akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
3,435 Commits 11 Branches 107 Tags
8670cdfd2b776c4f41950913653e4e84a5b15dcd
Commit Graph

932 Commits

Author SHA1 Message Date
renovate[bot]
3577ce6c56 chore(deps): update softprops/action-gh-release digest to b25b93d 2026-03-15 10:55:54 +00:00
Jeremy
fca1139c81 Merge pull request #838 from Wikid82/renovate/feature/beta-release-release-drafter-release-drafter-7.x 
chore(deps): update release-drafter/release-drafter action to v7 (feature/beta-release)
 2026-03-14 12:30:46 -04:00
renovate[bot]
8ab926dc8b chore(deps): update release-drafter/release-drafter action to v7 2026-03-14 13:16:45 +00:00
renovate[bot]
85f258d9f6 chore(deps): update non-major-updates 2026-03-14 13:15:37 +00:00
GitHub Actions
bad97102e1 fix: repair GeoIP CI detection and harden httpbin startup in integration tests 2026-03-13 20:07:30 +00:00
GitHub Actions
98a4efcd82 fix: handle errors gracefully when commenting on PRs in supply chain verification workflow 2026-03-13 20:07:30 +00:00
renovate[bot]
eb5b74cbe3 chore(deps): update non-major-updates 2026-03-13 19:08:11 +00:00
renovate[bot]
49b956f916 chore(deps): update non-major-updates 2026-03-12 17:38:44 +00:00
renovate[bot]
7932188dae fix(deps): update non-major-updates 2026-03-12 09:30:08 +00:00
renovate[bot]
3186676f94 chore(deps): update non-major-updates 2026-03-11 16:26:55 +00:00
renovate[bot]
065ac87815 fix(deps): update non-major-updates 2026-03-11 14:53:49 +00:00
renovate[bot]
4e81a982aa chore(deps): update non-major-updates 2026-03-11 02:14:55 +00:00
renovate[bot]
13c5f8356c chore(deps): update non-major-updates 2026-03-10 13:21:37 +00:00
renovate[bot]
e2ebdb37f0 fix(deps): update non-major-updates 2026-03-09 18:49:35 +00:00
renovate[bot]
424dc43652 fix(deps): update non-major-updates 2026-03-09 16:47:48 +00:00
GitHub Actions
9cc7393e7b fix: update digest references in nightly build workflow to use output from resolve_digest step 2026-03-09 00:28:55 +00:00
GitHub Actions
187c3aea68 fix: remove unused tags output from build-and-push-nightly job 2026-03-09 00:06:00 +00:00
renovate[bot]
8032fb5b41 chore(deps): update non-major-updates 2026-03-07 19:54:06 +00:00
GitHub Actions
e68035fe30 fix: add Trivy ignore for CVE-2026-22184 and update expiry date for CVE-2026-22184 in Grype configuration 2026-03-07 13:56:01 +00:00
GitHub Actions
80ecb7de7f fix: enhance vulnerability reporting in nightly build with detailed triage information 2026-03-07 13:38:16 +00:00
GitHub Actions
75cd0a4d9c fix: update nightly branch checkout reference to support manual triggers 2026-03-07 12:58:40 +00:00
GitHub Actions
2824a731f5 fix: improve Alpine image digest resolution in nightly build workflow 2026-03-07 12:40:00 +00:00
GitHub Actions
2dbb00036d fix: resolve image digest from GHCR API for nightly builds 2026-03-07 12:25:57 +00:00
GitHub Actions
0ad0c2f2c4 fix: improve error handling for empty build digest in Syft SBOM scan 2026-03-07 12:18:20 +00:00
GitHub Actions
104f0eb6ee fix: add error handling for empty build digest in Syft SBOM scan 2026-03-07 12:04:15 +00:00
Jeremy
f50b05519b Merge pull request #810 from Wikid82/renovate/feature/beta-release-non-major-updates 
chore(deps): update aquasecurity/trivy-action action to v0.35.0 (feature/beta-release)
 2026-03-07 00:35:57 -05:00
GitHub Actions
ca3c1085ac fix: update notification messages for various handlers to improve clarity and consistency 2026-03-07 05:16:07 +00:00
renovate[bot]
4cee4f01f3 chore(deps): update aquasecurity/trivy-action action to v0.35.0 2026-03-07 04:29:40 +00:00
GitHub Actions
82e2134333 fix: remove security-experimental queries from CodeQL configuration to prevent false positives 2026-03-07 03:48:04 +00:00
GitHub Actions
92310a8b3e fix: update CodeQL queries to include security-experimental suite for enhanced analysis 2026-03-07 02:42:42 +00:00
renovate[bot]
13d31dd922 fix(deps): update non-major-updates 2026-03-06 20:00:48 +00:00
GitHub Actions
5bbae48b6b chore(docker): wire all workflows to single-source version ARGs 
The Dockerfile already centralizes all version pins into top-level ARGs
(GO_VERSION, ALPINE_IMAGE, CROWDSEC_VERSION, EXPR_LANG_VERSION, XNET_VERSION).
This change closes the remaining gaps so those ARGs are the single source of
truth end-to-end:

- nightly-build.yml now resolves the Alpine image digest at build time and
  passes ALPINE_IMAGE as a build-arg, matching the docker-build.yml pattern.
  Previously, nightly images were built with the Dockerfile ARG default and
  without a pinned digest, making runtime Alpine differ from docker-build.yml.

- six CI workflows (quality-checks, codecov-upload, benchmark, e2e-tests-split,
  release-goreleaser, codeql) declared a GO_VERSION env var but their setup-go
  steps ignored it and hardcoded the version string directly. They now reference
  ${{ env.GO_VERSION }}, so Renovate only needs to update one value per file
  and the env var actually serves its purpose.

- codeql.yml had no GO_VERSION env var at all; one is now added alongside the
  existing GOTOOLCHAIN: auto entry.

When Renovate bumps Go, it updates the env var at the top of each workflow and
the Dockerfile ARG — zero manual hunting required.
 2026-03-06 03:57:18 +00:00
GitHub Actions
abcfd62b21 fix: update Go version to 1.26.1 in CodeQL workflow for consistency and security improvements 2026-03-06 03:20:37 +00:00
GitHub Actions
b292a1b793 fix: update Go version to 1.26.1 in multiple workflow files for consistency and security improvements 2026-03-06 02:35:36 +00:00
renovate[bot]
834907cb5d chore(deps): update non-major-updates 2026-03-06 02:02:10 +00:00
renovate[bot]
132bbbd657 chore(deps): update docker/build-push-action action to v7 2026-03-06 01:07:01 +00:00
Jeremy
e1e422bfc6 Merge pull request #805 from Wikid82/renovate/feature/beta-release-docker-metadata-action-6.x 
chore(deps): update docker/metadata-action action to v6 (feature/beta-release)
 2026-03-05 20:02:26 -05:00
renovate[bot]
396d01595e chore(deps): update docker/metadata-action action to v6 2026-03-05 21:12:58 +00:00
renovate[bot]
6a13e648ea fix(deps): update non-major-updates 2026-03-05 21:12:51 +00:00
Jeremy
99b8ed875e Merge pull request #803 from Wikid82/renovate/feature/beta-release-docker-setup-buildx-action-4.x 
chore(deps): update docker/setup-buildx-action action to v4 (feature/beta-release)
 2026-03-05 09:41:29 -05:00
renovate[bot]
5aade0456e chore(deps): update docker/setup-buildx-action action to v4 2026-03-05 14:39:50 +00:00
renovate[bot]
479f56f3e8 chore(deps): update github/codeql-action digest to 0c0c5dc 2026-03-05 14:39:43 +00:00
GitHub Actions
8c7a55eaa2 fix: pin Trivy binary version to v0.69.3 in all CI workflows 2026-03-05 13:04:33 +00:00
renovate[bot]
c01c6c6225 chore(deps): update github/codeql-action digest to b6dfacb 2026-03-04 18:33:32 +00:00
renovate[bot]
d1362a7fba chore(deps): update docker/login-action action to v4 2026-03-04 13:35:15 +00:00
Jeremy
cf52a943b5 Merge pull request #797 from Wikid82/renovate/feature/beta-release-docker-setup-qemu-action-4.x 
chore(deps): update docker/setup-qemu-action action to v4 (feature/beta-release)
 2026-03-04 07:18:01 -05:00
renovate[bot]
348c5e5405 chore(deps): update docker/setup-qemu-action action to v4 2026-03-04 12:16:35 +00:00
renovate[bot]
25dbe82360 fix(deps): update non-major-updates 2026-03-04 12:16:29 +00:00
GitHub Actions
a3d1ae3742 fix: update checkout ref to use full GitHub ref path for accurate branch handling 2026-03-03 04:31:42 +00:00
GitHub Actions
6f408f62ba fix: prevent stale-SHA checkout in scheduled CodeQL security scan 
The scheduled CodeQL analysis explicitly passed ref: github.sha, which
is frozen when a cron job is queued, not when it runs. Under load or
during a long queue, the analysis could scan code that is days old,
missing vulnerabilities introduced since the last scheduling window.

Replace with ref: github.ref_name so all trigger types — scheduled,
push, and pull_request — consistently scan the current HEAD of the
branch being processed.
 2026-03-03 04:24:47 +00:00