Files

GitHub Actions 739895d81e fix(security): resolve CrowdSec startup and permission issues

Fixes CrowdSec not starting automatically on container boot and LAPI
binding failures due to permission issues.

Changes:
- Fix Dockerfile: Add charon:charon ownership for CrowdSec directories
- Move reconciliation from routes.go goroutine to main.go initialization
- Add mutex protection to prevent concurrent reconciliation
- Increase LAPI startup timeout from 30s to 60s
- Add config validation in entrypoint script

Testing:
- Backend coverage: 85.4% (✅ meets requirement)
- Frontend coverage: 87.01% (✅ exceeds requirement)
- Security: 0 Critical/High vulnerabilities (✅ Trivy + Go scans)
- All CrowdSec-specific tests passing (✅ 100%)

Technical Details:
- Reconciliation now runs synchronously during app initialization
  (after DB migrations, before HTTP server starts)
- Maintains "GUI-controlled" design philosophy per entrypoint docs
- Follows principle of least privilege (charon user, not root)
- No breaking changes to API or behavior

Documentation:
- Implementation guide: docs/implementation/crowdsec_startup_fix_COMPLETE.md
- Migration guide: docs/implementation/crowdsec_startup_fix_MIGRATION.md
- QA report: docs/reports/qa_report_crowdsec_startup_fix.md

Related: #crowdsec-startup-timeout

2025-12-23 01:59:21 +00:00

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

history-rewrite

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

pre-commit-hooks

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

bump_beta.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

cerberus_integration.sh

feat: Add full integration testing for Cerberus security stack

2025-12-12 23:29:30 +00:00

check_go_build.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

check-version-match-tag.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

clear-go-cache.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

coraza_integration.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

create_bulk_acl_issues.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

crowdsec_decision_integration.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

crowdsec_integration.sh

fix(security): resolve CrowdSec startup and permission issues

2025-12-23 01:59:21 +00:00

crowdsec_startup_test.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

db-recovery.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

debug_db.py

Add ImportSuccessModal tests, enhance AuthContext for token management, and improve useImport hook

2025-12-12 00:05:15 +00:00

debug_rate_limit.sh

Fix Rate Limiting Issues

2025-12-12 19:21:44 +00:00

frontend-test-coverage.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

go-test-coverage.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

gopls_collect.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

install-go-1.25.5.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

integration-test.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

qa-test-auth-certificates.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

rate_limit_integration.sh

Fix Rate Limiting Issues

2025-12-12 19:21:44 +00:00

README.md

Fix Rate Limiting Issues

2025-12-12 19:21:44 +00:00

release.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

repo_health_check.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

security-scan.sh

Add QA test outputs, build scripts, and Dockerfile validation

2025-12-11 18:26:24 +00:00

trivy-scan.sh

fix: update deprecation warning messages to reflect removal in v2.0.0

2025-12-21 22:06:39 +00:00

verify_crowdsec_app_config.sh

feat: Enhance CrowdSec integration with configurable binary path and improved process validation

2025-12-15 22:10:28 +00:00

waf_integration.sh

Add integration test script for WAF functionality

2025-12-12 22:50:08 +00:00

README.md

Scripts Directory

Running Tests Locally Before Pushing to CI

WAF Integration Test

Always run this locally before pushing WAF-related changes to avoid CI failures:

# From project root
bash ./scripts/coraza_integration.sh

Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script

Requirements:

Docker image charon:local must be built first:
```
docker build -t charon:local .
```
The script will:
1. Start a test container with WAF enabled
2. Create a backend container (httpbin)
3. Test WAF in block mode (expect HTTP 403)
4. Test WAF in monitor mode (expect HTTP 200)
5. Clean up all test containers

Expected output:

✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===

Other Test Scripts

Security Scan: bash ./scripts/security-scan.sh
Go Test Coverage: bash ./scripts/go-test-coverage.sh
Frontend Test Coverage: bash ./scripts/frontend-test-coverage.sh

CI/CD Workflows

Changes to these scripts may trigger CI workflows:

coraza_integration.sh → WAF Integration Tests workflow
Files in .github/workflows/ directory control CI behavior

Tip: Run tests locally to save CI minutes and catch issues faster!