akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity
3,505 Commits 11 Branches 107 Tags
cfb28055cf7a183dbd52ced349e55ff6cd875676
Commit Graph

938 Commits

Author SHA1 Message Date
GitHub Actions 721b533e15 fix(docker-build): enhance feature branch tag generation with improved sanitization 2026-02-04 05:17:19 +00:00
GitHub Actions 1a8df0c732 refactor(docker-build): simplify feature branch tag generation in workflow 2026-02-04 05:00:46 +00:00
GitHub Actions 4a2c3b4631 refactor(docker-build): improve Docker build command handling with array arguments for tags and labels 2026-02-04 04:55:58 +00:00
GitHub Actions ac39eb6866 refactor(docker-build): optimize Docker build command handling and improve readability 2026-02-04 04:50:48 +00:00
GitHub Actions 6b15aaad08 fix(workflow): enhance Docker build process for PRs and feature branches 2026-02-04 04:46:41 +00:00
GitHub Actions 928033ec37 chore(ci): implement "build once, test many" architecture 
Restructures CI/CD pipeline to eliminate redundant Docker image builds
across parallel test workflows. Previously, every PR triggered 5 separate
builds of identical images, consuming compute resources unnecessarily and
contributing to registry storage bloat.

Registry storage was growing at 20GB/week due to unmanaged transient tags
from multiple parallel builds. While automated cleanup exists, preventing
the creation of redundant images is more efficient than cleaning them up.

Changes CI/CD orchestration so docker-build.yml is the single source of
truth for all Docker images. Integration tests (CrowdSec, Cerberus, WAF,
Rate Limiting) and E2E tests now wait for the build to complete via
workflow_run triggers, then pull the pre-built image from GHCR.

PR and feature branch images receive immutable tags that include commit
SHA (pr-123-abc1234, feature-dns-provider-def5678) to prevent race
conditions when branches are updated during test execution. Tag
sanitization handles special characters, slashes, and name length limits
to ensure Docker compatibility.

Adds retry logic for registry operations to handle transient GHCR
failures, with dual-source fallback to artifact downloads when registry
pulls fail. Preserves all existing functionality and backward
compatibility while reducing parallel build count from 5× to 1×.

Security scanning now covers all PR images (previously skipped),
blocking merges on CRITICAL/HIGH vulnerabilities. Concurrency groups
prevent stale test runs from consuming resources when PRs are updated
mid-execution.

Expected impact: 80% reduction in compute resources, 4× faster
total CI time (120min → 30min), prevention of uncontrolled registry
storage growth, and 100% consistency guarantee (all tests validate
the exact same image that would be deployed).

Closes #[issue-number-if-exists]
 2026-02-04 04:42:42 +00:00
GitHub Actions daef23118a test(crowdsec): add LAPI connectivity tests and enhance integration test reporting 2026-02-04 01:56:56 +00:00
Jeremy da6682000e Merge branch 'feature/beta-release' into renovate/feature/beta-release-weekly-non-major-updates 2026-02-03 14:55:10 -05:00
GitHub Actions b6a189c927 fix(security): add CrowdSec diagnostics script and E2E tests for console enrollment and diagnostics 
- Implemented `diagnose-crowdsec.sh` script for checking CrowdSec connectivity and configuration.
- Added E2E tests for CrowdSec console enrollment, including API checks for enrollment status, diagnostics connectivity, and configuration validation.
- Created E2E tests for CrowdSec diagnostics, covering configuration file validation, connectivity checks, and configuration export.
 2026-02-03 18:26:32 +00:00
renovate[bot] 6d746385c3 chore(deps): update actions/checkout digest to de0fac2 2026-02-03 17:20:33 +00:00
renovate[bot] df80c49070 chore(deps): update github/codeql-action digest to 6bc82e0 2026-02-03 07:15:37 +00:00
GitHub Actions 4178910eac refactor: streamline supply chain workflows by removing Syft and Grype installations and utilizing official Anchore actions for SBOM generation and vulnerability scanning 2026-02-03 07:09:54 +00:00
GitHub Actions de66689b79 fix: update SYFT and GRYPE versions to include SHA256 digests for improved security 2026-02-03 06:40:50 +00:00
GitHub Actions 07e8261ecb chore(e2e): update concurrency settings to prevent cancellation of in-progress E2E tests 2026-02-03 04:18:37 +00:00
GitHub Actions 3ecc4015a6 refactor(workflows): simplify E2E Tests workflow name by removing 'Split Browsers' suffix 2026-02-03 00:56:00 +00:00
GitHub Actions 19e74f2122 refactor(workflows): standardize workflow names by removing 'Tests' suffix 2026-02-03 00:51:06 +00:00
GitHub Actions d6cbc407fd fix(e2e): update Docker build-push-action version in E2E tests workflow 2026-02-03 00:06:01 +00:00
GitHub Actions 641588367b chore(diagnostics): Add comprehensive diagnostic tools for E2E testing 
- Create phase1_diagnostics.md to document findings from test interruptions
- Introduce phase1_validation_checklist.md for pre-deployment validation
- Implement diagnostic-helpers.ts for enhanced logging and state capture
- Enable browser console logging, error tracking, and dialog lifecycle monitoring
- Establish performance monitoring for test execution times
- Document actionable recommendations for Phase 2 remediation
 2026-02-03 00:02:45 +00:00
renovate[bot] a8b24eb8f9 chore(deps): update weekly-non-major-updates 2026-02-02 21:50:07 +00:00
Jeremy 5951a16984 Merge branch 'development' into renovate/development-actions-github-script-8.x 2026-02-02 16:47:26 -05:00
Jeremy eb66cda0f4 Merge branch 'development' into renovate/development-weekly-non-major-updates 2026-02-02 16:46:46 -05:00
Jeremy 2d31c86d91 Merge branch 'development' into renovate/development-pin-dependencies 2026-02-02 16:46:22 -05:00
Jeremy 9c41c1f331 Merge branch 'development' into renovate/development-peter-evans-create-pull-request-8.x 2026-02-02 16:45:12 -05:00
Jeremy 3bb7098220 Merge branch 'feature/beta-release' into renovate/feature/beta-release-weekly-non-major-updates 2026-02-02 16:44:12 -05:00
GitHub Actions 3414576f60 fix(e2e): implement performance tracking for shard execution and API call metrics 2026-02-02 21:32:27 +00:00
renovate[bot] dd28a0d819 chore(deps): update actions/github-script action to v8 2026-02-02 21:25:41 +00:00
renovate[bot] ffcfb40919 chore(deps): update weekly-non-major-updates 2026-02-02 21:25:36 +00:00
renovate[bot] e2562d27df chore(deps): pin dependencies 2026-02-02 21:25:31 +00:00
renovate[bot] 8908a37dbf chore(deps): update peter-evans/create-pull-request action to v8 2026-02-02 21:23:55 +00:00
renovate[bot] 38453169c5 chore(deps): update actions/checkout action to v6 2026-02-02 21:23:51 +00:00
renovate[bot] 22c2e10f64 chore(deps): update weekly-non-major-updates 2026-02-02 21:23:46 +00:00
Jeremy 44d425d51d Merge branch 'feature/beta-release' into renovate/feature/beta-release-peter-evans-create-pull-request-8.x 2026-02-02 09:55:06 -05:00
renovate[bot] 280e7b9c19 chore(deps): pin peter-evans/create-pull-request action to c5a7806 2026-02-02 14:53:28 +00:00
Jeremy a92e49604f Merge branch 'feature/beta-release' into renovate/feature/beta-release-peter-evans-create-pull-request-8.x 2026-02-02 09:48:59 -05:00
Jeremy 15d27b0c37 Merge branch 'feature/beta-release' into renovate/feature/beta-release-actions-github-script-8.x 2026-02-02 09:48:35 -05:00
renovate[bot] 3785e83323 chore(deps): update peter-evans/create-pull-request action to v8 2026-02-02 14:46:39 +00:00
renovate[bot] dccf75545a chore(deps): update actions/github-script action to v8 2026-02-02 14:46:34 +00:00
renovate[bot] 530450440e chore(deps): update actions/checkout action to v6 2026-02-02 14:46:29 +00:00
Jeremy d0cc6c08cf Merge branch 'feature/beta-release' into development 2026-02-02 09:41:47 -05:00
Jeremy 28ce642f94 Merge branch 'development' into main 2026-02-02 09:37:27 -05:00
GitHub Actions 09dc2fc182 fix(ci): use valid BuildKit --check flag for Dockerfile syntax validation 
Replaced non-existent `docker build --dry-run` with BuildKit's
`--check` flag which validates Dockerfile syntax without building.

Fixes #601
 2026-02-02 14:18:08 +00:00
GitHub Actions 34f99535e8 fix(ci): add GeoLite2 checksum update workflow with error handling 2026-02-02 14:12:57 +00:00
GitHub Actions a167ca9756 fix(ci): add workflow to update GeoLite2-Country.mmdb checksum automatically 2026-02-02 14:11:13 +00:00
renovate[bot] 4dd95f1b6b fix(deps): update weekly-non-major-updates 2026-02-02 14:03:20 +00:00
GitHub Actions b27fb306f7 fix(ci): force push nightly branch to handle divergence from development 2026-02-02 13:47:36 +00:00
GitHub Actions f3ed1614c2 fix(ci): improve nightly build sync process by fetching both branches and preventing non-fast-forward errors 2026-02-02 13:45:21 +00:00
GitHub Actions 3261f5d7a1 fix(ci): normalize branch name for Docker tag in security PR workflow 2026-02-02 13:42:49 +00:00
GitHub Actions 60c3336725 COMMIT_MESSAGE_START 
fix(docker): update GeoLite2-Country.mmdb checksum + automation

Fixes critical Docker build failure caused by upstream GeoLite2 database
update without corresponding Dockerfile checksum update.

**Root Cause:**
- GeoLite2-Country.mmdb file updated upstream
- Dockerfile still referenced old SHA256 checksum
- Build aborted at checksum verification (line 352)
- Cascade "blob not found" errors for all COPY commands

**Changes:**
- Update Dockerfile ARG GEOLITE2_COUNTRY_SHA256 to current value
- Add automated weekly checksum update workflow (.github/workflows/update-geolite2.yml)
- Implement error handling: retry logic, format validation, failure notifications
- Document rollback decision matrix with 10 failure scenarios
- Create comprehensive maintenance guide (docs/maintenance/geolite2-checksum-update.md)
- Update CHANGELOG.md and README.md with maintenance references

**Verification:**
- Checksum verified against current upstream file: 436135ee...
- Pre-commit hooks: PASSED (EOF/whitespace auto-fixed)
- Trivy security scan: PASSED (no critical/high issues)
- Dockerfile syntax: VALID
- GitHub Actions YAML: VALID
- No hardcoded secrets or injection vulnerabilities

**Automation Features:**
- Weekly scheduled checks (Monday 2 AM UTC)
- Auto-PR creation when checksum changes
- GitHub issue creation on workflow failure
- Comprehensive error handling and retry logic

**Impact:**
- Unblocks all CI/CD Docker image builds
- Enables publishing to GHCR/Docker Hub
- Prevents future checksum failures via automation
- Zero application code changes (no regression risk)

**Documentation:**
- Implementation plan: docs/plans/geolite2_checksum_fix_spec.md
- QA report: docs/reports/qa_geolite2_checksum_fix.md
- Maintenance guide: docs/maintenance/geolite2-checksum-update.md

**Supervisor Recommendations Implemented:**
- #1: Checksum freshness verification before update
- #3: Rollback decision criteria (10 scenarios)
- #4: Automated workflow error handling

Resolves: https://github.com/Wikid82/Charon/actions/runs/21584236523/job/62188372617
COMMIT_MESSAGE_END
 2026-02-02 13:31:56 +00:00
renovate[bot] 8794e8948c chore(deps): update github/codeql-action digest to f52cbc8 2026-02-02 11:57:38 +00:00
renovate[bot] 085fa9cb2c chore(deps): update weekly-non-major-updates 2026-02-02 11:57:31 +00:00