taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 10:20:32 +00:00
Code Issues Packages Projects Releases Wiki Activity
214 Commits 2 Branches 38 Tags
fbd2aa35e8183001366439cad5073a497953fc47
Commit Graph

64 Commits

Author SHA1 Message Date
devitway
05c765627f ci: fix trivy image tag (strip v prefix) 2026-02-23 16:47:18 +00:00
devitway
1813546bee ci: move trivy image scan to separate ubuntu-latest job to avoid self-hosted timeout 2026-02-23 16:15:03 +00:00
devitway
196c313f20 ci: add cargo cache to build-binary job, remove nora proxy (no sparse protocol) 2026-02-23 14:17:39 +00:00
devitway
aece2d739d ci: add registry credentials to trivy image scan 2026-02-23 14:01:31 +00:00
devitway
b7e11da2da ci: replace gitleaks action with CLI to avoid license requirement 2026-02-23 13:59:12 +00:00
devitway
dd3813edff ci: use github-runner own rust toolchain instead of ai-user path 2026-02-23 13:54:23 +00:00
devitway
6ad710ff32 ci: add security scanning and SBOM to release pipeline 
- ci.yml: add security job (gitleaks, cargo-audit, cargo-deny, trivy fs)
- release.yml: restructure into build-binary + build-docker matrix + release
  - build binary once on self-hosted, reuse across all Docker builds
  - trivy image scan per matrix variant, results to GitHub Security tab
  - SBOM generation in SPDX and CycloneDX formats attached to release
- deny.toml: cargo-deny policy (allowed licenses, banned openssl, crates.io only)
- Dockerfile: remove Rust build stage, use pre-built binary
- Dockerfile.astra, Dockerfile.redos: FROM scratch for Russian certified OS support
 2026-02-23 11:37:27 +00:00
devitway
1e01d4df56 ci: add Astra Linux and RedOS parallel builds 
Add Dockerfile.astra (astralinux/alse) and Dockerfile.redos (redos/redos)
for FSTEC-certified Russian OS targets. Update release.yml with a matrix
strategy that produces three image variants per release:
  - ghcr.io/.../nora:0.x.x          (Alpine, default)
  - ghcr.io/.../nora:0.x.x-astra    (Astra Linux SE)
  - ghcr.io/.../nora:0.x.x-redos    (RED OS)

Build stage is shared (musl static binary) across all variants.
 2026-02-23 08:24:48 +00:00
devitway
ab5ed3f488 ci: remove unnecessary QEMU step for amd64-only builds 2026-02-23 08:05:54 +00:00
DevITWay
1152308f6c Use self-hosted runner for release builds 
16-core runner should be 3-4x faster than GitHub's 2-core runners
 2026-01-26 10:39:04 +00:00
DevITWay
6c53b2da84 Speed up release workflow 
- Remove duplicate tests (already run on push to main)
- Build only for amd64 (arm64 rarely needed for VPS)
 2026-01-26 10:18:11 +00:00
DevITWay
97eaa364ae ci: split workflows - CI for tests, Release for tags only 2026-01-26 08:17:57 +00:00
DevITWay
95a2b5333e fix: correct rust-toolchain action name 2026-01-26 00:35:45 +00:00
DevITWay
a19477c424 ci: add GitHub Actions workflow for Docker releases 
- Run tests on PR and push
- Build multi-arch images (amd64, arm64)
- Push to ghcr.io on main branch and tags
- Auto-create GitHub Release on version tags
- Use BuildKit cache for faster builds
 2026-01-26 00:34:00 +00:00