taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
299 Commits 2 Branches 38 Tags
b3239ed2d7c03df3d3fcacb01abc4c93a34703dd
Commit Graph

7 Commits

Author SHA1 Message Date
DevITWay | Pavel Volkov
b3239ed2d7 chore: DX improvements — typos, blame-ignore, PR template, registry checklist (#120) 
* chore: add workspace clippy lints, release profiles, COMPAT.md, diff-registry.sh

- Workspace clippy lints: or_fun_call, redundant_clone, collection_is_never_read,
  naive_bytecount, stable_sort_primitive, large_types_passed_by_value, assigning_clones
- Fix or_fun_call in cargo_registry.rs (unwrap_or -> unwrap_or_else)
- Release profiles: release (thin LTO) + release-official (full LTO, codegen-units=1)
- COMPAT.md: protocol compatibility matrix for all 7 registries (40 endpoints)
- scripts/diff-registry.sh: differential smoke tests (Docker/npm/Cargo/PyPI/Go/Raw)

* ci: add typos spell-check job and config

* chore: add .git-blame-ignore-revs for bulk fmt/clippy commits

* chore: unify PR template with What/Why/Checklist format

* docs: add new registry checklist and improve contributing guide

* fix: correct typos action SHA to v1.45.0
 2026-04-09 18:49:20 +03:00
DevITWay | Pavel Volkov
7d8116034a docs: expand Development Setup in CONTRIBUTING.md (#76) 
Add prerequisites, local run instructions, smoke test guide,
and fuzz testing section. Helps new contributors get started.
 2026-04-02 12:36:18 +00:00
DevITWay | Pavel Volkov
432e8d35af security: migrate token hashing from SHA256 to Argon2id (#55) 
* docs: add DCO, governance model, roles, vulnerability credit policy

* security: migrate token hashing from SHA256 to Argon2id

- Replace unsalted SHA256 with Argon2id (salted) for API token hashing
- Fix TOCTOU race: replace exists()+read() with read()+match on error
- Set chmod 600 on token files and 700 on token storage directory
- Auto-migrate legacy SHA256 tokens to Argon2id on first verification
- Add regression tests: argon2 format, legacy migration, file permissions
 2026-03-24 22:56:43 +00:00
devitway
a36287a627 community: add issue/PR templates, code of conduct, update contributing guide 2026-03-18 12:22:10 +00:00
DevITWay
7326f9b0e2 chore: add pre-commit hook to prevent sensitive file commits 
- Whitelist approach: only known safe extensions allowed (.rs, .toml, .yml, etc.)
- Block sensitive patterns (.env, .key, .pem, secrets, credentials)
- Warn but allow .md files
- Check only NEW files, modifications to tracked files always allowed
- Block large files (>5MB) with warning
- Run cargo fmt check on Rust files
- Update CONTRIBUTING.md with hook setup instructions
 2026-01-31 16:39:04 +00:00
DevITWay
f82e252e39 docs: add CONTRIBUTING.md and SECURITY.md 2026-01-31 12:39:41 +00:00
DevITWay
586420a476 feat: initialize NORA artifact registry 
Cloud-native multi-protocol artifact registry in Rust.

- Docker Registry v2
- Maven (+ proxy)
- npm (+ proxy)
- Cargo, PyPI
- Web UI, Swagger, Prometheus
- Local & S3 storage
- 32MB Docker image

Created by DevITWay
https://getnora.io
 2026-01-25 17:33:15 +00:00