|
|
314c038d94
|
feat: add integration tests, release runbook, cache fallback
- CI: integration job — build NORA, docker push/pull, npm publish/install, API checks
- release: cache-from with ignore-error=true (no dependency on localhost:5000)
- RELEASE_RUNBOOK.md: rollback procedure, deploy order, verification steps
|
2026-03-15 19:36:38 +00:00 |
|
|
|
233b83f902
|
security: make CI gates blocking, add smoke test, clean up dead code
- gitleaks, cargo audit, trivy fs now block pipeline on findings
- add smoke test (docker run + curl /health) in release workflow
- deny.toml: add review date to RUSTSEC-2025-0119 ignore
- remove unused validation functions (maven, npm, crate)
- replace blanket #![allow(dead_code)] with targeted allows
|
2026-03-15 19:25:00 +00:00 |
|
dependabot[bot]
|
9ab6ccc594
|
chore(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.2 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.35.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2026-03-10 04:25:33 +00:00 |
|
dependabot[bot]
|
fd4a7b0b0f
|
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.2
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.34.2.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.2)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
2026-03-03 04:25:55 +00:00 |
|
dependabot[bot]
|
6b6f88ab9c
|
chore(deps): bump actions/checkout from 4 to 6 (#4)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2026-02-24 12:20:19 +01:00 |
|
dependabot[bot]
|
aabd0b76fb
|
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.1 (#2)
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.1)
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-version: 0.34.1
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2026-02-24 12:20:12 +01:00 |
|
|
|
5f385dce45
|
ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan
|
2026-02-24 10:48:06 +00:00 |
|
|
|
761e08f168
|
ci: upgrade codeql-action v3 -> v4
|
2026-02-24 10:41:37 +00:00 |
|
|
|
b7e11da2da
|
ci: replace gitleaks action with CLI to avoid license requirement
|
2026-02-23 13:59:12 +00:00 |
|
|
|
6ad710ff32
|
ci: add security scanning and SBOM to release pipeline
- ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs)
- release.yml: restructure into build-binary + build-docker matrix + release
- build binary once on self-hosted, reuse across all Docker builds
- trivy image scan per matrix variant, results to GitHub Security tab
- SBOM generation in SPDX and CycloneDX formats attached to release
- deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only)
- Dockerfile: remove Rust build stage, use pre-built binary
- Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support
|
2026-02-23 11:37:27 +00:00 |
|
|
|
97eaa364ae
|
ci: split workflows - CI for tests, Release for tags only
|
2026-01-26 08:17:57 +00:00 |
|
