- Remove `if: always()` from integration-gate, coverage-gate, codecov-gate, pipeline-gate
- Gates now naturally skip when their upstream dependencies are skipped (fork PR behavior)
- Prevents confusing "complete" status when nothing actually ran
- Fork PRs will show "skipped" in UI instead of obscuring behavior behind gate success
- Aligns with GitHub Actions standard job dependency semantics
- Fixed github.head_ref actionlint error by passing via environment variable
instead of direct shell interpolation in ci-pipeline.yml
- Aligned E2E coverage artifact handling to shard artifacts and updated
Codecov upload to use glob pattern for multi-shard merge
- Added workflow_run trigger to security-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- Added workflow_run trigger to supply-chain-pr.yml for docker-build integration
while retaining workflow_dispatch for manual runs
- All individual workflows now support both automatic (workflow_run) and manual
(workflow_dispatch) triggering, maintaining design intent
- Audited remaining workflows; no additional blockers found
- All actionlint and pre-commit validations now passing
- Full pipeline trigger chain now functional
- Updated environment variable assignments in multiple workflow files to use double quotes for consistency and to prevent potential issues with variable expansion.
- Refactored echo commands to group multiple lines into a single block for improved readability in the following workflows:
- release-goreleaser.yml
- renovate_prune.yml
- security-pr.yml
- security-weekly-rebuild.yml
- supply-chain-pr.yml
- supply-chain-verify.yml
- update-geolite2.yml
- waf-integration.yml
- weekly-nightly-promotion.yml
- Updated error variable names for clarity in DNS provider, import, logs, manual challenge, security, user, and other handlers.
- Improved error handling in services such as backup, credential, docker, mail, notification, security headers, and uptime services.
- Enhanced readability by using more descriptive variable names for errors in multiple locations across the codebase.
- Ensured consistent error handling practices throughout the application.
The golangci-lint v2.8.0 schema validation rejected all properties
in the issues section:
- exclude-use-default
- exclude-dirs
- exclude-files
- exclude
- max-issues-per-linter
- max-same-issues
Solution: Removed the entire issues section from both config files.
Linter behavior is now controlled exclusively through linters.settings,
which is properly configured for govet, errcheck, gosec, gocritic, etc.
Changes to backend/.golangci-fast.yml and backend/.golangci.yml:
- Removed issues section entirely (v2.x schema incompatible)
- Retained all linter-specific settings under linters.settings
- Linters will run with their configured settings and default behaviors
This resolves the jsonschema validation error:
"additional properties ... not allowed"
Fixes: #666 (golangci-lint v2.x schema validation)
The golangci-lint v2.x series requires a different configuration schema:
1. `linters-settings` must be nested under `linters.settings`
2. `issues.exclude-generated-strict` is not supported
3. `issues.exclude-rules` complex syntax replaced with simpler `exclude` patterns
Changes to both backend/.golangci-fast.yml and backend/.golangci.yml:
- Restructured linter settings under `linters.settings`
- Converted exclude-rules to simple exclude patterns
- Added proper v2.x directives (exclude-use-default, max-issues-per-linter)
- Maintained all security checks and error handling exclusions
This resolves the "invalid configuration keys" error when running
golangci-lint v2.8.0 with golangci-lint-action v9.2.0.
Fixes: #666 (golangci-lint configuration schema validation)
The golangci-lint-action v9.2.0 dropped support for golangci-lint v1.x
and requires v2.x versions. The error "golangci-lint v1 is not supported
by golangci-lint-action >= v7" indicates we need to upgrade, not downgrade.
Updated both ci-pipeline.yml and quality-checks.yml from v1.64.5 to v2.8.0
to align with the current golangci-lint major version.
Fixes: #666 (golangci-lint version compatibility error)
Previously, Phase 1 optimization restricted feature branch pushes to
linux/amd64 only for faster builds. This unintentionally prevented
arm64 images from being published to Docker Hub.
Changes:
- Feature branches now build for both linux/amd64 and linux/arm64
- PRs remain single-platform (amd64) for fast feedback
- Only PRs create artifacts (multi-platform manifests can't be loaded locally)
- Updated comments to reflect new platform behavior
Result: feature/beta-release will now publish both amd64 and arm64
images to Docker Hub on every push.
Closes: User report - arm64 missing from Docker Hub
The golangci-lint-action v9.2.0 requires version strings in "vX.Y.Z" format.
Previous attempt to remove the "v" prefix caused validation error:
"invalid version string '1.64.5', expected format v1.2 or v1.2.3"
Updated both ci-pipeline.yml and quality-checks.yml to use "v1.64.5"
instead of "1.64.5" to match the action's expected format.
Fixes: #666 (PR CI validation failure)
- CI now focuses only on Dockerfile validation and security scanning
- Go code linting is handled locally via pre-commit hooks and DoD checklist
- Prevents CI failures from missing golangci-lint configuration
- Aligns CI responsibilities with local development workflow
- Make lint steps fail the pipeline so issues block merges
- Skip Node cache setup when the frontend lockfile is missing
- Cancel older CI runs for the same ref to reduce queue delays
- Updated quality-checks.yml to support manual dispatch with frontend checks.
- Modified rate-limit-integration.yml to remove workflow_run triggers and adjust conditions for execution.
- Removed pull request triggers from repo-health.yml, retaining only scheduled and manual dispatch.
- Adjusted security-pr.yml and supply-chain-pr.yml to eliminate workflow_run dependencies and refine execution conditions.
- Cleaned up supply-chain-verify.yml by removing workflow_run triggers and ensuring proper execution conditions.
- Updated waf-integration.yml to remove workflow_run triggers, allowing manual dispatch only.
- Revised current_spec.md to reflect the consolidation of CI workflows into a single pipeline, detailing objectives, research findings, and implementation plans.
GitHub Actions
Jeremy
renovate[bot]