Commit Graph

446 Commits

Author SHA1 Message Date
renovate[bot]
028233f378 chore(deps): update anchore/scan-action action to v6 2026-01-15 16:35:48 +00:00
GitHub Actions
07796bf610 fix(ci): enable workflow_run triggers for all push branches
Update branch triggers and downstream workflow logic to support all
branches defined in docker-build.yml (main, development, feature/**).

Changes:

docker-build.yml: Expand branch glob to feature/**, use branch-based tags
playwright.yml: Replace is_beta_push with generic is_push detection
security-pr.yml: Same branch-agnostic pattern
supply-chain-pr.yml: Same pattern, skip PR comments for push events
The workflows now support any push that triggers docker-build:

main branch → tag: latest
development branch → tag: dev
feature/* branches → tag: {branch-name}
Pull requests → tag: pr-{number}
Dynamic artifact naming:

Push events: push-image (shared across all branches)
Pull requests: pr-image-{number}
This ensures CI/CD pipelines work for stable releases, bug fixes,
and new feature development without hardcoded branch names.
2026-01-15 16:07:40 +00:00
GitHub Actions
3590553519 chore(ci): comprehensive CI/CD audit fixes per best practices
Implements all 13 fixes identified in the CI/CD audit against
github-actions-ci-cd-best-practices.instructions.md

Critical fixes:

Remove hardcoded encryption key from playwright.yml (security)
Fix artifact filename mismatch in supply-chain-pr.yml (bug)
Pin GoReleaser to ~> v2.5 instead of latest (supply chain)
High priority fixes:

Upgrade CodeQL action from v3 to v4 in supply-chain-pr.yml
Add environment protection for release workflow
Fix shell variable escaping ($$ → $) in release-goreleaser.yml
Medium priority fixes:

Add timeout-minutes to playwright.yml (20 min)
Add explicit permissions to quality-checks.yml
Add timeout-minutes to codecov-upload.yml jobs (15 min)
Fix benchmark.yml permissions (workflow-level read, job-level write)
Low priority fixes:

Add timeout-minutes to docs.yml jobs (10/5 min)
Add permissions block to docker-lint.yml
Add timeout-minutes to renovate.yml (30 min)
2026-01-15 15:25:58 +00:00
GitHub Actions
0892637164 chore(ci): modularize post-build testing into independent workflows
Separate PR-specific tests from docker-build.yml into dedicated workflows
that trigger via workflow_run. This creates a cleaner CI architecture where:

playwright.yml: E2E tests triggered after docker-build completes
security-pr.yml: Trivy binary scanning for PRs
supply-chain-pr.yml: SBOM generation + Grype vulnerability scanning
2026-01-15 15:00:55 +00:00
GitHub Actions
9b3c7eaeae fix(ci): detect beta-release branch correctly for PR events
The skip condition used github.ref to detect the beta-release branch,
but for PRs github.ref is "refs/pull/N/merge", not the branch name.

Added github.head_ref to env variables for PR branch detection
Updated condition to check both REF and HEAD_REF
This ensures E2E tests run for PRs from feature/beta-release branch
2026-01-15 06:18:35 +00:00
GitHub Actions
19a34201bf fix(ci): use valid 32-byte base64 encryption key for E2E tests
The DNS provider API endpoints were returning 404 in CI because the
encryption service failed to initialize with an invalid key.

Changed CHARON_ENCRYPTION_KEY from plain text to valid base64 string
Key "dGVzdC1lbmNyeXB0aW9uLWtleS1mb3ItY2ktMzJieXQ=" decodes to 32 bytes
Without valid encryption key, DNS provider routes don't register
This was causing all dns-provider-types.spec.ts tests to fail
Root cause: AES-256-GCM requires exactly 32 bytes for the key
2026-01-15 06:02:42 +00:00
GitHub Actions
a0314066cd fix: update Renovate token configuration to fallback on GITHUB_TOKEN 2026-01-15 03:24:51 +00:00
GitHub Actions
bb14a5a1e3 fix(tests): change console.error to console.log for login failure messages
feat(tests): update Playwright configuration to include GitHub reporter and adjust base URL handling
2026-01-15 03:19:59 +00:00
GitHub Actions
4adcd9eda1 feat: add nightly branch workflow 2026-01-13 22:11:35 +00:00
Jeremy
3424b7745f Merge pull request #519 from Wikid82/renovate/feature/beta-release-actions-setup-go-6.x
chore(deps): update actions/setup-go action to v6.2.0 (feature/beta-release)
2026-01-13 15:30:15 -05:00
Jeremy
74f32c70ab Merge pull request #518 from Wikid82/renovate/feature/beta-release-actions-setup-go-digest
chore(deps): update actions/setup-go digest to 7a3fe6c (feature/beta-release)
2026-01-13 15:30:00 -05:00
Jeremy
809d40e431 Merge pull request #509 from Wikid82/renovate/feature/beta-release-github-codeql-action-4.x
chore(deps): update github/codeql-action action to v4.31.10 (feature/beta-release)
2026-01-13 15:28:25 -05:00
Jeremy
3157fee8c3 Merge pull request #508 from Wikid82/renovate/feature/beta-release-github-codeql-action-digest
chore(deps): update github/codeql-action digest to cdefb33 (feature/beta-release)
2026-01-13 15:27:21 -05:00
renovate[bot]
e72e864a23 chore(deps): update actions/setup-go action to v6.2.0 2026-01-13 08:59:32 +00:00
renovate[bot]
8ec2c73048 chore(deps): update actions/setup-go digest to 7a3fe6c 2026-01-13 08:59:25 +00:00
renovate[bot]
5a56d4a3ed chore(deps): update github/codeql-action action to v4.31.10 2026-01-12 20:29:11 +00:00
renovate[bot]
39d1db93a5 chore(deps): update github/codeql-action digest to cdefb33 2026-01-12 20:29:07 +00:00
GitHub Actions
4907efc876 fix(ci): remove specific Chromium project reference from Playwright test commands 2026-01-12 20:16:53 +00:00
GitHub Actions
c909525bcf fix(tests): specify Chromium project for Playwright E2E tests 2026-01-12 20:13:09 +00:00
GitHub Actions
b1b7defaae feat(ci): integrate Playwright E2E tests into Docker build workflow 2026-01-12 20:10:16 +00:00
GitHub Actions
4e23a63d8f fix(ci): build Docker image before Playwright tests
- Add Docker image build step before docker compose up
- Optimize Playwright browser installation (chromium only)
- Add frontend dependency installation with logging
- Fixes workflow hanging on missing charon:local image

Previous workflow assumed image existed but CI doesn't pre-build it.
Now builds image from Dockerfile before starting application stack.
2026-01-12 19:55:56 +00:00
GitHub Actions
df5befb840 fix(tests): improve context setup for audit logging in DNS provider service tests
- Updated context key definitions in dns_provider_service_test.go to use string constants instead of custom types for user_id, client_ip, and user_agent.
- Ensured proper context values are set in audit logging tests to avoid defaulting to "system" or empty values.
- Enhanced in-memory SQLite database setup in credential_service_test.go to use WAL mode and busy timeout for better concurrency during tests.
2026-01-12 07:27:00 +00:00
renovate[bot]
9d25ca7f09 chore(deps): update github artifact actions to v6 2026-01-12 06:11:30 +00:00
Jeremy
e4d3acf3c1 Merge branch 'feature/beta-release' into renovate/feature/beta-release-major-5-github-artifact-actions 2026-01-12 01:09:21 -05:00
Jeremy
63d4cfae39 Merge pull request #504 from Wikid82/renovate/feature/beta-release-actions-github-script-8.x
chore(deps): update actions/github-script action to v8 (feature/beta-release)
2026-01-12 01:08:51 -05:00
renovate[bot]
e7e42655f2 chore(deps): update github artifact actions to v5 2026-01-12 06:08:41 +00:00
Jeremy
d1c5f2ad32 Merge pull request #503 from Wikid82/renovate/feature/beta-release-major-7-github-artifact-actions
chore(deps): update actions/download-artifact action to v7 (feature/beta-release)
2026-01-12 01:08:33 -05:00
Jeremy
f9e1a59640 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-checkout-6.x 2026-01-12 01:08:04 -05:00
renovate[bot]
ee5a19810b chore(deps): update actions/checkout action to v6 2026-01-12 06:07:25 +00:00
Jeremy
e25aa6270e Merge pull request #500 from Wikid82/renovate/feature/beta-release-actions-upload-artifact-4.x
chore(deps): update actions/upload-artifact action to v4.6.2 (feature/beta-release)
2026-01-12 01:06:38 -05:00
Jeremy
25b010c241 Merge branch 'feature/beta-release' into renovate/feature/beta-release-pin-dependencies 2026-01-12 01:06:15 -05:00
Jeremy
0334c547f1 Merge pull request #499 from Wikid82/renovate/feature/beta-release-renovatebot-github-action-44.x
chore(deps): update renovatebot/github-action action to v44.2.4 (feature/beta-release)
2026-01-12 01:05:26 -05:00
renovate[bot]
0759ddeab6 chore(deps): update actions/github-script action to v8 2026-01-12 06:00:39 +00:00
renovate[bot]
5b25018c4d chore(deps): update actions/download-artifact action to v7 2026-01-12 06:00:34 +00:00
renovate[bot]
9d8730f41f chore(deps): update actions/checkout action to v5 2026-01-12 06:00:24 +00:00
renovate[bot]
d9e5e8001e chore(deps): update actions/upload-artifact action to v4.6.2 2026-01-12 06:00:18 +00:00
renovate[bot]
c40932c430 chore(deps): update renovatebot/github-action action to v44.2.4 2026-01-12 06:00:13 +00:00
renovate[bot]
fb99022879 chore(deps): pin dependencies 2026-01-12 06:00:09 +00:00
Jeremy
9302226777 Merge pull request #496 from Wikid82/renovate/feature/beta-release-anchore-sbom-action-0.x
chore(deps): update anchore/sbom-action action to v0.21.1 (feature/beta-release)
2026-01-12 00:56:03 -05:00
Jeremy
9c4db471a9 Merge pull request #493 from Wikid82/renovate/feature/beta-release-actions-setup-node-6.x
chore(deps): update actions/setup-node action to v6 (feature/beta-release)
2026-01-12 00:55:36 -05:00
Jeremy
7f7e4c6ff7 Merge pull request #489 from Wikid82/renovate/feature/beta-release-actions-github-script-7.x
chore(deps): update actions/github-script action to v7.1.0 (feature/beta-release)
2026-01-12 00:54:27 -05:00
Jeremy
451055f02c Merge pull request #488 from Wikid82/renovate/feature/beta-release-actions-download-artifact-4.x
chore(deps): update actions/download-artifact action to v4.3.0 (feature/beta-release)
2026-01-12 00:54:11 -05:00
Jeremy
b71082145b Merge pull request #487 from Wikid82/renovate/feature/beta-release-actions-checkout-4.x
chore(deps): update actions/checkout action to v4.3.1 (feature/beta-release)
2026-01-12 00:53:50 -05:00
Jeremy
05904a14d9 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-checkout-4.x 2026-01-12 00:52:05 -05:00
Jeremy
ae3417a986 Merge branch 'feature/beta-release' into renovate/feature/beta-release-peter-evans-create-or-update-comment-5.x 2026-01-12 00:51:02 -05:00
Jeremy
9836288e91 Merge branch 'main' into feature/beta-release 2026-01-12 00:34:06 -05:00
GitHub Actions
3fb870f109 fix: improve Docker image handling in CI workflow with exact tag extraction and validation 2026-01-12 05:33:29 +00:00
Jeremy
22a23da6e9 Add nightly branch to propagate changes workflow 2026-01-12 00:19:19 -05:00
renovate[bot]
e86124f556 chore(deps): update anchore/sbom-action action to v0.21.1 2026-01-12 05:05:57 +00:00
renovate[bot]
bcdc472b0a chore(deps): update actions/setup-node action to v6 2026-01-12 05:04:50 +00:00