akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

chore: implement instruction compliance remediation

Browse Source 
- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs

Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected

Refs: docs/plans/instruction_compliance_spec.md
This commit is contained in:
GitHub Actions
2025-12-21 04:08:42 +00:00
parent a45600e7c4
commit af8384046c
180 changed files with 2101 additions and 880 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/auto-add-to-project.yml vendored
View File

@@ -6,6 +6,10 @@ on:
pull_request:
types: [opened, reopened]
concurrency:
group: ${{ github.workflow }}-${{ github.event.issue.number || github.event.pull_request.number }}
cancel-in-progress: false
jobs:
add-to-project:
runs-on: ubuntu-latest

4
.github/workflows/auto-changelog.yml vendored
View File

@@ -6,6 +6,10 @@ on:
release:
types: [published]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
update-draft:
runs-on: ubuntu-latest

4
.github/workflows/auto-label-issues.yml vendored
View File

@@ -4,6 +4,10 @@ on:
issues:
types: [opened, edited]
concurrency:
group: ${{ github.workflow }}-${{ github.event.issue.number }}
cancel-in-progress: true
jobs:
auto-label:
runs-on: ubuntu-latest

4
.github/workflows/auto-versioning.yml vendored
View File

@@ -4,6 +4,10 @@ on:
push:
branches: [ main ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
permissions:
contents: write
pull-requests: write

12
.github/workflows/benchmark.yml vendored
View File

@@ -15,6 +15,13 @@ on:
- 'backend/**'
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GO_VERSION: '1.25.5'
permissions:
contents: write
deployments: write
@@ -29,7 +36,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: '1.25.5'
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: backend/go.sum
- name: Run Benchmark
@@ -40,7 +47,8 @@ jobs:
# Only store results on pushes to main - PRs just run benchmarks without storage
# This avoids gh-pages branch errors and permission issues on fork PRs
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
uses: benchmark-action/github-action-benchmark@v1
# Security: Pinned to full SHA for supply chain security
uses: benchmark-action/github-action-benchmark@4e0b38bc48375986542b13c0d8976b7b80c60c00 # v1
with:
name: Go Benchmark
tool: 'go'

4
.github/workflows/caddy-major-monitor.yml vendored
View File

@@ -5,6 +5,10 @@ on:
- cron: '17 7 * * 1' # Mondays at 07:17 UTC
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
contents: read
issues: write

12
.github/workflows/codecov-upload.yml vendored
View File

@@ -7,6 +7,14 @@ on:
- development
- 'feature/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GO_VERSION: '1.25.5'
NODE_VERSION: '24.12.0'
permissions:
contents: read
@@ -23,7 +31,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: '1.25.5'
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: backend/go.sum
- name: Run Go tests with coverage
@@ -54,7 +62,7 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: frontend/package-lock.json

9
.github/workflows/codeql.yml vendored
View File

@@ -8,6 +8,13 @@ on:
schedule:
- cron: '0 3 * * 1'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GO_VERSION: '1.25.5'
permissions:
contents: read
security-events: write
@@ -42,7 +49,7 @@ jobs:
if: matrix.language == 'go'
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: '1.25.5'
go-version: ${{ env.GO_VERSION }}
- name: Autobuild
uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4

4
.github/workflows/create-labels.yml vendored
View File

@@ -4,6 +4,10 @@ name: Create Project Labels
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
jobs:
create-labels:
runs-on: ubuntu-latest

4
.github/workflows/docker-build.yml vendored
View File

@@ -15,6 +15,10 @@ on:
workflow_dispatch:
workflow_call:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/charon

4
.github/workflows/docker-lint.yml vendored
View File

@@ -10,6 +10,10 @@ on:
paths:
- 'Dockerfile'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
hadolint:
runs-on: ubuntu-latest

4
.github/workflows/docker-publish.yml vendored
View File

@@ -15,6 +15,10 @@ on:
workflow_dispatch:
workflow_call:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/charon

9
.github/workflows/docs-to-issues.yml vendored
View File

@@ -24,6 +24,13 @@ on:
required: false
type: string
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
NODE_VERSION: '24.12.0'
permissions:
contents: write
issues: write
@@ -44,7 +51,7 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
- name: Install dependencies
run: npm install gray-matter

5
.github/workflows/docs.yml vendored
View File

@@ -21,6 +21,9 @@ concurrency:
group: "pages"
cancel-in-progress: false
env:
NODE_VERSION: '24.12.0'
jobs:
build:
name: Build Documentation
@@ -35,7 +38,7 @@ jobs:
- name: 🔧 Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
# Step 3: Create a beautiful docs site structure
- name: 📝 Build documentation site

4
.github/workflows/dry-run-history-rewrite.yml vendored
View File

@@ -7,6 +7,10 @@ on:
- cron: '0 2 * * *' # daily at 02:00 UTC
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read

4
.github/workflows/history-rewrite-tests.yml vendored
View File

@@ -9,6 +9,10 @@ on:
paths:
- 'scripts/history-rewrite/**'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest

4
.github/workflows/pr-checklist.yml vendored
View File

@@ -4,6 +4,10 @@ on:
pull_request:
types: [opened, edited, synchronize]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
jobs:
validate:
name: Validate history-rewrite checklist (conditional)

9
.github/workflows/propagate-changes.yml vendored
View File

@@ -6,6 +6,13 @@ on:
- main
- development
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
NODE_VERSION: '24.12.0'
permissions:
contents: write
pull-requests: write
@@ -20,7 +27,7 @@ jobs:
- name: Set up Node (for github-script)
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
- name: Propagate Changes
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8

12
.github/workflows/quality-checks.yml vendored
View File

@@ -6,6 +6,14 @@ on:
pull_request:
branches: [ main, development ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GO_VERSION: '1.25.5'
NODE_VERSION: '24.12.0'
jobs:
backend-quality:
name: Backend (Go)
@@ -16,7 +24,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
with:
go-version: '1.25.5'
go-version: ${{ env.GO_VERSION }}
cache-dependency-path: backend/go.sum
- name: Repo health check
@@ -89,7 +97,7 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
cache-dependency-path: frontend/package-lock.json

15
.github/workflows/release-goreleaser.yml vendored
View File

@@ -5,6 +5,14 @@ on:
tags:
- 'v*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
GO_VERSION: '1.25.5'
NODE_VERSION: '24.12.0'
permissions:
contents: write
packages: write
@@ -26,12 +34,12 @@ jobs:
- name: Set up Go
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
with:
go-version: '1.25.5'
go-version: ${{ env.GO_VERSION }}
- name: Set up Node.js
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
with:
node-version: '24.12.0'
node-version: ${{ env.NODE_VERSION }}
- name: Build Frontend
working-directory: frontend
@@ -43,7 +51,8 @@ jobs:
npm run build
- name: Install Cross-Compilation Tools (Zig)
uses: goto-bus-stop/setup-zig@v2
# Security: Pinned to full SHA for supply chain security
uses: goto-bus-stop/setup-zig@abea47f85e598557f500fa1fd2ab7464fcb39406 # v2
with:
version: 0.13.0

4
.github/workflows/renovate.yml vendored
View File

@@ -5,6 +5,10 @@ on:
- cron: '0 5 * * *' # daily 05:00 UTC
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: false
permissions:
contents: write
pull-requests: write

4
.github/workflows/repo-health.yml vendored
View File

@@ -7,6 +7,10 @@ on:
types: [opened, synchronize, reopened]
workflow_dispatch: {}
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
repo_health:
name: Repo health

4
.github/workflows/security-weekly-rebuild.yml vendored
View File

@@ -11,6 +11,10 @@ on:
type: boolean
default: true
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository_owner }}/charon

4
.github/workflows/waf-integration.yml vendored
View File

@@ -20,6 +20,10 @@ on:
# Allow manual trigger
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
waf-integration:
name: Coraza WAF Integration