Merge branch 'development' into feature/beta-release
This commit is contained in:
3
.github/renovate.json
vendored
3
.github/renovate.json
vendored
@@ -7,8 +7,7 @@
|
||||
"helpers:pinGitHubActionDigests"
|
||||
],
|
||||
"baseBranches": [
|
||||
"development",
|
||||
"feature/beta-release"
|
||||
"development"
|
||||
],
|
||||
"timezone": "America/New_York",
|
||||
"dependencyDashboard": true,
|
||||
|
||||
3
.github/workflows/codeql.yml
vendored
3
.github/workflows/codeql.yml
vendored
@@ -41,7 +41,6 @@ jobs:
|
||||
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
|
||||
uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
@@ -53,7 +52,6 @@ jobs:
|
||||
- name: Setup Go
|
||||
if: matrix.language == 'go'
|
||||
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
|
||||
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
|
||||
with:
|
||||
go-version: ${{ env.GO_VERSION }}
|
||||
cache-dependency-path: backend/go.sum
|
||||
@@ -62,7 +60,6 @@ jobs:
|
||||
uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
|
||||
uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
|
||||
with:
|
||||
category: "/language:${{ matrix.language }}"
|
||||
|
||||
23
.github/workflows/propagate-changes.yml
vendored
23
.github/workflows/propagate-changes.yml
vendored
@@ -4,8 +4,6 @@ on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- development
|
||||
- nightly
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
@@ -145,27 +143,8 @@ jobs:
|
||||
}
|
||||
|
||||
if (currentBranch === 'main') {
|
||||
// Main -> Development
|
||||
// Main -> Development (simplified - no more cascade)
|
||||
await createPR('main', 'development');
|
||||
} else if (currentBranch === 'development') {
|
||||
// Development -> Nightly
|
||||
await createPR('development', 'nightly');
|
||||
} else if (currentBranch === 'nightly') {
|
||||
// Nightly -> Feature branches
|
||||
const branches = await github.paginate(github.rest.repos.listBranches, {
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
});
|
||||
|
||||
const featureBranches = branches
|
||||
.map(b => b.name)
|
||||
.filter(name => name.startsWith('feature/'));
|
||||
|
||||
core.info(`Found ${featureBranches.length} feature branches: ${featureBranches.join(', ')}`);
|
||||
|
||||
for (const featureBranch of featureBranches) {
|
||||
await createPR('development', featureBranch);
|
||||
}
|
||||
}
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@@ -208,12 +208,16 @@ golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
|
||||
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
|
||||
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
|
||||
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
|
||||
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
|
||||
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
|
||||
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
|
||||
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
|
||||
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
|
||||
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
|
||||
golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
|
||||
golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
|
||||
golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
|
||||
golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
@@ -221,10 +225,14 @@ golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
|
||||
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
|
||||
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
|
||||
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
|
||||
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
|
||||
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
|
||||
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
|
||||
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
|
||||
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
|
||||
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
|
||||
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
|
||||
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
|
||||
golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
|
||||
|
||||
@@ -1,3 +1,325 @@
|
||||
# Git & Workflow Recovery Plan
|
||||
|
||||
**Plan ID**: GIT-2026-001
|
||||
**Status**: 📋 PENDING
|
||||
**Priority**: High
|
||||
**Created**: 2026-01-25
|
||||
**Scope**: Git recovery, Renovate fix, Workflow simplification
|
||||
|
||||
---
|
||||
|
||||
## Problem Summary
|
||||
|
||||
1. **Git State**: Feature branch `feature/beta-release` is in a broken rebase state
|
||||
2. **Renovate**: Targeting feature branches creates orphaned PRs and merge conflicts
|
||||
3. **Propagate Workflow**: Overly complex cascade (`main → development → nightly → feature/*`) causes confusion
|
||||
4. **Nightly Branch**: Unnecessary intermediate branch adding complexity
|
||||
|
||||
---
|
||||
|
||||
## Phase 1: Git Recovery
|
||||
|
||||
### Step 1.1 — Abort the Rebase
|
||||
|
||||
```bash
|
||||
# Check current state
|
||||
git status
|
||||
|
||||
# Abort the in-progress rebase
|
||||
git rebase --abort
|
||||
|
||||
# Verify clean state
|
||||
git status
|
||||
```
|
||||
|
||||
### Step 1.2 — Fetch Latest from Origin
|
||||
|
||||
```bash
|
||||
# Fetch all branches
|
||||
git fetch origin --prune
|
||||
|
||||
# Ensure we're on the feature branch
|
||||
git checkout feature/beta-release
|
||||
```
|
||||
|
||||
### Step 1.3 — Merge Development into Feature Branch
|
||||
|
||||
**Use merge, NOT rebase** to preserve commit history and avoid force-push issues.
|
||||
|
||||
```bash
|
||||
# Merge development into feature/beta-release
|
||||
git merge origin/development --no-ff -m "Merge development into feature/beta-release"
|
||||
```
|
||||
|
||||
### Step 1.4 — Resolve Conflicts (if any)
|
||||
|
||||
Likely conflict files based on Renovate activity:
|
||||
- `package.json` / `package-lock.json` (version bumps)
|
||||
- `backend/go.mod` / `backend/go.sum` (Go dependency updates)
|
||||
- `.github/workflows/*.yml` (action digest pins)
|
||||
|
||||
**Resolution strategy:**
|
||||
```bash
|
||||
# For package.json - accept development's versions, then run npm install
|
||||
git checkout --theirs package.json package-lock.json
|
||||
npm install
|
||||
git add package.json package-lock.json
|
||||
|
||||
# For go.mod/go.sum - accept development's versions, then tidy
|
||||
git checkout --theirs backend/go.mod backend/go.sum
|
||||
cd backend && go mod tidy && cd ..
|
||||
git add backend/go.mod backend/go.sum
|
||||
|
||||
# For workflow files - usually safe to accept development
|
||||
git checkout --theirs .github/workflows/
|
||||
|
||||
# Complete the merge
|
||||
git commit
|
||||
```
|
||||
|
||||
### Step 1.5 — Push the Merged Branch
|
||||
|
||||
```bash
|
||||
git push origin feature/beta-release
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Phase 2: Renovate Fix
|
||||
|
||||
### Problem
|
||||
|
||||
Current config in `.github/renovate.json`:
|
||||
```json
|
||||
"baseBranches": [
|
||||
"development",
|
||||
"feature/beta-release"
|
||||
]
|
||||
```
|
||||
|
||||
This causes:
|
||||
- Duplicate PRs for the same dependency (one per branch)
|
||||
- Orphaned branches like `renovate/feature/beta-release-*` when feature merges
|
||||
- Constant merge conflicts between branches
|
||||
|
||||
### Solution
|
||||
|
||||
Only target `development`. Changes flow naturally via propagate workflow.
|
||||
|
||||
### Old Config (REMOVE)
|
||||
|
||||
```json
|
||||
{
|
||||
"baseBranches": [
|
||||
"development",
|
||||
"feature/beta-release"
|
||||
],
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
### New Config (REPLACE WITH)
|
||||
|
||||
```json
|
||||
{
|
||||
"baseBranches": [
|
||||
"development"
|
||||
],
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
### File to Edit
|
||||
|
||||
**File**: `.github/renovate.json`
|
||||
**Line**: ~12-15
|
||||
|
||||
---
|
||||
|
||||
## Phase 3: Propagate Workflow Fix
|
||||
|
||||
### Problem
|
||||
|
||||
Current workflow in `.github/workflows/propagate-changes.yml`:
|
||||
|
||||
```yaml
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- development
|
||||
- nightly # <-- Unnecessary
|
||||
```
|
||||
|
||||
Cascade logic:
|
||||
- `main` → `development` ✅ (Correct)
|
||||
- `development` → `nightly` ❌ (Unnecessary)
|
||||
- `nightly` → `feature/*` ❌ (Overly complex)
|
||||
|
||||
### Solution
|
||||
|
||||
Simplify to **only** `main → development` propagation.
|
||||
|
||||
### Old Trigger (REMOVE)
|
||||
|
||||
```yaml
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- development
|
||||
- nightly
|
||||
```
|
||||
|
||||
### New Trigger (REPLACE WITH)
|
||||
|
||||
```yaml
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
```
|
||||
|
||||
### Old Script Logic (REMOVE)
|
||||
|
||||
```javascript
|
||||
if (currentBranch === 'main') {
|
||||
// Main -> Development
|
||||
await createPR('main', 'development');
|
||||
} else if (currentBranch === 'development') {
|
||||
// Development -> Nightly
|
||||
await createPR('development', 'nightly');
|
||||
} else if (currentBranch === 'nightly') {
|
||||
// Nightly -> Feature branches
|
||||
const branches = await github.paginate(github.rest.repos.listBranches, {
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
});
|
||||
|
||||
const featureBranches = branches
|
||||
.map(b => b.name)
|
||||
.filter(name => name.startsWith('feature/'));
|
||||
|
||||
core.info(`Found ${featureBranches.length} feature branches: ${featureBranches.join(', ')}`);
|
||||
|
||||
for (const featureBranch of featureBranches) {
|
||||
await createPR('development', featureBranch);
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
### New Script Logic (REPLACE WITH)
|
||||
|
||||
```javascript
|
||||
if (currentBranch === 'main') {
|
||||
// Main -> Development (only propagation needed)
|
||||
await createPR('main', 'development');
|
||||
}
|
||||
```
|
||||
|
||||
### File to Edit
|
||||
|
||||
**File**: `.github/workflows/propagate-changes.yml`
|
||||
|
||||
---
|
||||
|
||||
## Phase 4: Cleanup
|
||||
|
||||
### Step 4.1 — Delete Nightly Branch
|
||||
|
||||
```bash
|
||||
# Delete remote nightly branch (if exists)
|
||||
git push origin --delete nightly 2>/dev/null || echo "nightly branch does not exist"
|
||||
|
||||
# Delete local tracking branch
|
||||
git branch -D nightly 2>/dev/null || true
|
||||
```
|
||||
|
||||
### Step 4.2 — Delete Orphaned Renovate Branches
|
||||
|
||||
```bash
|
||||
# List all renovate branches targeting feature/beta-release
|
||||
git fetch origin
|
||||
git branch -r | grep 'renovate/feature/beta-release' | while read branch; do
|
||||
remote_branch="${branch#origin/}"
|
||||
echo "Deleting: $remote_branch"
|
||||
git push origin --delete "$remote_branch"
|
||||
done
|
||||
```
|
||||
|
||||
### Step 4.3 — Close Orphaned Renovate PRs
|
||||
|
||||
After branches are deleted, any associated PRs will be automatically closed by GitHub.
|
||||
|
||||
---
|
||||
|
||||
## Execution Checklist
|
||||
|
||||
- [ ] **Phase 1**: Git Recovery
|
||||
- [ ] 1.1 Abort rebase
|
||||
- [ ] 1.2 Fetch latest
|
||||
- [ ] 1.3 Merge development
|
||||
- [ ] 1.4 Resolve conflicts
|
||||
- [ ] 1.5 Push merged branch
|
||||
|
||||
- [ ] **Phase 2**: Renovate Fix
|
||||
- [ ] Edit `.github/renovate.json` - remove `feature/beta-release` from baseBranches
|
||||
- [ ] Commit and push
|
||||
|
||||
- [ ] **Phase 3**: Propagate Workflow Fix
|
||||
- [ ] Edit `.github/workflows/propagate-changes.yml` - simplify triggers and logic
|
||||
- [ ] Commit and push
|
||||
|
||||
- [ ] **Phase 4**: Cleanup
|
||||
- [ ] 4.1 Delete nightly branch
|
||||
- [ ] 4.2 Delete orphaned `renovate/feature/beta-release-*` branches
|
||||
- [ ] 4.3 Verify orphaned PRs are closed
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
After all phases complete:
|
||||
|
||||
```bash
|
||||
# Confirm no rebase in progress
|
||||
git status
|
||||
# Expected: "On branch feature/beta-release" with clean state
|
||||
|
||||
# Confirm nightly deleted
|
||||
git branch -r | grep nightly
|
||||
# Expected: no output
|
||||
|
||||
# Confirm orphaned renovate branches deleted
|
||||
git branch -r | grep 'renovate/feature/beta-release'
|
||||
# Expected: no output
|
||||
|
||||
# Confirm Renovate config only targets development
|
||||
cat .github/renovate.json | grep -A2 baseBranches
|
||||
# Expected: only "development"
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Rollback Plan
|
||||
|
||||
If issues occur:
|
||||
|
||||
1. **Git Recovery Failed**:
|
||||
```bash
|
||||
git fetch origin
|
||||
git checkout feature/beta-release
|
||||
git reset --hard origin/feature/beta-release
|
||||
```
|
||||
|
||||
2. **Renovate Changes Broke Something**: Revert the commit to `.github/renovate.json`
|
||||
|
||||
3. **Propagate Workflow Issues**: Revert the commit to `.github/workflows/propagate-changes.yml`
|
||||
|
||||
---
|
||||
|
||||
## Archived Spec (Prior Implementation)
|
||||
|
||||
# Security Fix: Remove Hardcoded Encryption Keys from Docker Compose Files
|
||||
|
||||
**Plan ID**: SEC-2026-001
|
||||
@@ -8,11 +330,11 @@
|
||||
|
||||
---
|
||||
|
||||
## Summary
|
||||
### Summary
|
||||
|
||||
Removed hardcoded encryption keys from Docker Compose test files and implemented ephemeral key generation in CI workflows.
|
||||
|
||||
## Changes Applied
|
||||
### Changes Applied
|
||||
|
||||
| File | Change |
|
||||
|------|--------|
|
||||
@@ -21,13 +343,13 @@ Removed hardcoded encryption keys from Docker Compose test files and implemented
|
||||
| `.github/workflows/e2e-tests.yml` | Added ephemeral key generation step |
|
||||
| `.env.test.example` | Added prominent documentation |
|
||||
|
||||
## Security Notes
|
||||
### Security Notes
|
||||
|
||||
- The old key `ucDWy5ScLubd3QwCHhQa2SY7wL2OF48p/c9nZhyW1mA=` exists in git history
|
||||
- This key should **NEVER** be used in any production environment
|
||||
- Each CI run now generates a unique ephemeral key
|
||||
|
||||
## Testing
|
||||
### Testing
|
||||
|
||||
```bash
|
||||
# Verify compose fails without key
|
||||
@@ -41,6 +363,6 @@ docker compose -f .docker/compose/docker-compose.playwright.yml config
|
||||
# Expected: Valid YAML output
|
||||
```
|
||||
|
||||
## References
|
||||
### References
|
||||
|
||||
- **OWASP**: [A02:2021 – Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)
|
||||
|
||||
1272
frontend/package-lock.json
generated
1272
frontend/package-lock.json
generated
File diff suppressed because it is too large
Load Diff
@@ -46,7 +46,6 @@
|
||||
"react-hook-form": "^7.71.1",
|
||||
"react-hot-toast": "^2.6.0",
|
||||
"react-i18next": "^16.5.3",
|
||||
"react-i18next": "^16.5.3",
|
||||
"react-router-dom": "^7.12.0",
|
||||
"tailwind-merge": "^3.4.0",
|
||||
"tldts": "^7.0.19"
|
||||
@@ -66,9 +65,6 @@
|
||||
"@vitest/coverage-istanbul": "^4.0.17",
|
||||
"@vitest/coverage-v8": "^4.0.17",
|
||||
"@vitest/ui": "^4.0.17",
|
||||
"@vitest/coverage-istanbul": "^4.0.17",
|
||||
"@vitest/coverage-v8": "^4.0.17",
|
||||
"@vitest/ui": "^4.0.17",
|
||||
"autoprefixer": "^10.4.23",
|
||||
"eslint": "^9.39.2",
|
||||
"eslint-plugin-react-hooks": "^7.0.1",
|
||||
@@ -81,6 +77,5 @@
|
||||
"typescript-eslint": "^8.53.1",
|
||||
"vite": "^7.3.1",
|
||||
"vitest": "^4.0.17"
|
||||
"vitest": "^4.0.17"
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user