core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
857 commits 4 branches 6 tags 352 MiB
Commit graph

4 commits

Author SHA1 Message Date
Snider
f72a7f603f chore(ci): use reusable security scan from go-devops
Some checks failed
Deploy / Test (push) Failing after 1s
Details
Deploy / Build App Image (push) Has been skipped
Details
Deploy / Build Web Image (push) Has been skipped
Details
Security Scan / security (push) Successful in 21s
Details
Deploy / Build Core Image (push) Failing after 1m42s
Details
Deploy / Deploy to Production (push) Has been skipped
Details 
Replace inline govulncheck/gitleaks/trivy with shared workflow call.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-21 21:02:37 +00:00
Snider
6292fa2c77 fix(ci): harden security scan and Dockerfiles 
- Upgrade Go to 1.26, FrankenPHP to v1.11.2 (CVE-2026-24894)
- Add non-root USER to all Dockerfiles (Trivy misconfig)
- Upgrade gitleaks to v8.24.3 with arch detection

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-21 20:51:14 +00:00
Snider
4163aedec1 fix(ci): pin gitleaks version and harden install step
Some checks failed
Security Scan / Secret Detection (push) Successful in 12s
Details
Security Scan / Go Vulnerability Check (push) Failing after 2m21s
Details
Security Scan / Dependency & Config Scan (push) Failing after 21s
Details 
The gitleaks install was fragile: depended on GitHub API (rate limits),
jq being present, and hardcoded x64 arch. Now pins v8.24.3, detects
arch, uses curl -f for proper error handling, and verifies install.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-21 19:50:28 +00:00
Claude
b74f8264d3 feat: add Woodpecker CI pipeline and workspace improvements (#1) 
Co-authored-by: Claude <developers@lethean.io>
Co-committed-by: Claude <developers@lethean.io>
 2026-02-08 13:25:06 +00:00