GitHub Actions
5dfd546b42
feat: add weekly security rebuild workflow with no-cache scanning
...
Implements proactive CVE detection strategy to catch Alpine package
vulnerabilities within 7 days without impacting development velocity.
Changes:
- Add .github/workflows/security-weekly-rebuild.yml
- Runs weekly on Sundays at 02:00 UTC
- Builds Docker image with --no-cache
- Runs comprehensive Trivy scans (table, SARIF, JSON)
- Uploads security reports to GitHub Security tab
- 90-day artifact retention
- Update docs/plans/c-ares_remediation_plan.md
- Document CI/CD cache strategy analysis
- Add implementation status
- Fix all markdown formatting issues
- Update docs/plans/current_spec.md (pointer)
- Add docs/reports/qa_report.md (validation results)
Benefits:
- Proactive CVE detection (~7 day window)
- No impact on PR/push build performance
- Only +50% CI cost vs +150% for all no-cache builds
First run: Sunday, December 15, 2025 at 02:00 UTC
Related: CVE-2025-62408 (c-ares vulnerability)
2025-12-14 02:08:16 +00:00
GitHub Actions
375b6b4f72
feat: add weekly security workflow implementation and documentation
2025-12-14 02:03:38 +00:00
GitHub Actions
0f0e5c6af7
refactor: update current planning document to focus on c-ares security vulnerability remediation
...
This update revises the planning document to address the c-ares security vulnerability (CVE-2025-62408) and removes the previous analysis regarding Go version compatibility issues. The document now emphasizes the need to rebuild the Docker image to pull the patched version of c-ares from Alpine repositories, with no Dockerfile changes required.
Key changes include:
- Removal of outdated Go version mismatch analysis.
- Addition of details regarding the c-ares vulnerability and its impact.
- Streamlined focus on remediation steps and testing checklist.
2025-12-14 02:03:15 +00:00
GitHub Actions
71ba83c2cd
fix: change Renovate log level from info to debug for better troubleshooting
2025-12-14 01:18:42 +00:00
GitHub Actions
b2bee62a0e
Refactor code structure for improved readability and maintainability
2025-12-14 01:14:54 +00:00
GitHub Actions
3fd85ce34f
fix: upgrade Go to 1.25 for Caddy 2.10.2 compatibility
...
Caddy 2.10.2 requires Go 1.25 (declared in its go.mod). The previous
commit incorrectly downgraded to Go 1.23 based on the false assumption
that Go 1.25.5 doesn't exist.
This fix:
- Updates Dockerfile Go images from 1.23-alpine to 1.25-alpine
- Updates backend/go.mod to go 1.25
- Updates go.work to go 1.25
Fixes CI Docker build failures in xcaddy stage.
2025-12-14 01:06:03 +00:00
Jeremy
6deb5eb9f2
Merge branch 'development' into main
2025-12-13 19:50:15 -05:00
GitHub Actions
481208caf2
fix: correct Go version to 1.23 in Dockerfile (1.25.5 does not exist)
2025-12-14 00:44:27 +00:00
GitHub Actions
65443a1464
fix: correct Go version to 1.23 (1.25.5 does not exist)
2025-12-14 00:36:20 +00:00
GitHub Actions
71269fe041
fix: update Renovate token secret name from RENOVATOR_TOKEN to RENOVATE_TOKEN
2025-12-14 00:32:00 +00:00
GitHub Actions
d1876b8dd7
fix: use RENOVATOR_TOKEN secret name
2025-12-14 00:30:45 +00:00
GitHub Actions
eb6cf7f380
fix: use RENOVATE_TOKEN PAT for Renovate authentication
2025-12-14 00:23:21 +00:00
GitHub Actions
4331c798d9
fix: clean up .gitignore by removing VS Code settings while preserving shared configs
2025-12-14 00:20:27 +00:00
GitHub Actions
c55932c41a
fix: simplify Renovate workflow to use GITHUB_TOKEN directly
2025-12-14 00:19:16 +00:00
GitHub Actions
eb16452d8b
chore: track VS Code tasks.json and launch.json in git
2025-12-14 00:16:47 +00:00
GitHub Actions
7ab2ce2617
fix: update workflows to use GITHUB_TOKEN instead of CHARON_TOKEN for improved compatibility
2025-12-14 00:11:06 +00:00
GitHub Actions
34dc485387
fix: add GITHUB_TOKEN to GoReleaser and fix Go/Node versions
2025-12-14 00:09:37 +00:00
GitHub Actions
43b8f75380
fix: update versioning patterns for major and minor version bumps
2025-12-14 00:08:57 +00:00
GitHub Actions
257c9504e7
feat: update CI to v0.4.0 with proper semantic versioning
2025-12-13 23:58:03 +00:00
Jeremy
62747aa88f
Merge pull request #386 from Wikid82/renovate/actions-checkout-5.x
...
chore(deps): update actions/checkout action to v5 - abandoned
2025-12-12 21:28:05 -05:00
Jeremy
5867b0f468
Merge branch 'development' into renovate/actions-checkout-5.x
2025-12-12 21:27:52 -05:00
Jeremy
1bce797a78
Merge pull request #385 from Wikid82/renovate/npm-minorpatch
...
chore(deps): update dependency markdownlint-cli2 to ^0.20.0
2025-12-12 21:27:22 -05:00
Jeremy
d82f401f3b
Merge pull request #384 from Wikid82/renovate/github.com-oschwald-geoip2-golang-2.x
...
fix(deps): update module github.com/oschwald/geoip2-golang to v2
2025-12-12 21:27:09 -05:00
Jeremy
9c17ec2df5
Merge pull request #383 from Wikid82/renovate/node-24.x
...
chore(deps): update dependency node to v24
2025-12-12 21:26:50 -05:00
Jeremy
85da974092
Merge branch 'development' into renovate/node-24.x
2025-12-12 21:26:43 -05:00
Jeremy
12cee833fc
Merge pull request #382 from Wikid82/renovate/node-22.x
...
chore(deps): update dependency node to v22
2025-12-12 21:26:11 -05:00
Jeremy
6a7bb0db56
Merge pull request #381 from Wikid82/renovate/actions-setup-node-6.x
...
chore(deps): update actions/setup-node action to v6
2025-12-12 21:25:56 -05:00
Jeremy
b1a2884cca
Merge branch 'development' into renovate/actions-setup-node-6.x
2025-12-12 21:25:48 -05:00
Jeremy
88c78553a8
Merge pull request #380 from Wikid82/renovate/actions-setup-node-5.x
...
chore(deps): update actions/setup-node action to v5
2025-12-12 21:25:19 -05:00
Jeremy
193726c427
Merge pull request #379 from Wikid82/renovate/actions-github-script-8.x
...
chore(deps): update actions/github-script action to v8
2025-12-12 21:25:03 -05:00
renovate[bot]
9c02724c42
chore(deps): update dependency node to v24
2025-12-13 02:24:49 +00:00
Jeremy
6ca008fc57
Merge pull request #378 from Wikid82/renovate/actions-checkout-6.x
...
chore(deps): update actions/checkout action to v6
2025-12-12 21:24:46 -05:00
renovate[bot]
736037aaf7
chore(deps): update dependency node to v22
2025-12-13 02:24:45 +00:00
renovate[bot]
038c697cb1
chore(deps): update actions/setup-node action to v6
2025-12-13 02:24:43 +00:00
renovate[bot]
292745bae9
chore(deps): update actions/setup-node action to v5
2025-12-13 02:24:40 +00:00
renovate[bot]
f3dd8d97b6
chore(deps): update actions/github-script action to v8
2025-12-13 02:24:37 +00:00
renovate[bot]
18677eeb48
chore(deps): update actions/checkout action to v6
2025-12-13 02:24:34 +00:00
renovate[bot]
20f5f0cbb2
chore(deps): update actions/checkout action to v5
2025-12-13 02:24:30 +00:00
Jeremy
c5506c16f4
Merge pull request #377 from Wikid82/renovate/node-20.x
...
chore(deps): update dependency node to v20.19.6
2025-12-12 21:24:03 -05:00
renovate[bot]
be099d9cea
chore(deps): update dependency markdownlint-cli2 to ^0.20.0
2025-12-13 02:23:47 +00:00
Jeremy
cad8045f79
Merge pull request #376 from Wikid82/renovate/actions-setup-node-digest
...
chore(deps): update actions/setup-node digest to 49933ea
2025-12-12 21:23:45 -05:00
renovate[bot]
42a6bc509a
fix(deps): update module github.com/oschwald/geoip2-golang to v2
2025-12-13 02:23:34 +00:00
Jeremy
8e88e74f28
Merge pull request #375 from Wikid82/renovate/actions-github-script-digest
...
chore(deps): update actions/github-script digest to f28e40c
2025-12-12 21:23:29 -05:00
Jeremy
9091144b0b
Merge pull request #374 from Wikid82/renovate/actions-checkout-digest
...
chore(deps): update actions/checkout digest to 34e1148
2025-12-12 21:22:54 -05:00
renovate[bot]
c3ff2cb20c
chore(deps): update dependency node to v20.19.6
2025-12-13 02:22:45 +00:00
renovate[bot]
9ed39cef8c
chore(deps): update actions/setup-node digest to 49933ea
2025-12-13 02:22:41 +00:00
renovate[bot]
852376d597
chore(deps): update actions/github-script digest to f28e40c
2025-12-13 02:22:37 +00:00
renovate[bot]
eddf5155a0
chore(deps): update actions/checkout digest to 34e1148
2025-12-13 02:22:33 +00:00
Jeremy
249779f09d
Merge pull request #372 from Wikid82/development
...
Development
2025-12-12 21:18:07 -05:00
github-actions[bot]
ade66af7da
chore: move processed issue files to created/ [skip ci]
2025-12-13 02:17:33 +00:00
