akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
3,698 Commits 11 Branches 107 Tags
a8ef9dd6cee10b9eacbd52fba5c4e17634d410fd
Commit Graph

107 Commits

Author SHA1 Message Date
renovate[bot] b45861090d fix(deps): update non-major-updates 2026-04-04 00:58:06 +00:00
GitHub Actions 2b8ed06c3c fix: remediate axios supply chain compromise and harden CI workflow permissions 2026-04-04 00:05:27 +00:00
renovate[bot] 543388b5a4 fix(deps): update non-major-updates 2026-03-31 01:08:59 +00:00
renovate[bot] fa42e79af3 fix(deps): update non-major-updates 2026-03-21 00:12:20 +00:00
renovate[bot] 3b247cdd73 fix(deps): update non-major-updates 2026-03-20 18:09:46 +00:00
renovate[bot] ec25165e54 fix(deps): update non-major-updates 2026-03-19 18:02:03 +00:00
renovate[bot] 81f1dce887 fix(deps): update non-major-updates 2026-03-16 11:06:23 +00:00
renovate[bot] 3186676f94 chore(deps): update non-major-updates 2026-03-11 16:26:55 +00:00
renovate[bot] 13c5f8356c chore(deps): update non-major-updates 2026-03-10 13:21:37 +00:00
renovate[bot] e2ebdb37f0 fix(deps): update non-major-updates 2026-03-09 18:49:35 +00:00
GitHub Actions 9cc7393e7b fix: update digest references in nightly build workflow to use output from resolve_digest step 2026-03-09 00:28:55 +00:00
GitHub Actions 187c3aea68 fix: remove unused tags output from build-and-push-nightly job 2026-03-09 00:06:00 +00:00
GitHub Actions e68035fe30 fix: add Trivy ignore for CVE-2026-22184 and update expiry date for CVE-2026-22184 in Grype configuration 2026-03-07 13:56:01 +00:00
GitHub Actions 80ecb7de7f fix: enhance vulnerability reporting in nightly build with detailed triage information 2026-03-07 13:38:16 +00:00
GitHub Actions 75cd0a4d9c fix: update nightly branch checkout reference to support manual triggers 2026-03-07 12:58:40 +00:00
GitHub Actions 2824a731f5 fix: improve Alpine image digest resolution in nightly build workflow 2026-03-07 12:40:00 +00:00
GitHub Actions 2dbb00036d fix: resolve image digest from GHCR API for nightly builds 2026-03-07 12:25:57 +00:00
GitHub Actions 0ad0c2f2c4 fix: improve error handling for empty build digest in Syft SBOM scan 2026-03-07 12:18:20 +00:00
GitHub Actions 104f0eb6ee fix: add error handling for empty build digest in Syft SBOM scan 2026-03-07 12:04:15 +00:00
renovate[bot] 4cee4f01f3 chore(deps): update aquasecurity/trivy-action action to v0.35.0 2026-03-07 04:29:40 +00:00
GitHub Actions 5bbae48b6b chore(docker): wire all workflows to single-source version ARGs 
The Dockerfile already centralizes all version pins into top-level ARGs
(GO_VERSION, ALPINE_IMAGE, CROWDSEC_VERSION, EXPR_LANG_VERSION, XNET_VERSION).
This change closes the remaining gaps so those ARGs are the single source of
truth end-to-end:

- nightly-build.yml now resolves the Alpine image digest at build time and
  passes ALPINE_IMAGE as a build-arg, matching the docker-build.yml pattern.
  Previously, nightly images were built with the Dockerfile ARG default and
  without a pinned digest, making runtime Alpine differ from docker-build.yml.

- six CI workflows (quality-checks, codecov-upload, benchmark, e2e-tests-split,
  release-goreleaser, codeql) declared a GO_VERSION env var but their setup-go
  steps ignored it and hardcoded the version string directly. They now reference
  ${{ env.GO_VERSION }}, so Renovate only needs to update one value per file
  and the env var actually serves its purpose.

- codeql.yml had no GO_VERSION env var at all; one is now added alongside the
  existing GOTOOLCHAIN: auto entry.

When Renovate bumps Go, it updates the env var at the top of each workflow and
the Dockerfile ARG — zero manual hunting required.
 2026-03-06 03:57:18 +00:00
renovate[bot] 834907cb5d chore(deps): update non-major-updates 2026-03-06 02:02:10 +00:00
renovate[bot] 132bbbd657 chore(deps): update docker/build-push-action action to v7 2026-03-06 01:07:01 +00:00
Jeremy e1e422bfc6 Merge pull request #805 from Wikid82/renovate/feature/beta-release-docker-metadata-action-6.x 
chore(deps): update docker/metadata-action action to v6 (feature/beta-release)
 2026-03-05 20:02:26 -05:00
renovate[bot] 396d01595e chore(deps): update docker/metadata-action action to v6 2026-03-05 21:12:58 +00:00
renovate[bot] 6a13e648ea fix(deps): update non-major-updates 2026-03-05 21:12:51 +00:00
renovate[bot] 5aade0456e chore(deps): update docker/setup-buildx-action action to v4 2026-03-05 14:39:50 +00:00
GitHub Actions 8c7a55eaa2 fix: pin Trivy binary version to v0.69.3 in all CI workflows 2026-03-05 13:04:33 +00:00
GitHub Actions 27c252600a chore: git cache cleanup 2026-03-04 18:34:49 +00:00
GitHub Actions c32cce2a88 chore: git cache cleanup 2026-03-04 18:34:39 +00:00
renovate[bot] d1362a7fba chore(deps): update docker/login-action action to v4 2026-03-04 13:35:15 +00:00
renovate[bot] 348c5e5405 chore(deps): update docker/setup-qemu-action action to v4 2026-03-04 12:16:35 +00:00
renovate[bot] 5ee52dd4d6 chore(deps): update aquasecurity/trivy-action action to v0.34.2 2026-03-02 19:02:20 +00:00
renovate[bot] 3b92700b5b fix(deps): update non-major-updates 2026-03-02 14:58:14 +00:00
GitHub Actions 5b3e005f2b fix: enhance nightly build workflow with SBOM generation and fallback mechanism 2026-02-27 10:16:09 +00:00
renovate[bot] afb2901618 chore(deps): update github artifact actions to v7 2026-02-27 10:04:19 +00:00
renovate[bot] fc508d01d7 chore(deps): update github artifact actions to v8 2026-02-27 01:50:32 +00:00
renovate[bot] ccdc719501 fix(deps): update non-major-updates 2026-02-26 03:31:33 +00:00
GitHub Actions cb16ac05a2 fix: implement security severity policy and enhance CodeQL checks for blocking findings 2026-02-25 15:05:41 +00:00
renovate[bot] 783956cb78 fix(deps): update non-major-updates 2026-02-21 16:43:51 +00:00
renovate[bot] c48ced8c03 fix(deps): update non-major-updates 2026-02-20 19:26:28 +00:00
GitHub Actions 0a8106aed4 chore: update nightly build workflow to use CHARON_CI_TRIGGER_TOKEN and remove quality-checks workflow dispatch trigger 2026-02-18 04:12:31 +00:00
GitHub Actions a5c4a3e36c chore: add quality-checks workflow to nightly build process 2026-02-18 02:53:41 +00:00
GitHub Actions bb79550c33 chore: rename supply chain workflow files for consistency and clarity 2026-02-18 02:11:24 +00:00
renovate[bot] abd9dc2f70 chore(deps): update github/codeql-action digest to 9e907b5 2026-02-18 01:51:24 +00:00
GitHub Actions a421a348ca chore: remove quality-checks workflow from nightly build and weekly promotion jobs 2026-02-18 00:55:53 +00:00
GitHub Actions 97dab1ccf4 --- 
fix: enforce fresh nightly promotion quality gates

Ensure promotion decisions are based on current nightly HEAD evidence instead of stale workflow history.
Add native CodeQL branch triggers so security analysis runs on nightly/main promotion paths.
Convert nightly and weekly automation to dispatch required checks only when missing for the exact HEAD commit, preventing duplicate/racing runs while guaranteeing check presence.
Harden weekly health verification with retry polling so transient scheduling delays do not produce false negatives.
This reduces false blocking and ensures nightly-to-main promotion uses current, deterministic CI state.
Refs: #712
 2026-02-18 00:51:15 +00:00
renovate[bot] 9f88f5e89f fix(deps): update weekly-non-major-updates 2026-02-13 18:18:27 +00:00
renovate[bot] 5d19da4966 fix(deps): update weekly-non-major-updates 2026-02-12 21:33:12 +00:00
renovate[bot] b02fb15ce9 fix(deps): update weekly-non-major-updates 2026-02-11 19:49:42 +00:00