- Add timeout-minutes: 5 to docker-build.yml integration test step
- Add set -o pipefail to integration-test.sh
- Add 4-minute timeout wrapper (INTEGRATION_TEST_TIMEOUT env var)
Resolves hang after Caddy TLS cleanup in GitHub Actions run #20319807650
GitHub's github.ref_name returns "421/merge" for PR merge refs,
creating invalid Docker tags like "pr-421/merge". Docker tags
cannot contain forward slashes.
Changed to use github.event.pull_request.number which returns
just the PR number (e.g., "421") for valid tags like "pr-421".
Fixes CI/CD failure in PR #421.
Ensures all Docker builds pull fresh Alpine base images to get
security patches like c-ares 1.34.6-r0 (CVE-2025-62408).
This mirrors the change made to security-weekly-rebuild.yml.
- Implemented `docker-build.yml` for building and pushing Docker images with multi-platform support, Trivy security scanning, and conditional builds based on commit messages.
- Created `docker-publish.yml` for streamlined Docker image publishing with Trivy vulnerability scanning on push events.
- Added `docs.yml` to automate documentation deployment to GitHub Pages, including a custom HTML structure and markdown conversion.
- Introduced `propagate-changes.yml` to automate PR creation for synchronizing changes between main, development, and feature branches.
- Established `quality-checks.yml` for running backend (Go) and frontend (React) quality checks, including tests and linting.
- Developed `release.yml` for generating changelogs and creating GitHub releases upon version tag pushes.
- Set up `renovate.yml` for automated dependency updates on a daily schedule.
- Deleted Settings.tsx and Setup.tsx pages, which included functionality for changing passwords and setting up an admin account.
- Removed associated test files for Setup page.
- Eliminated API service definitions related to proxy hosts, remote servers, import functionality, and health checks.
- Cleaned up mock data and test setup files.
- Removed configuration files for TypeScript, Vite, and Tailwind CSS.
- Deleted scripts for testing coverage, release management, Dockerfile validation, and Python compilation checks.
- Removed Sourcery pre-commit wrapper script.
- Use environment variables for GitHub context in shell scripts to prevent injection attacks and syntax errors when commit messages contain special characters (e.g. single quotes, ampersands).
- Fixes failure when merging branches with special characters in their names.
- Remove type=sha tags that were producing invalid formats like ':-f0d0654'
- Keep latest/dev tags for branches and semver tags for releases
- SHA is still tracked via image digest and labels
- Add format=short to SHA tags to prevent malformed tags
- Standardize dev tag naming across workflows (was 'development')
- Ensure branch name is properly included in SHA prefix
- Add Trivy vulnerability scanner after image build
- Upload SARIF results to GitHub Security tab
- Display critical/high severity issues in workflow logs
- Add security-events permission for SARIF upload
- Skip scanning on pull requests to save time
- Change ruff>=0.15 to ruff>=0.6.0 (0.15 doesn't exist yet)
- Replace CPMP_GHCR_TOKEN with GITHUB_TOKEN for GHCR authentication
- GITHUB_TOKEN is automatically provided by GitHub Actions with correct permissions
Major Updates:
- Rewrote all docs in beginner-friendly 'ELI5' language
- Created docs index with user journey navigation
- Added complete getting-started guide for novice users
- Set up GitHub Container Registry (GHCR) automation
- Configured GitHub Pages deployment for documentation
Documentation:
- docs/index.md - Central navigation hub
- docs/getting-started.md - Step-by-step beginner guide
- docs/github-setup.md - CI/CD setup instructions
- README.md - Complete rewrite in accessible language
- CONTRIBUTING.md - Contributor guidelines
- Multiple comprehensive API and schema docs
CI/CD Workflows:
- .github/workflows/docker-build.yml - Multi-platform builds to GHCR
- .github/workflows/docs.yml - Automated docs deployment to Pages
- Supports main (latest), development (dev), and version tags
- Automated testing of built images
- Beautiful documentation site with dark theme
Benefits:
- Zero barrier to entry for new users
- Automated Docker builds (AMD64 + ARM64)
- Professional documentation site
- No Docker Hub account needed (uses GHCR)
- Complete CI/CD pipeline
All 7 implementation phases complete - project is production ready!
