Files

GitHub Actions 033d1d1dad chore(ci): enable scheduled container pruning and report reclaimed space

- Make container prune run perform deletions by default (workflow_dispatch default now false for dry_run)
- Enhance prune script to estimate candidate and deleted image sizes (Docker Hub best-effort; GHCR manifest fallback)
- Emit machine-readable summary (`prune-summary.env`) and human-readable summary to the workflow run
- Upload logs + summary as artifacts and expose `space_saved` in the run summary

Why:
- Previously the scheduled job used dry-run by default and only logged candidates; this change makes scheduled pruning effective and provides visibility into storage reclaimed.

Impact:
- Runs will now remove eligible images by default (use dry_run=true to test)
- Size calculations are best-effort and may be incomplete if registry APIs do not expose sizes

2026-02-08 21:34:23 +00:00

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

history-rewrite

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

pre-commit-hooks

chore: add GORM security scanner and pre-commit hook

2026-01-28 10:30:03 +00:00

bump_beta.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

cerberus_integration.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

check_go_build.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

check-version-match-tag.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

clear-go-cache.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

coraza_integration.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

create_bulk_acl_issues.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

crowdsec_decision_integration.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

crowdsec_integration.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

crowdsec_startup_test.sh

fix: repair supply chain workflow triggers and crowdsec test script

2026-02-06 03:49:43 +00:00

db-recovery.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

debug_db.py

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

debug_rate_limit.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

diagnose-crowdsec.sh

fix(security): add CrowdSec diagnostics script and E2E tests for console enrollment and diagnostics

2026-02-03 18:26:32 +00:00

diagnose-test-env.sh

fix(tests): use correct endpoint in break glass recovery test

2026-02-03 14:06:46 +00:00

frontend-test-coverage.sh

chore: refactor tests to improve clarity and reliability

2026-02-08 00:02:09 +00:00

go-test-coverage.sh

chore: add GORM security scanner and pre-commit hook

2026-01-28 10:30:03 +00:00

gopls_collect.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

install-go-1.25.7.sh

fix: enable supply-chain-pr workflow for direct push and pr events

2026-02-06 03:42:26 +00:00

integration-test-all.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

integration-test.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

prune-container-images.sh

chore(ci): enable scheduled container pruning and report reclaimed space

2026-02-08 21:34:23 +00:00

qa-test-auth-certificates.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

rate_limit_integration.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

README.md

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

release.sh

chore: simplify GoReleaser to Linux-only builds for Docker deployment

2026-01-30 21:40:49 +00:00

repo_health_check.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

run-e2e-ui.sh

chore(e2e): enable Playwright UI on headless Linux

2026-02-06 10:29:11 -05:00

scan-gorm-security.sh

chore: GORM remediation

2026-01-28 18:47:52 +00:00

scan-gorm-security.sh.backup

chore: add GORM security scanner and pre-commit hook

2026-01-28 10:30:03 +00:00

security-scan.sh

fix: Implement dependency digest tracking for nightly builds

2026-01-30 06:39:26 +00:00

setup-e2e-env.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

trivy-scan.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

validate-e2e-auth.sh

fix: restore PATCH endpoints used by E2E + emergency-token fallback

2026-01-27 22:43:33 +00:00

verify_crowdsec_app_config.sh

chore: clean .gitignore cache

2026-01-26 19:22:05 +00:00

waf_integration.sh

fix: update admin whitelist IPs across multiple scripts for improved security

2026-02-07 06:34:48 +00:00

README.md

Scripts Directory

Running Tests Locally Before Pushing to CI

WAF Integration Test

Always run this locally before pushing WAF-related changes to avoid CI failures:

# From project root
bash ./scripts/coraza_integration.sh

Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script

Requirements:

Docker image charon:local must be built first:
```
docker build -t charon:local .
```
The script will:
1. Start a test container with WAF enabled
2. Create a backend container (httpbin)
3. Test WAF in block mode (expect HTTP 403)
4. Test WAF in monitor mode (expect HTTP 200)
5. Clean up all test containers

Expected output:

✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===

Other Test Scripts

Security Scan: bash ./scripts/security-scan.sh
Go Test Coverage: bash ./scripts/go-test-coverage.sh
Frontend Test Coverage: bash ./scripts/frontend-test-coverage.sh

CI/CD Workflows

Changes to these scripts may trigger CI workflows:

coraza_integration.sh → WAF Integration Tests workflow
Files in .github/workflows/ directory control CI behavior

Tip: Run tests locally to save CI minutes and catch issues faster!