - echo "tag=pr-${PR_NUM}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=pr" >> $GITHUB_OUTPUT - else - # Branch push: sanitize branch name and append SHA - # Sanitization: lowercase, replace / with -, remove special chars - SANITIZED=$(echo "$REF" | \ - tr '[:upper:]' '[:lower:]' | \ - tr '/' '-' | \ - sed 's/[^a-z0-9-._]/-/g' | \ - sed 's/^-//; s/-$//' | \ - sed 's/--*/-/g' | \ - cut -c1-121) # Leave room for -SHORT_SHA (7 chars) - - echo "tag=${SANITIZED}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=branch" >> $GITHUB_OUTPUT - fi - # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag diff --git a/.github/workflows/waf-integration.yml b/.github/workflows/waf-integration.yml index f2723541..4cc233be 100644 --- a/.github/workflows/waf-integration.yml +++ b/.github/workflows/waf-integration.yml @@ -32,67 +32,6 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - # Determine the correct image tag based on trigger context - # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - - name: Determine image tag - id: image - env: - EVENT: ${{ github.event_name == 'pull_request' && 'pull_request' || github.event.workflow_run.event }} - REF: ${{ github.event_name == 'pull_request' && github.head_ref || github.event.workflow_run.head_branch }} - SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.event.workflow_run.head_sha }} - MANUAL_TAG: ${{ inputs.image_tag }} - run: | - # Manual trigger uses provided tag - if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then - if [[ -n "$MANUAL_TAG" ]]; then - echo "tag=${MANUAL_TAG}" >> $GITHUB_OUTPUT - else - # Default to latest if no tag provided - echo "tag=latest" >> $GITHUB_OUTPUT - fi - echo "source_type=manual" >> $GITHUB_OUTPUT - exit 0 - fi - - # Extract 7-character short SHA - SHORT_SHA=$(echo "$SHA" | cut -c1-7) - - if [[ "$EVENT" == "pull_request" ]]; then - # Direct PR trigger uses github.event.pull_request.number - # workflow_run trigger uses pull_requests array - if [[ "${{ github.event_name }}" == "pull_request" ]]; then - PR_NUM="${{ github.event.pull_request.number }}" - else - PR_NUM=$(echo '${{ toJson(github.event.workflow_run.pull_requests) }}' | jq -r '.[0].number') - fi - - if [[ -z "$PR_NUM" || "$PR_NUM" == "null" ]]; then - echo "❌ ERROR: Could not determine PR number" - echo "Event: $EVENT" - echo "Ref: $REF" - echo "SHA: $SHA" - echo "Pull Requests JSON: ${{ toJson(github.event.workflow_run.pull_requests) }}" - exit 1 - fi - - # Immutable tag with SHA suffix prevents race conditions - echo "tag=pr-${PR_NUM}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=pr" >> $GITHUB_OUTPUT - else - # Branch push: sanitize branch name and append SHA - # Sanitization: lowercase, replace / with -, remove special chars - SANITIZED=$(echo "$REF" | \ - tr '[:upper:]' '[:lower:]' | \ - tr '/' '-' | \ - sed 's/[^a-z0-9-._]/-/g' | \ - sed 's/^-//; s/-$//' | \ - sed 's/--*/-/g' | \ - cut -c1-121) # Leave room for -SHORT_SHA (7 chars) - - echo "tag=${SANITIZED}-${SHORT_SHA}" >> $GITHUB_OUTPUT - echo "source_type=branch" >> $GITHUB_OUTPUT - fi - # Determine the correct image tag based on trigger context # For PRs: pr-{number}-{sha}, For branches: {sanitized-branch}-{sha} - name: Determine image tag