GitHub Actions
739895d81e
fix(security): resolve CrowdSec startup and permission issues
Fixes CrowdSec not starting automatically on container boot and LAPI
binding failures due to permission issues.
Changes:
- Fix Dockerfile: Add charon:charon ownership for CrowdSec directories
- Move reconciliation from routes.go goroutine to main.go initialization
- Add mutex protection to prevent concurrent reconciliation
- Increase LAPI startup timeout from 30s to 60s
- Add config validation in entrypoint script
Testing:
- Backend coverage: 85.4% (✅ meets requirement)
- Frontend coverage: 87.01% (✅ exceeds requirement)
- Security: 0 Critical/High vulnerabilities (✅ Trivy + Go scans)
- All CrowdSec-specific tests passing (✅ 100%)
Technical Details:
- Reconciliation now runs synchronously during app initialization
(after DB migrations, before HTTP server starts)
- Maintains "GUI-controlled" design philosophy per entrypoint docs
- Follows principle of least privilege (charon user, not root)
- No breaking changes to API or behavior
Documentation:
- Implementation guide: docs/implementation/crowdsec_startup_fix_COMPLETE.md
- Migration guide: docs/implementation/crowdsec_startup_fix_MIGRATION.md
- QA report: docs/reports/qa_report_crowdsec_startup_fix.md
Related: #crowdsec-startup-timeout