Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
beda634992 | ||
|
bf0f0fad50 | ||
|
7bca378275 | ||
|
|
7106efa94a | ||
|
|
e65dfa3979 | ||
|
|
8f6ebf6107 | ||
|
|
e1925b0f5e | ||
|
|
0600f9da2a | ||
|
|
e66404c817 | ||
|
|
51cba4ec80 |
169
.github/renovate.json
vendored
169
.github/renovate.json
vendored
@@ -6,21 +6,34 @@
|
||||
":separateMultipleMajorReleases",
|
||||
"helpers:pinGitHubActionDigests"
|
||||
],
|
||||
"baseBranches": ["development"],
|
||||
"baseBranchPatterns": [
|
||||
"development"
|
||||
],
|
||||
"timezone": "UTC",
|
||||
"dependencyDashboard": true,
|
||||
"prConcurrentLimit": 10,
|
||||
"prHourlyLimit": 5,
|
||||
"labels": ["dependencies"],
|
||||
"labels": [
|
||||
"dependencies"
|
||||
],
|
||||
"rebaseWhen": "conflicted",
|
||||
"vulnerabilityAlerts": { "enabled": true },
|
||||
"schedule": ["every weekday"],
|
||||
"vulnerabilityAlerts": {
|
||||
"enabled": true
|
||||
},
|
||||
"schedule": [
|
||||
"before 4am on Monday"
|
||||
],
|
||||
"rangeStrategy": "bump",
|
||||
"automerge": true,
|
||||
"automergeType": "pr",
|
||||
"platformAutomerge": true,
|
||||
"customManagers": [
|
||||
{
|
||||
"customType": "regex",
|
||||
"description": "Track Go dependencies patched in Dockerfile for Caddy CVE fixes",
|
||||
"fileMatch": ["^Dockerfile$"],
|
||||
"managerFilePatterns": [
|
||||
"/^Dockerfile$/"
|
||||
],
|
||||
"matchStrings": [
|
||||
"#\\s*renovate:\\s*datasource=go\\s+depName=(?<depName>[^\\s]+)\\s*\\n\\s*go get (?<depName2>[^@]+)@v(?<currentValue>[^\\s|]+)"
|
||||
],
|
||||
@@ -30,77 +43,161 @@
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"description": "Caddy transitive dependency patches in Dockerfile",
|
||||
"matchManagers": ["regex"],
|
||||
"matchFileNames": ["Dockerfile"],
|
||||
"matchPackagePatterns": ["expr-lang/expr", "quic-go/quic-go", "smallstep/certificates"],
|
||||
"labels": ["dependencies", "caddy-patch", "security"],
|
||||
"description": "Automerge digest updates (action pins, Docker SHAs)",
|
||||
"matchUpdateTypes": [
|
||||
"digest",
|
||||
"pin"
|
||||
],
|
||||
"automerge": true
|
||||
},
|
||||
{
|
||||
"description": "Caddy transitive dependency patches in Dockerfile",
|
||||
"matchManagers": [
|
||||
"custom.regex"
|
||||
],
|
||||
"matchFileNames": [
|
||||
"Dockerfile"
|
||||
],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"caddy-patch",
|
||||
"security"
|
||||
],
|
||||
"automerge": true,
|
||||
"matchPackageNames": [
|
||||
"/expr-lang/expr/",
|
||||
"/quic-go/quic-go/",
|
||||
"/smallstep/certificates/"
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Automerge safe patch updates",
|
||||
"matchUpdateTypes": ["patch"],
|
||||
"matchUpdateTypes": [
|
||||
"patch"
|
||||
],
|
||||
"automerge": true
|
||||
},
|
||||
{
|
||||
"description": "Frontend npm: automerge minor for devDependencies",
|
||||
"matchManagers": ["npm"],
|
||||
"matchDepTypes": ["devDependencies"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"matchManagers": [
|
||||
"npm"
|
||||
],
|
||||
"matchDepTypes": [
|
||||
"devDependencies"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"automerge": true,
|
||||
"labels": ["dependencies", "npm"]
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"npm"
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Backend Go modules",
|
||||
"matchManagers": ["gomod"],
|
||||
"labels": ["dependencies", "go"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"automerge": false
|
||||
"matchManagers": [
|
||||
"gomod"
|
||||
],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"go"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"automerge": true
|
||||
},
|
||||
{
|
||||
"description": "GitHub Actions updates",
|
||||
"matchManagers": ["github-actions"],
|
||||
"labels": ["dependencies", "github-actions"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"matchManagers": [
|
||||
"github-actions"
|
||||
],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"github-actions"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"automerge": true
|
||||
},
|
||||
{
|
||||
"description": "actions/checkout",
|
||||
"matchManagers": ["github-actions"],
|
||||
"matchPackageNames": ["actions/checkout"],
|
||||
"matchManagers": [
|
||||
"github-actions"
|
||||
],
|
||||
"matchPackageNames": [
|
||||
"actions/checkout"
|
||||
],
|
||||
"automerge": false,
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"labels": ["dependencies", "github-actions", "manual-review"]
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"github-actions",
|
||||
"manual-review"
|
||||
]
|
||||
},
|
||||
{
|
||||
"description": "Do not auto-upgrade other github-actions majors without review",
|
||||
"matchManagers": ["github-actions"],
|
||||
"matchUpdateTypes": ["major"],
|
||||
"matchManagers": [
|
||||
"github-actions"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"major"
|
||||
],
|
||||
"automerge": false,
|
||||
"labels": ["dependencies", "github-actions", "manual-review"],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"github-actions",
|
||||
"manual-review"
|
||||
],
|
||||
"prPriority": 0
|
||||
},
|
||||
{
|
||||
"description": "Docker: keep Caddy within v2 (no automatic jump to v3)",
|
||||
"matchManagers": ["dockerfile"],
|
||||
"matchPackageNames": ["caddy"],
|
||||
"matchManagers": [
|
||||
"dockerfile"
|
||||
],
|
||||
"matchPackageNames": [
|
||||
"caddy"
|
||||
],
|
||||
"allowedVersions": "<3.0.0",
|
||||
"labels": ["dependencies", "docker"],
|
||||
"labels": [
|
||||
"dependencies",
|
||||
"docker"
|
||||
],
|
||||
"automerge": true,
|
||||
"extractVersion": "^(?<version>\\d+\\.\\d+\\.\\d+)",
|
||||
"versioning": "semver"
|
||||
},
|
||||
{
|
||||
"description": "Group non-breaking npm minor/patch",
|
||||
"matchManagers": ["npm"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"matchManagers": [
|
||||
"npm"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"groupName": "npm minor/patch",
|
||||
"prPriority": -1
|
||||
},
|
||||
{
|
||||
"description": "Group docker base minor/patch",
|
||||
"matchManagers": ["dockerfile"],
|
||||
"matchUpdateTypes": ["minor", "patch"],
|
||||
"matchManagers": [
|
||||
"dockerfile"
|
||||
],
|
||||
"matchUpdateTypes": [
|
||||
"minor",
|
||||
"patch"
|
||||
],
|
||||
"groupName": "docker base updates",
|
||||
"prPriority": -1
|
||||
}
|
||||
|
||||
2
.github/workflows/release-goreleaser.yml
vendored
2
.github/workflows/release-goreleaser.yml
vendored
@@ -26,7 +26,7 @@ jobs:
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
|
||||
with:
|
||||
go-version: '1.23.x'
|
||||
go-version: '1.25.5'
|
||||
|
||||
- name: Set up Node.js
|
||||
uses: actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6
|
||||
|
||||
@@ -110,7 +110,7 @@ jobs:
|
||||
severity: 'CRITICAL,HIGH,MEDIUM,LOW'
|
||||
|
||||
- name: Upload Trivy JSON results
|
||||
uses: actions/upload-artifact@v4
|
||||
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
|
||||
with:
|
||||
name: trivy-weekly-scan-${{ github.run_number }}
|
||||
path: trivy-weekly-results.json
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
module github.com/Wikid82/charon/backend
|
||||
|
||||
go 1.25
|
||||
go 1.25.5
|
||||
|
||||
require (
|
||||
github.com/containrrr/shoutrrr v0.8.0
|
||||
|
||||
Reference in New Issue
Block a user