taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 22:00:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
181 Commits 4 Branches 38 Tags
b3b74b8b2da4a8c0f768907672c5259aed2364c7
Commit Graph

52 Commits

Author SHA1 Message Date
devitway
bbff337b4c fix: clean up stale smoke test container before run 2026-03-15 22:25:37 +00:00
devitway
095270d113 fix: smoke test port mapping (4000, not 5000) 2026-03-15 21:54:13 +00:00
devitway
ad890be56a feat: add integration tests, release runbook, cache fallback 
- CI: integration job — build NORA, docker push/pull, npm publish/install, API checks
- release: cache-from with ignore-error=true (no dependency on localhost:5000)
- RELEASE_RUNBOOK.md: rollback procedure, deploy order, verification steps
 2026-03-15 19:36:38 +00:00
devitway
233b83f902 security: make CI gates blocking, add smoke test, clean up dead code 
- gitleaks, cargo audit, trivy fs now block pipeline on findings
- add smoke test (docker run + curl /health) in release workflow
- deny.toml: add review date to RUSTSEC-2025-0119 ignore
- remove unused validation functions (maven, npm, crate)
- replace blanket #![allow(dead_code)] with targeted allows
 2026-03-15 19:25:00 +00:00
devitway
058fc41f1c Merge pull request #24 from getnora-io/dependabot/github_actions/docker/metadata-action-6 
chore(deps): bump docker/metadata-action from 5 to 6
 2026-03-12 22:13:55 +03:00
devitway
7f5a3c7c8a Merge pull request #23 from getnora-io/dependabot/github_actions/aquasecurity/trivy-action-0.35.0 
chore(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0
 2026-03-12 22:13:49 +03:00
devitway
5b57cc5913 Merge pull request #22 from getnora-io/dependabot/github_actions/docker/login-action-4 
chore(deps): bump docker/login-action from 3 to 4
 2026-03-12 22:13:45 +03:00
devitway
aa844d851d Merge pull request #21 from getnora-io/dependabot/github_actions/docker/build-push-action-7 
chore(deps): bump docker/build-push-action from 6 to 7
 2026-03-12 22:13:41 +03:00
dependabot[bot]
2c886040d7 chore(deps): bump docker/metadata-action from 5 to 6 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](https://github.com/docker/metadata-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 04:25:36 +00:00
dependabot[bot]
9ab6ccc594 chore(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.34.2 to 0.35.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.34.2...0.35.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 04:25:33 +00:00
dependabot[bot]
679b36b986 chore(deps): bump docker/login-action from 3 to 4 
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 04:25:27 +00:00
dependabot[bot]
da8c473e02 chore(deps): bump docker/build-push-action from 6 to 7 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 04:25:23 +00:00
dependabot[bot]
3dc8b81261 chore(deps): bump docker/setup-buildx-action from 3 to 4 
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-10 04:25:20 +00:00
devitway
03a3bf9197 Merge pull request #15 from getnora-io/dependabot/github_actions/docker/build-push-action-6 
chore(deps): bump docker/build-push-action from 5 to 6
 2026-03-03 12:14:56 +03:00
devitway
6c5f0dda30 Merge pull request #14 from getnora-io/dependabot/github_actions/aquasecurity/trivy-action-0.34.2 
chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.2
 2026-03-03 12:14:42 +03:00
devitway
fb058302c8 Merge pull request #13 from getnora-io/dependabot/github_actions/softprops/action-gh-release-2 
chore(deps): bump softprops/action-gh-release from 1 to 2
 2026-03-03 12:14:29 +03:00
devitway
79565aec47 Merge pull request #12 from getnora-io/dependabot/github_actions/actions/upload-artifact-7 
chore(deps): bump actions/upload-artifact from 4 to 7
 2026-03-03 12:14:16 +03:00
dependabot[bot]
c8793a4b60 chore(deps): bump docker/build-push-action from 5 to 6 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 04:25:58 +00:00
dependabot[bot]
fd4a7b0b0f chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.2 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.34.2.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.2)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 04:25:55 +00:00
dependabot[bot]
7af1e7462c chore(deps): bump softprops/action-gh-release from 1 to 2 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 04:25:51 +00:00
dependabot[bot]
de1a188fa7 chore(deps): bump actions/upload-artifact from 4 to 7 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 04:25:48 +00:00
dependabot[bot]
36d0749bb3 chore(deps): bump actions/checkout from 4 to 6 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-03-03 04:25:43 +00:00
devitway
fb0f80ac5a ci: move scan/release to self-hosted, use NORA for cache and images 
- Add NORA (localhost:5000) as internal registry for image push and cache
- Replace type=gha cache with type=registry pointing to NORA
- Move scan and release jobs from ubuntu-latest to self-hosted runner
- Upload binary as artifact in build, download in release (no docker pull)
- Generate SBOM from NORA image instead of ghcr.io
- Add driver-opts: network=host to buildx for localhost registry access
 2026-02-25 00:19:37 +00:00
devitway
b153bc0c5b ci: restore Astra Linux SE build, scan, and release image 2026-02-24 17:01:14 +00:00
devitway
c7f9d5c036 ci: fix binary path in image (/usr/local/bin/nora) 2026-02-24 14:03:16 +00:00
devitway
b41bfd9a88 ci: pin build job to nora runner label to avoid wrong runner 2026-02-24 13:18:11 +00:00
devitway
3a6d3eeb9a feat: add binary + sha256 to GitHub Release artifacts 2026-02-24 12:14:29 +00:00
dependabot[bot]
2c7c497c30 chore(deps): bump softprops/action-gh-release from 1 to 2 (#5) 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 1 to 2.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](https://github.com/softprops/action-gh-release/compare/v1...v2)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-24 12:20:23 +01:00
dependabot[bot]
6b6f88ab9c chore(deps): bump actions/checkout from 4 to 6 (#4) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-24 12:20:19 +01:00
dependabot[bot]
1255e3227b chore(deps): bump docker/build-push-action from 5 to 6 (#3) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-24 12:20:16 +01:00
dependabot[bot]
aabd0b76fb chore(deps): bump aquasecurity/trivy-action from 0.30.0 to 0.34.1 (#2) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.30.0 to 0.34.1.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.30.0...0.34.1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-24 12:20:12 +01:00
devitway
ac14405af3 ci: restore scan gate on release, block on HIGH/CRITICAL CVE 2026-02-24 10:53:28 +00:00
devitway
5f385dce45 ci: add dependabot, pin trivy-action@0.30.0, release no longer waits on scan 2026-02-24 10:48:06 +00:00
devitway
761e08f168 ci: upgrade codeql-action v3 -> v4 2026-02-24 10:41:37 +00:00
devitway
fc1288820d ci: remove astra build for now 2026-02-24 00:39:16 +00:00
devitway
a17a75161b ci: consolidate all docker builds into single job to fix runner network issues 2026-02-24 00:07:44 +00:00
devitway
0b3ef3ab96 ci: use shared runner filesystem instead of artifact API to avoid network upload 2026-02-23 23:41:41 +00:00
devitway
99e290d30c ci: fix SBOM image tag and registry credentials 2026-02-23 18:53:17 +00:00
devitway
f74b781d1f ci: build musl static binary, fix cargo path (hardcode github-runner home) 2026-02-23 18:08:57 +00:00
devitway
05c765627f ci: fix trivy image tag (strip v prefix) 2026-02-23 16:47:18 +00:00
devitway
1813546bee ci: move trivy image scan to separate ubuntu-latest job to avoid self-hosted timeout 2026-02-23 16:15:03 +00:00
devitway
196c313f20 ci: add cargo cache to build-binary job, remove nora proxy (no sparse protocol) 2026-02-23 14:17:39 +00:00
devitway
aece2d739d ci: add registry credentials to trivy image scan 2026-02-23 14:01:31 +00:00
devitway
dd3813edff ci: use github-runner own rust toolchain instead of ai-user path 2026-02-23 13:54:23 +00:00
devitway
6ad710ff32 ci: add security scanning and SBOM to release pipeline 
- ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs)
- release.yml: restructure into build-binary + build-docker matrix + release
  - build binary once on self-hosted, reuse across all Docker builds
  - trivy image scan per matrix variant, results to GitHub Security tab
  - SBOM generation in SPDX and CycloneDX formats attached to release
- deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only)
- Dockerfile: remove Rust build stage, use pre-built binary
- Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support
 2026-02-23 11:37:27 +00:00
devitway
1e01d4df56 ci: add Astra Linux and RedOS parallel builds 
Add Dockerfile.astra (astralinux/alse) and Dockerfile.redos (redos/redos)
for FSTEC-certified Russian OS targets. Update release.yml with a matrix
strategy that produces three image variants per release:
  - ghcr.io/.../nora:0.x.x          (Alpine, default)
  - ghcr.io/.../nora:0.x.x-astra    (Astra Linux SE)
  - ghcr.io/.../nora:0.x.x-redos    (RED OS)

Build stage is shared (musl static binary) across all variants.
 2026-02-23 08:24:48 +00:00
devitway
ab5ed3f488 ci: remove unnecessary QEMU step for amd64-only builds 2026-02-23 08:05:54 +00:00
DevITWay
1152308f6c Use self-hosted runner for release builds 
16-core runner should be 3-4x faster than GitHub's 2-core runners
 2026-01-26 10:39:04 +00:00
DevITWay
6c53b2da84 Speed up release workflow 
- Remove duplicate tests (already run on push to main)
- Build only for amd64 (arm64 rarely needed for VPS)
 2026-01-26 10:18:11 +00:00
DevITWay
97eaa364ae ci: split workflows - CI for tests, Release for tags only 2026-01-26 08:17:57 +00:00