akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
1,798 Commits 11 Branches 107 Tags
6e0cb3f89a99fe052d431d3797326ba4bdd92fcd
Commit Graph

22 Commits

Author SHA1 Message Date
GitHub Actions
4adcd9eda1 feat: add nightly branch workflow 2026-01-13 22:11:35 +00:00
renovate[bot]
9d25ca7f09 chore(deps): update github artifact actions to v6 2026-01-12 06:11:30 +00:00
Jeremy
e4d3acf3c1 Merge branch 'feature/beta-release' into renovate/feature/beta-release-major-5-github-artifact-actions 2026-01-12 01:09:21 -05:00
Jeremy
63d4cfae39 Merge pull request #504 from Wikid82/renovate/feature/beta-release-actions-github-script-8.x 
chore(deps): update actions/github-script action to v8 (feature/beta-release)
 2026-01-12 01:08:51 -05:00
renovate[bot]
e7e42655f2 chore(deps): update github artifact actions to v5 2026-01-12 06:08:41 +00:00
Jeremy
f9e1a59640 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-checkout-6.x 2026-01-12 01:08:04 -05:00
renovate[bot]
ee5a19810b chore(deps): update actions/checkout action to v6 2026-01-12 06:07:25 +00:00
Jeremy
e25aa6270e Merge pull request #500 from Wikid82/renovate/feature/beta-release-actions-upload-artifact-4.x 
chore(deps): update actions/upload-artifact action to v4.6.2 (feature/beta-release)
 2026-01-12 01:06:38 -05:00
renovate[bot]
0759ddeab6 chore(deps): update actions/github-script action to v8 2026-01-12 06:00:39 +00:00
renovate[bot]
9d8730f41f chore(deps): update actions/checkout action to v5 2026-01-12 06:00:24 +00:00
renovate[bot]
d9e5e8001e chore(deps): update actions/upload-artifact action to v4.6.2 2026-01-12 06:00:18 +00:00
Jeremy
7f7e4c6ff7 Merge pull request #489 from Wikid82/renovate/feature/beta-release-actions-github-script-7.x 
chore(deps): update actions/github-script action to v7.1.0 (feature/beta-release)
 2026-01-12 00:54:27 -05:00
Jeremy
b71082145b Merge pull request #487 from Wikid82/renovate/feature/beta-release-actions-checkout-4.x 
chore(deps): update actions/checkout action to v4.3.1 (feature/beta-release)
 2026-01-12 00:53:50 -05:00
renovate[bot]
69d527682a chore(deps): update actions/github-script action to v7.1.0 2026-01-12 05:04:02 +00:00
renovate[bot]
b1fd466e20 chore(deps): update actions/checkout action to v4.3.1 2026-01-12 05:03:51 +00:00
renovate[bot]
b44ff56283 chore(deps): update peter-evans/create-or-update-comment action to v5 2026-01-12 05:02:31 +00:00
GitHub Actions
622f5a48e4 fix: Enhance supply chain security with updated PR comments, remediation plan, scan analysis, and detailed vulnerability reporting 
- Implemented a new workflow for supply chain security that updates PR comments with current scan results, replacing stale data.
- Created a remediation plan addressing high-severity vulnerabilities in CrowdSec binaries, including action items and timelines.
- Developed a discrepancy analysis document to investigate differences between local and CI vulnerability scans, identifying root causes and remediation steps.
- Enhanced vulnerability reporting in PR comments to include detailed findings, collapsible sections for readability, and artifact uploads for compliance tracking.
 2026-01-11 20:13:15 +00:00
GitHub Actions
db7490d763 feat: Enhance supply chain verification by excluding PR builds and add Docker image artifact handling 2026-01-11 07:17:12 +00:00
GitHub Actions
93ff3cb16a fix: CI/CD workflow improvements 
- Mark current specification as complete and ready for the next task.
- Document completed work on CI/CD workflow fixes, including implementation summary and QA report links.
- Archive previous planning documents related to GitHub security warnings.
- Revise QA report to reflect the successful validation of CI workflow documentation updates, with zero high/critical issues found.
- Add new QA report for Grype SBOM remediation implementation, detailing security scans, validation results, and recommendations.
 2026-01-11 04:00:30 +00:00
GitHub Actions
6c99372c52 fix(ci): add workflow orchestration for supply chain verification 
Resolves issue where supply-chain-verify.yml ran before docker-build.yml
completed, causing verification to skip on PRs because Docker image
didn't exist yet.

**Root Cause:**
Both workflows triggered independently on PR events with no dependency,
running concurrently instead of sequentially.

**Solution:**
Add workflow_run trigger to supply-chain-verify that waits for
docker-build to complete successfully before running.

**Changes:**
- Remove pull_request trigger from supply-chain-verify.yml
- Add workflow_run trigger for "Docker Build, Publish & Test"
- Add job conditional checking workflow_run.conclusion == 'success'
- Update tag determination to handle workflow_run context
- Extract PR number from workflow_run metadata
- Update PR comment logic for workflow_run events
- Add debug logging for workflow_run context
- Document workflow_run depth limitation

**Behavior:**
- PRs: docker-build → supply-chain-verify (sequential)
- Push to main: docker-build → supply-chain-verify (sequential)
- Failed builds: verification skipped (correct behavior)
- Manual triggers: preserved via workflow_dispatch
- Scheduled runs: preserved for weekly scans

**Security:**
- Workflow security validated: LOW risk
- workflow_run runs in default branch context (prevents privilege escalation)
- No secret exposure in logs or comments
- Proper input sanitization for workflow metadata
- YAML validation passed
- Pre-commit hooks passed

**Testing:**
- YAML syntax validated
- All references verified correct
- Regression testing completed (no breaking changes)
- Debug instrumentation added for validation

**Documentation:**
- Implementation summary created
- QA report with security audit
- Plan archived for reference
- Testing guidelines provided

Related: #461 (PR where issue was discovered)
Resolves: Supply chain verification skipping on PRs

Co-authored-by: GitHub Copilot <copilot@github.com>
 2026-01-11 00:59:10 +00:00
GitHub Actions
e95590a727 fix: Update security remediation plan and QA report for Grype SBOM implementation 
- Removed outdated security remediation plan for DoD failures, indicating no active specifications.
- Documented recent completion of Grype SBOM remediation, including implementation summary and QA report.
- Updated QA report to reflect successful validation of security scans with zero HIGH/CRITICAL findings.
- Deleted the previous QA report file as its contents are now integrated into the current report.
 2026-01-10 05:40:56 +00:00
GitHub Actions
8bcfe28709 docs: comprehensive supply chain security QA audit report 
Complete security audit covering:
- CodeQL analysis (0 Critical/High issues)
- Trivy vulnerability scanning (clean)
- Shellcheck linting (2 issues fixed)
- Supply chain skill testing
- GitHub Actions workflow validation
- Regression testing

All critical checks PASSED. Ready for deployment.
 2026-01-10 03:33:38 +00:00