taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 20:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
236 Commits 4 Branches 38 Tags
281cc0418befa25d202f3c1eb17f9d24b38e856d
Commit Graph

73 Commits

Author SHA1 Message Date
dependabot[bot]
aabd0b76fb chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.1 (#2) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-24 12:20:12 +01:00
devitway
ac14405af3 ci: restore scan gate on release, block on HIGH/CRITICAL CVE 2026-02-24 10:53:28 +00:00
devitway
5f385dce45 ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan 2026-02-24 10:48:06 +00:00
devitway
761e08f168 ci: upgrade codeql-action v3 -> v4 2026-02-24 10:41:37 +00:00
devitway
fc1288820d ci: remove astra build for now 2026-02-24 00:39:16 +00:00
devitway
a17a75161b ci: consolidate all docker builds into single job to fix runner network issues 2026-02-24 00:07:44 +00:00
devitway
0b3ef3ab96 ci: use shared runner filesystem instead of artifact API to avoid network upload 2026-02-23 23:41:41 +00:00
devitway
99e290d30c ci: fix SBOM image tag and registry credentials 2026-02-23 18:53:17 +00:00
devitway
f74b781d1f ci: build musl static binary, fix cargo path (hardcode github-runner home) 2026-02-23 18:08:57 +00:00
devitway
05c765627f ci: fix trivy image tag (strip v prefix) 2026-02-23 16:47:18 +00:00
devitway
1813546bee ci: move trivy image scan to separate ubuntu-latest job to avoid self-hosted timeout 2026-02-23 16:15:03 +00:00
devitway
196c313f20 ci: add cargo cache to build-binary job, remove nora proxy (no sparse protocol) 2026-02-23 14:17:39 +00:00
devitway
aece2d739d ci: add registry credentials to trivy image scan 2026-02-23 14:01:31 +00:00
devitway
b7e11da2da ci: replace gitleaks action with CLI to avoid license requirement 2026-02-23 13:59:12 +00:00
devitway
dd3813edff ci: use github-runner own rust toolchain instead of ai-user path 2026-02-23 13:54:23 +00:00
devitway
6ad710ff32 ci: add security scanning and SBOM to release pipeline 
- ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs)
- release.yml: restructure into build-binary + build-docker matrix + release
  - build binary once on self-hosted, reuse across all Docker builds
  - trivy image scan per matrix variant, results to GitHub Security tab
  - SBOM generation in SPDX and CycloneDX formats attached to release
- deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only)
- Dockerfile: remove Rust build stage, use pre-built binary
- Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support
 2026-02-23 11:37:27 +00:00
devitway
1e01d4df56 ci: add Astra Linux and RedOS parallel builds 
Add Dockerfile.astra (astralinux/alse) and Dockerfile.redos (redos/redos)
for FSTEC-certified Russian OS targets. Update release.yml with a matrix
strategy that produces three image variants per release:
  - ghcr.io/.../nora:0.x.x          (Alpine, default)
  - ghcr.io/.../nora:0.x.x-astra    (Astra Linux SE)
  - ghcr.io/.../nora:0.x.x-redos    (RED OS)

Build stage is shared (musl static binary) across all variants.
 2026-02-23 08:24:48 +00:00
devitway
ab5ed3f488 ci: remove unnecessary QEMU step for amd64-only builds 2026-02-23 08:05:54 +00:00
DevITWay
1152308f6c Use self-hosted runner for release builds 
16-core runner should be 3-4x faster than GitHub's 2-core runners
 2026-01-26 10:39:04 +00:00
DevITWay
6c53b2da84 Speed up release workflow 
- Remove duplicate tests (already run on push to main)
- Build only for amd64 (arm64 rarely needed for VPS)
 2026-01-26 10:18:11 +00:00
DevITWay
97eaa364ae ci: split workflows - CI for tests, Release for tags only 2026-01-26 08:17:57 +00:00
DevITWay
95a2b5333e fix: correct rust-toolchain action name 2026-01-26 00:35:45 +00:00
DevITWay
a19477c424 ci: add GitHub Actions workflow for Docker releases 
- Run tests on PR and push
- Build multi-arch images (amd64, arm64)
- Push to ghcr.io on main branch and tags
- Auto-create GitHub Release on version tags
- Use BuildKit cache for faster builds
 2026-01-26 00:34:00 +00:00