Commit Graph

52 Commits

Author SHA1 Message Date
GitHub Actions
5bbae48b6b chore(docker): wire all workflows to single-source version ARGs
The Dockerfile already centralizes all version pins into top-level ARGs
(GO_VERSION, ALPINE_IMAGE, CROWDSEC_VERSION, EXPR_LANG_VERSION, XNET_VERSION).
This change closes the remaining gaps so those ARGs are the single source of
truth end-to-end:

- nightly-build.yml now resolves the Alpine image digest at build time and
  passes ALPINE_IMAGE as a build-arg, matching the docker-build.yml pattern.
  Previously, nightly images were built with the Dockerfile ARG default and
  without a pinned digest, making runtime Alpine differ from docker-build.yml.

- six CI workflows (quality-checks, codecov-upload, benchmark, e2e-tests-split,
  release-goreleaser, codeql) declared a GO_VERSION env var but their setup-go
  steps ignored it and hardcoded the version string directly. They now reference
  ${{ env.GO_VERSION }}, so Renovate only needs to update one value per file
  and the env var actually serves its purpose.

- codeql.yml had no GO_VERSION env var at all; one is now added alongside the
  existing GOTOOLCHAIN: auto entry.

When Renovate bumps Go, it updates the env var at the top of each workflow and
the Dockerfile ARG — zero manual hunting required.
2026-03-06 03:57:18 +00:00
GitHub Actions
b292a1b793 fix: update Go version to 1.26.1 in multiple workflow files for consistency and security improvements 2026-03-06 02:35:36 +00:00
renovate[bot]
834907cb5d chore(deps): update non-major-updates 2026-03-06 02:02:10 +00:00
GitHub Actions
27c252600a chore: git cache cleanup 2026-03-04 18:34:49 +00:00
GitHub Actions
c32cce2a88 chore: git cache cleanup 2026-03-04 18:34:39 +00:00
renovate[bot]
25dbe82360 fix(deps): update non-major-updates 2026-03-04 12:16:29 +00:00
renovate[bot]
5a626715d6 chore(deps): update actions/setup-go digest to 4b73464 2026-02-26 04:46:40 +00:00
GitHub Actions
1315d7a3ef chore: Add cache dependency path for Go setup in workflows 2026-02-23 14:41:55 +00:00
GitHub Actions
45458df1bf chore: Add Caddy compatibility gate workflow and related scripts; enhance SMTP settings tests 2026-02-23 13:38:02 +00:00
renovate[bot]
cddec19862 chore(deps): update goreleaser/goreleaser-action action to v7 2026-02-21 17:46:14 +00:00
GitHub Actions
9b2d8e5455 chore: update Go version to 1.26.0 across documentation and workflows 2026-02-10 22:21:33 +00:00
GitHub Actions
3169b05156 fix: skip incomplete system log viewer tests
- Marked 12 tests as skip pending feature implementation
- Features tracked in GitHub issue #686 (system log viewer feature completion)
- Tests cover sorting by timestamp/level/method/URI/status, pagination controls, filtering by text/level, download functionality
- Unblocks Phase 2 at 91.7% pass rate to proceed to Phase 3 security enforcement validation
- TODO comments in code reference GitHub #686 for feature completion tracking
- Tests skipped: Pagination (3), Search/Filter (2), Download (2), Sorting (1), Log Display (4)
2026-02-09 21:55:55 +00:00
GitHub Actions
74a51ee151 chore: clean git cache 2026-02-09 21:42:54 +00:00
GitHub Actions
ee48c2e716 fix: use double quotes for environment variable assignments in workflows
- Updated environment variable assignments in multiple workflow files to use double quotes for consistency and to prevent potential issues with variable expansion.
- Refactored echo commands to group multiple lines into a single block for improved readability in the following workflows:
  - release-goreleaser.yml
  - renovate_prune.yml
  - security-pr.yml
  - security-weekly-rebuild.yml
  - supply-chain-pr.yml
  - supply-chain-verify.yml
  - update-geolite2.yml
  - waf-integration.yml
  - weekly-nightly-promotion.yml
2026-02-08 10:18:40 +00:00
GitHub Actions
8dcfabc23a chore: update Go to 1.25.7 and pin workflow versions for Renovate
- Updated GO_VERSION to 1.25.7 across all GitHub Actions workflows to fix immediate build failures
- Added custom regex manager to `.github/renovate.json` to explicitly track `GO_VERSION` in YAML files
- Ensures Renovate detects and automerges Go updates for workflows alongside the main project
2026-02-06 03:32:22 +00:00
renovate[bot]
6d746385c3 chore(deps): update actions/checkout digest to de0fac2 2026-02-03 17:20:33 +00:00
GitHub Actions
f64e3feef8 chore: clean .gitignore cache 2026-01-26 19:22:05 +00:00
GitHub Actions
e5f0fec5db chore: clean .gitignore cache 2026-01-26 19:21:33 +00:00
GitHub Actions
bbdeedda5d fix: update Go installation scripts to version 1.25.6 and remove obsolete 1.25.5 script 2026-01-26 07:42:42 +00:00
GitHub Actions
0ddb3aabb6 fix: update Go version from 1.25.5 to 1.25.6 in workflow files 2026-01-16 03:43:13 +00:00
GitHub Actions
21d6b71d8f fix(ci): remove environment configuration from goreleaser job 2026-01-15 19:49:20 +00:00
renovate[bot]
7a55cb0be9 fix(deps): update weekly-non-major-updates 2026-01-15 16:34:35 +00:00
GitHub Actions
3590553519 chore(ci): comprehensive CI/CD audit fixes per best practices
Implements all 13 fixes identified in the CI/CD audit against
github-actions-ci-cd-best-practices.instructions.md

Critical fixes:

Remove hardcoded encryption key from playwright.yml (security)
Fix artifact filename mismatch in supply-chain-pr.yml (bug)
Pin GoReleaser to ~> v2.5 instead of latest (supply chain)
High priority fixes:

Upgrade CodeQL action from v3 to v4 in supply-chain-pr.yml
Add environment protection for release workflow
Fix shell variable escaping ($$ → $) in release-goreleaser.yml
Medium priority fixes:

Add timeout-minutes to playwright.yml (20 min)
Add explicit permissions to quality-checks.yml
Add timeout-minutes to codecov-upload.yml jobs (15 min)
Fix benchmark.yml permissions (workflow-level read, job-level write)
Low priority fixes:

Add timeout-minutes to docs.yml jobs (10/5 min)
Add permissions block to docker-lint.yml
Add timeout-minutes to renovate.yml (30 min)
2026-01-15 15:25:58 +00:00
renovate[bot]
8ec2c73048 chore(deps): update actions/setup-go digest to 7a3fe6c 2026-01-13 08:59:25 +00:00
GitHub Actions
5674280c65 fix: Refactor token references in workflows and documentation
- Updated references from `CPMP_TOKEN` to `CHARON_TOKEN` in beta release draft PR body, beta release PR body, and GitHub setup documentation.
- Enhanced clarity in documentation regarding the use of `GITHUB_TOKEN` and fallback options.
- Removed outdated sections from the archived plan for the Docs-to-Issues workflow fix, streamlining the document.
- Initiated integration of Staticcheck into pre-commit hooks to improve code quality, including updates to Makefile, VS Code tasks, and documentation.
2026-01-11 04:27:26 +00:00
GitHub Actions
af8384046c chore: implement instruction compliance remediation
- Replace Go interface{} with any (Go 1.18+ standard)
- Add database indexes to frequently queried model fields
- Add JSDoc documentation to frontend API client methods
- Remove deprecated docker-compose version keys
- Add concurrency groups to all 25 GitHub Actions workflows
- Add YAML front matter and fix H1→H2 headings in docs

Coverage: Backend 85.5%, Frontend 87.73%
Security: No vulnerabilities detected

Refs: docs/plans/instruction_compliance_spec.md
2025-12-21 04:08:42 +00:00
renovate[bot]
df59d98289 chore(deps): update dependency node to v24 2025-12-14 07:31:33 +00:00
Jeremy
33fa5e7f94 Merge branch 'development' into renovate/node-20.x 2025-12-14 02:03:17 -05:00
renovate[bot]
7c4b0002b5 chore(deps): update dependency node to v20.19.6 2025-12-14 06:43:40 +00:00
renovate[bot]
0600f9da2a chore(deps): update dependency go to v1.25.5 2025-12-14 06:43:33 +00:00
GitHub Actions
7ab2ce2617 fix: update workflows to use GITHUB_TOKEN instead of CHARON_TOKEN for improved compatibility 2025-12-14 00:11:06 +00:00
GitHub Actions
34dc485387 fix: add GITHUB_TOKEN to GoReleaser and fix Go/Node versions 2025-12-14 00:09:37 +00:00
renovate[bot]
956d0d44c3 chore(deps): update dependency node to v24.12.0 2025-12-11 18:28:00 +00:00
Jeremy
7e36774286 Merge branch 'development' into renovate/actions-setup-node-digest 2025-12-03 09:18:21 -05:00
Jeremy
e1f0178040 Merge branch 'development' into renovate/go-1.x 2025-12-03 09:16:20 -05:00
Jeremy
49cc31339b Merge branch 'development' into renovate/actions-checkout-digest 2025-12-03 09:15:19 -05:00
Jeremy
38f4ae5748 Merge branch 'development' into main 2025-12-03 09:14:30 -05:00
GitHub Actions
a776bf6995 fix: correct YAML mappings for workflow secrets and tokens 2025-12-03 05:34:56 +00:00
renovate[bot]
89e39ff624 chore(deps): update actions/setup-node digest to 395ad32 2025-12-03 05:09:19 +00:00
renovate[bot]
4235573d80 chore(deps): update dependency go to v1.25.5 2025-12-03 03:25:40 +00:00
renovate[bot]
5a239f473f chore(deps): update actions/checkout digest to 8e8c483 2025-12-02 18:38:15 +00:00
Jeremy
9980fe4776 Merge pull request #282 from Wikid82/renovate/goreleaser-goreleaser-action-6.x
chore(deps): update goreleaser/goreleaser-action action to v6
2025-12-01 09:39:57 -05:00
renovate[bot]
b32035650a chore(deps): update actions/setup-node action to v6 2025-12-01 14:38:55 +00:00
Jeremy
ed0dc1bd97 Merge branch 'development' into renovate/actions-setup-node-5.x 2025-12-01 09:38:07 -05:00
renovate[bot]
40fac9d12e chore(deps): update actions/setup-go action to v6 2025-12-01 14:37:33 +00:00
renovate[bot]
45d62d61f1 chore(deps): update actions/setup-node action to v5 2025-12-01 13:06:28 +00:00
renovate[bot]
b3358782ad chore(deps): update goreleaser/goreleaser-action action to v6 2025-12-01 13:04:45 +00:00
renovate[bot]
d03736538f chore(deps): update actions/checkout action to v6 2025-12-01 13:04:22 +00:00
renovate[bot]
d63143a658 chore(deps): pin dependencies 2025-12-01 10:47:30 +00:00
CI
ce8a51e6c7 fix(workflows): replace invalid semantic-version action with fallback script 2025-11-29 02:49:21 +00:00