akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
1,345 Commits 11 Branches 107 Tags
0d2b4e167d1df97841cff32b696a15c3c2b2c463
Commit Graph

359 Commits

Author SHA1 Message Date
GitHub Actions
193ba124c7 fix: correct extraction of expr-lang version from caddy_deps.txt 2025-12-18 00:17:12 +00:00
GitHub Actions
ed7dc3f904 fix: update regex for expr-lang version check to ensure accurate vulnerability assessment 2025-12-18 00:05:31 +00:00
GitHub Actions
761d59c7e9 fix: add timeout to Caddy version verification step to prevent hangs 2025-12-17 23:58:40 +00:00
GitHub Actions
bc23eb3800 fix: add timeout to integration tests to prevent CI hangs 
- Add timeout-minutes: 5 to docker-build.yml integration test step
- Add set -o pipefail to integration-test.sh
- Add 4-minute timeout wrapper (INTEGRATION_TEST_TIMEOUT env var)

Resolves hang after Caddy TLS cleanup in GitHub Actions run #20319807650
 2025-12-17 23:41:27 +00:00
GitHub Actions
76895a9674 fix: load Docker image for PR events to resolve CI failure 2025-12-17 22:52:56 +00:00
GitHub Actions
6d18854e92 fix: use PR number instead of ref_name for Docker image tags 
GitHub's github.ref_name returns "421/merge" for PR merge refs,
creating invalid Docker tags like "pr-421/merge". Docker tags
cannot contain forward slashes.

Changed to use github.event.pull_request.number which returns
just the PR number (e.g., "421") for valid tags like "pr-421".

Fixes CI/CD failure in PR #421.
 2025-12-17 20:00:44 +00:00
GitHub Actions
942901fb9a fix: remove Caddy version check that hangs build (CVE-2025-68156) 2025-12-17 18:37:20 +00:00
Jeremy
3a3dccbb5a Merge branch 'development' into renovate/github-codeql-action-4.x 2025-12-17 09:31:09 -05:00
renovate[bot]
793315336a chore(deps): update github/codeql-action action to v4.31.9 2025-12-17 14:25:51 +00:00
renovate[bot]
711ed07df7 chore(deps): update github/codeql-action digest to 5d4e8d1 2025-12-17 14:25:45 +00:00
renovate[bot]
7f3cdb8011 chore(deps): update renovatebot/github-action action to v44.2.0 2025-12-16 15:17:40 +00:00
Jeremy
5376f28a64 Merge branch 'development' into renovate/node-24.x 2025-12-14 02:32:44 -05:00
Jeremy
2b36bd41fb Merge branch 'development' into renovate/node-22.x 2025-12-14 02:32:10 -05:00
Jeremy
d0c6061544 Merge branch 'development' into renovate/major-6-github-artifact-actions 2025-12-14 02:31:43 -05:00
renovate[bot]
df59d98289 chore(deps): update dependency node to v24 2025-12-14 07:31:33 +00:00
renovate[bot]
d63a08d6a2 chore(deps): update dependency node to v22 2025-12-14 07:31:30 +00:00
Jeremy
f1bd20ea9b Merge branch 'development' into renovate/major-5-github-artifact-actions 2025-12-14 02:31:02 -05:00
Jeremy
33fa5e7f94 Merge branch 'development' into renovate/node-20.x 2025-12-14 02:03:17 -05:00
renovate[bot]
85fd287b34 chore(deps): update actions/upload-artifact action to v6 2025-12-14 07:01:59 +00:00
renovate[bot]
c19c4d4ff0 chore(deps): update actions/upload-artifact action to v5 2025-12-14 07:01:56 +00:00
Jeremy
8f6ebf6107 Merge branch 'development' into renovate/go-1.x 2025-12-14 02:01:51 -05:00
renovate[bot]
7c4b0002b5 chore(deps): update dependency node to v20.19.6 2025-12-14 06:43:40 +00:00
renovate[bot]
0600f9da2a chore(deps): update dependency go to v1.25.5 2025-12-14 06:43:33 +00:00
renovate[bot]
e66404c817 chore(deps): pin actions/upload-artifact action to ea165f8 2025-12-14 06:43:09 +00:00
GitHub Actions
18868a47fc fix: add pull:true to docker-publish for fresh base images 
The docker-publish.yml workflow was missing pull:true, causing it
to use cached Alpine images with vulnerable c-ares 1.34.5-r0.

This completes the fix across all three Docker workflows:
- docker-build.yml ✓
- docker-publish.yml ✓ (this commit)
- security-weekly-rebuild.yml ✓

Resolves CVE-2025-62408 (c-ares)
 2025-12-14 06:28:47 +00:00
GitHub Actions
cb5bd01a93 fix: add pull:true to docker-build to ensure fresh base images 
Ensures all Docker builds pull fresh Alpine base images to get
security patches like c-ares 1.34.6-r0 (CVE-2025-62408).

This mirrors the change made to security-weekly-rebuild.yml.
 2025-12-14 06:18:42 +00:00
GitHub Actions
72ebde31ce fix: add pull:true to security rebuild to fetch fresh base images 
Without pull:true, the weekly security rebuild may use stale base
images cached on GitHub runners, missing security patches like
c-ares 1.34.6-r0 (CVE-2025-62408).
 2025-12-14 05:21:15 +00:00
GitHub Actions
7c79bf066a fix: update security package check to include apk update for accurate version info 2025-12-14 05:12:01 +00:00
GitHub Actions
394ada14f3 fix: update Docker run command to remove entrypoint for security package checks 2025-12-14 04:36:39 +00:00
GitHub Actions
caf3e0340d fix: reduce weekly security scan build time (amd64 only, 60min timeout) 2025-12-14 03:47:32 +00:00
GitHub Actions
0f0e5c6af7 refactor: update current planning document to focus on c-ares security vulnerability remediation 
This update revises the planning document to address the c-ares security vulnerability (CVE-2025-62408) and removes the previous analysis regarding Go version compatibility issues. The document now emphasizes the need to rebuild the Docker image to pull the patched version of c-ares from Alpine repositories, with no Dockerfile changes required.

Key changes include:
- Removal of outdated Go version mismatch analysis.
- Addition of details regarding the c-ares vulnerability and its impact.
- Streamlined focus on remediation steps and testing checklist.
 2025-12-14 02:03:15 +00:00
GitHub Actions
71ba83c2cd fix: change Renovate log level from info to debug for better troubleshooting 2025-12-14 01:18:42 +00:00
Jeremy
6deb5eb9f2 Merge branch 'development' into main 2025-12-13 19:50:15 -05:00
GitHub Actions
71269fe041 fix: update Renovate token secret name from RENOVATOR_TOKEN to RENOVATE_TOKEN 2025-12-14 00:32:00 +00:00
GitHub Actions
d1876b8dd7 fix: use RENOVATOR_TOKEN secret name 2025-12-14 00:30:45 +00:00
GitHub Actions
eb6cf7f380 fix: use RENOVATE_TOKEN PAT for Renovate authentication 2025-12-14 00:23:21 +00:00
GitHub Actions
c55932c41a fix: simplify Renovate workflow to use GITHUB_TOKEN directly 2025-12-14 00:19:16 +00:00
GitHub Actions
7ab2ce2617 fix: update workflows to use GITHUB_TOKEN instead of CHARON_TOKEN for improved compatibility 2025-12-14 00:11:06 +00:00
GitHub Actions
34dc485387 fix: add GITHUB_TOKEN to GoReleaser and fix Go/Node versions 2025-12-14 00:09:37 +00:00
GitHub Actions
43b8f75380 fix: update versioning patterns for major and minor version bumps 2025-12-14 00:08:57 +00:00
Jeremy
85da974092 Merge branch 'development' into renovate/node-24.x 2025-12-12 21:26:43 -05:00
Jeremy
12cee833fc Merge pull request #382 from Wikid82/renovate/node-22.x 
chore(deps): update dependency node to v22
 2025-12-12 21:26:11 -05:00
Jeremy
b1a2884cca Merge branch 'development' into renovate/actions-setup-node-6.x 2025-12-12 21:25:48 -05:00
Jeremy
88c78553a8 Merge pull request #380 from Wikid82/renovate/actions-setup-node-5.x 
chore(deps): update actions/setup-node action to v5
 2025-12-12 21:25:19 -05:00
Jeremy
193726c427 Merge pull request #379 from Wikid82/renovate/actions-github-script-8.x 
chore(deps): update actions/github-script action to v8
 2025-12-12 21:25:03 -05:00
renovate[bot]
9c02724c42 chore(deps): update dependency node to v24 2025-12-13 02:24:49 +00:00
renovate[bot]
736037aaf7 chore(deps): update dependency node to v22 2025-12-13 02:24:45 +00:00
renovate[bot]
038c697cb1 chore(deps): update actions/setup-node action to v6 2025-12-13 02:24:43 +00:00
renovate[bot]
292745bae9 chore(deps): update actions/setup-node action to v5 2025-12-13 02:24:40 +00:00
renovate[bot]
f3dd8d97b6 chore(deps): update actions/github-script action to v8 2025-12-13 02:24:37 +00:00