- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs
Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected
Refs: docs/plans/instruction_compliance_spec.md
- Add timeout-minutes: 5 to docker-build.yml integration test step
- Add set -o pipefail to integration-test.sh
- Add 4-minute timeout wrapper (INTEGRATION_TEST_TIMEOUT env var)
Resolves hang after Caddy TLS cleanup in GitHub Actions run #20319807650
GitHub's github.ref_name returns "421/merge" for PR merge refs,
creating invalid Docker tags like "pr-421/merge". Docker tags
cannot contain forward slashes.
Changed to use github.event.pull_request.number which returns
just the PR number (e.g., "421") for valid tags like "pr-421".
Fixes CI/CD failure in PR #421.
The docker-publish.yml workflow was missing pull:true, causing it
to use cached Alpine images with vulnerable c-ares 1.34.5-r0.
This completes the fix across all three Docker workflows:
- docker-build.yml ✓
- docker-publish.yml ✓ (this commit)
- security-weekly-rebuild.yml ✓
Resolves CVE-2025-62408 (c-ares)
Checkout v6.0.1 was released yesterday (Dec 2, 2025) and is causing CI
failures across all workflows. The v6 release requires minimum GitHub
Actions Runner v2.329.0 for Docker container scenarios and likely has
edge cases causing failures.
Downgrading to v4.2.2 (stable release from Oct 2024) to restore CI
stability. Can re-evaluate v6 after it matures.
Affects 16 checkout action references across 12 workflow files:
- quality-checks.yml
- waf-integration.yml
- docker-publish.yml
- codecov-upload.yml
- codeql.yml
- benchmark.yml
- docs.yml
- release-goreleaser.yml
- auto-versioning.yml
- docker-lint.yml
- auto-changelog.yml
- renovate.yml
- Implemented new security presets for access control lists, including geo-blacklist and known botnet IPs.
- Added tests for security presets functionality, including validation of preset structure and category/type checks.
- Created hooks for Docker and domains with comprehensive tests for fetching, creating, and deleting domains.
- Removed unused HealthStatus component.
- Updated ProxyHosts bulk delete tests to reflect changes in selection logic.
- Introduced integration test script for automated testing of proxy host creation and validation.
