taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 19:40:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: make CI gates blocking, add smoke test, clean up dead code

Browse Source 
- gitleaks, cargo audit, trivy fs now block pipeline on findings
- add smoke test (docker run + curl /health) in release workflow
- deny.toml: add review date to RUSTSEC-2025-0119 ignore
- remove unused validation functions (maven, npm, crate)
- replace blanket #![allow(dead_code)] with targeted allows
This commit is contained in:
devitway
2026-03-15 19:25:00 +00:00
parent d886426957
commit 233b83f902
8 changed files with 27 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/release.yml vendored
View File

@@ -127,6 +127,17 @@ jobs:
cache-from: type=registry,ref=${{ env.NORA }}/${{ env.IMAGE_NAME }}-cache:astra
cache-to: type=registry,ref=${{ env.NORA }}/${{ env.IMAGE_NAME }}-cache:astra,mode=max
# ── Smoke test ──────────────────────────────────────────────────────────
- name: Smoke test — verify alpine image starts and responds
run: |
docker run --rm -d --name nora-smoke -p 5555:5000 \
${{ env.NORA }}/${{ env.IMAGE_NAME }}:latest
for i in $(seq 1 10); do
curl -sf http://localhost:5555/health && break || sleep 2
done
curl -sf http://localhost:5555/health
docker stop nora-smoke
scan:
name: Scan (${{ matrix.name }})
runs-on: [self-hosted, nora]