akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

Merge branch 'development' into feature/beta-release

Browse Source
This commit is contained in:
GitHub Actions
2026-01-25 06:11:29 +00:00
parent b606e5c1ff 622261950b
commit 80e37b4920
7 changed files with 625 additions and 1021 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/renovate.json vendored
View File

@@ -7,8 +7,7 @@
"helpers:pinGitHubActionDigests"
],
"baseBranches": [
"development",
"feature/beta-release"
"development"
],
"timezone": "America/New_York",
"dependencyDashboard": true,

3
.github/workflows/codeql.yml vendored
View File

@@ -41,7 +41,6 @@ jobs:
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
- name: Initialize CodeQL
uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
with:
languages: ${{ matrix.language }}
@@ -53,7 +52,6 @@ jobs:
- name: Setup Go
if: matrix.language == 'go'
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6
with:
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: backend/go.sum
@@ -62,7 +60,6 @@ jobs:
uses: github/codeql-action/autobuild@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
with:
category: "/language:${{ matrix.language }}"

23
.github/workflows/propagate-changes.yml vendored
View File

@@ -4,8 +4,6 @@ on:
push:
branches:
- main
- development
- nightly
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
@@ -145,27 +143,8 @@ jobs:
}
if (currentBranch === 'main') {
// Main -> Development
// Main -> Development (simplified - no more cascade)
await createPR('main', 'development');
} else if (currentBranch === 'development') {
// Development -> Nightly
await createPR('development', 'nightly');
} else if (currentBranch === 'nightly') {
// Nightly -> Feature branches
const branches = await github.paginate(github.rest.repos.listBranches, {
owner: context.repo.owner,
repo: context.repo.repo,
});
const featureBranches = branches
.map(b => b.name)
.filter(name => name.startsWith('feature/'));
core.info(`Found ${featureBranches.length} feature branches: ${featureBranches.join(', ')}`);
for (const featureBranch of featureBranches) {
await createPR('development', featureBranch);
}
}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

8
backend/go.sum
View File

@@ -208,12 +208,16 @@ golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -221,10 +225,14 @@ golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=

332
docs/plans/current_spec.md
View File

@@ -1,3 +1,325 @@
# Git & Workflow Recovery Plan
**Plan ID**: GIT-2026-001
**Status**: 📋 PENDING
**Priority**: High
**Created**: 2026-01-25
**Scope**: Git recovery, Renovate fix, Workflow simplification
---
## Problem Summary
1. **Git State**: Feature branch `feature/beta-release` is in a broken rebase state
2. **Renovate**: Targeting feature branches creates orphaned PRs and merge conflicts
3. **Propagate Workflow**: Overly complex cascade (`main → development → nightly → feature/*`) causes confusion
4. **Nightly Branch**: Unnecessary intermediate branch adding complexity
---
## Phase 1: Git Recovery
### Step 1.1 — Abort the Rebase
```bash
# Check current state
git status
# Abort the in-progress rebase
git rebase --abort
# Verify clean state
git status
```
### Step 1.2 — Fetch Latest from Origin
```bash
# Fetch all branches
git fetch origin --prune
# Ensure we're on the feature branch
git checkout feature/beta-release
```
### Step 1.3 — Merge Development into Feature Branch
**Use merge, NOT rebase** to preserve commit history and avoid force-push issues.
```bash
# Merge development into feature/beta-release
git merge origin/development --no-ff -m "Merge development into feature/beta-release"
```
### Step 1.4 — Resolve Conflicts (if any)
Likely conflict files based on Renovate activity:
- `package.json` / `package-lock.json` (version bumps)
- `backend/go.mod` / `backend/go.sum` (Go dependency updates)
- `.github/workflows/*.yml` (action digest pins)
**Resolution strategy:**
```bash
# For package.json - accept development's versions, then run npm install
git checkout --theirs package.json package-lock.json
npm install
git add package.json package-lock.json
# For go.mod/go.sum - accept development's versions, then tidy
git checkout --theirs backend/go.mod backend/go.sum
cd backend && go mod tidy && cd ..
git add backend/go.mod backend/go.sum
# For workflow files - usually safe to accept development
git checkout --theirs .github/workflows/
# Complete the merge
git commit
```
### Step 1.5 — Push the Merged Branch
```bash
git push origin feature/beta-release
```
---
## Phase 2: Renovate Fix
### Problem
Current config in `.github/renovate.json`:
```json
"baseBranches": [
"development",
"feature/beta-release"
]
```
This causes:
- Duplicate PRs for the same dependency (one per branch)
- Orphaned branches like `renovate/feature/beta-release-*` when feature merges
- Constant merge conflicts between branches
### Solution
Only target `development`. Changes flow naturally via propagate workflow.
### Old Config (REMOVE)
```json
{
"baseBranches": [
"development",
"feature/beta-release"
],
...
}
```
### New Config (REPLACE WITH)
```json
{
"baseBranches": [
"development"
],
...
}
```
### File to Edit
**File**: `.github/renovate.json`
**Line**: ~12-15
---
## Phase 3: Propagate Workflow Fix
### Problem
Current workflow in `.github/workflows/propagate-changes.yml`:
```yaml
on:
push:
branches:
- main
- development
- nightly # <-- Unnecessary
```
Cascade logic:
- `main``development` ✅ (Correct)
- `development``nightly` ❌ (Unnecessary)
- `nightly``feature/*` ❌ (Overly complex)
### Solution
Simplify to **only** `main → development` propagation.
### Old Trigger (REMOVE)
```yaml
on:
push:
branches:
- main
- development
- nightly
```
### New Trigger (REPLACE WITH)
```yaml
on:
push:
branches:
- main
```
### Old Script Logic (REMOVE)
```javascript
if (currentBranch === 'main') {
// Main -> Development
await createPR('main', 'development');
} else if (currentBranch === 'development') {
// Development -> Nightly
await createPR('development', 'nightly');
} else if (currentBranch === 'nightly') {
// Nightly -> Feature branches
const branches = await github.paginate(github.rest.repos.listBranches, {
owner: context.repo.owner,
repo: context.repo.repo,
});
const featureBranches = branches
.map(b => b.name)
.filter(name => name.startsWith('feature/'));
core.info(`Found ${featureBranches.length} feature branches: ${featureBranches.join(', ')}`);
for (const featureBranch of featureBranches) {
await createPR('development', featureBranch);
}
}
```
### New Script Logic (REPLACE WITH)
```javascript
if (currentBranch === 'main') {
// Main -> Development (only propagation needed)
await createPR('main', 'development');
}
```
### File to Edit
**File**: `.github/workflows/propagate-changes.yml`
---
## Phase 4: Cleanup
### Step 4.1 — Delete Nightly Branch
```bash
# Delete remote nightly branch (if exists)
git push origin --delete nightly 2>/dev/null || echo "nightly branch does not exist"
# Delete local tracking branch
git branch -D nightly 2>/dev/null || true
```
### Step 4.2 — Delete Orphaned Renovate Branches
```bash
# List all renovate branches targeting feature/beta-release
git fetch origin
git branch -r | grep 'renovate/feature/beta-release' | while read branch; do
remote_branch="${branch#origin/}"
echo "Deleting: $remote_branch"
git push origin --delete "$remote_branch"
done
```
### Step 4.3 — Close Orphaned Renovate PRs
After branches are deleted, any associated PRs will be automatically closed by GitHub.
---
## Execution Checklist
- [ ] **Phase 1**: Git Recovery
- [ ] 1.1 Abort rebase
- [ ] 1.2 Fetch latest
- [ ] 1.3 Merge development
- [ ] 1.4 Resolve conflicts
- [ ] 1.5 Push merged branch
- [ ] **Phase 2**: Renovate Fix
- [ ] Edit `.github/renovate.json` - remove `feature/beta-release` from baseBranches
- [ ] Commit and push
- [ ] **Phase 3**: Propagate Workflow Fix
- [ ] Edit `.github/workflows/propagate-changes.yml` - simplify triggers and logic
- [ ] Commit and push
- [ ] **Phase 4**: Cleanup
- [ ] 4.1 Delete nightly branch
- [ ] 4.2 Delete orphaned `renovate/feature/beta-release-*` branches
- [ ] 4.3 Verify orphaned PRs are closed
---
## Verification
After all phases complete:
```bash
# Confirm no rebase in progress
git status
# Expected: "On branch feature/beta-release" with clean state
# Confirm nightly deleted
git branch -r | grep nightly
# Expected: no output
# Confirm orphaned renovate branches deleted
git branch -r | grep 'renovate/feature/beta-release'
# Expected: no output
# Confirm Renovate config only targets development
cat .github/renovate.json | grep -A2 baseBranches
# Expected: only "development"
```
---
## Rollback Plan
If issues occur:
1. **Git Recovery Failed**:
```bash
git fetch origin
git checkout feature/beta-release
git reset --hard origin/feature/beta-release
```
2. **Renovate Changes Broke Something**: Revert the commit to `.github/renovate.json`
3. **Propagate Workflow Issues**: Revert the commit to `.github/workflows/propagate-changes.yml`
---
## Archived Spec (Prior Implementation)
# Security Fix: Remove Hardcoded Encryption Keys from Docker Compose Files
**Plan ID**: SEC-2026-001
@@ -8,11 +330,11 @@
---
## Summary
### Summary
Removed hardcoded encryption keys from Docker Compose test files and implemented ephemeral key generation in CI workflows.
## Changes Applied
### Changes Applied
| File | Change |
|------|--------|
@@ -21,13 +343,13 @@ Removed hardcoded encryption keys from Docker Compose test files and implemented
| `.github/workflows/e2e-tests.yml` | Added ephemeral key generation step |
| `.env.test.example` | Added prominent documentation |
## Security Notes
### Security Notes
- The old key `ucDWy5ScLubd3QwCHhQa2SY7wL2OF48p/c9nZhyW1mA=` exists in git history
- This key should **NEVER** be used in any production environment
- Each CI run now generates a unique ephemeral key
## Testing
### Testing
```bash
# Verify compose fails without key
@@ -41,6 +363,6 @@ docker compose -f .docker/compose/docker-compose.playwright.yml config
# Expected: Valid YAML output
```
## References
### References
- **OWASP**: [A02:2021 Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)

1272
frontend/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

5
frontend/package.json
View File

@@ -46,7 +46,6 @@
"react-hook-form": "^7.71.1",
"react-hot-toast": "^2.6.0",
"react-i18next": "^16.5.3",
"react-i18next": "^16.5.3",
"react-router-dom": "^7.12.0",
"tailwind-merge": "^3.4.0",
"tldts": "^7.0.19"
@@ -66,9 +65,6 @@
"@vitest/coverage-istanbul": "^4.0.17",
"@vitest/coverage-v8": "^4.0.17",
"@vitest/ui": "^4.0.17",
"@vitest/coverage-istanbul": "^4.0.17",
"@vitest/coverage-v8": "^4.0.17",
"@vitest/ui": "^4.0.17",
"autoprefixer": "^10.4.23",
"eslint": "^9.39.2",
"eslint-plugin-react-hooks": "^7.0.1",
@@ -81,6 +77,5 @@
"typescript-eslint": "^8.53.1",
"vite": "^7.3.1",
"vitest": "^4.0.17"
"vitest": "^4.0.17"
}
}