3 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Snider
|
cf63e0d2f7 |
Secure SSH, fix CI auto-merge, and resolve merge conflicts
This commit addresses the OWASP security audit by enforcing strict host key verification and resolves persistent CI issues. Security Changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Updated Boot lifecycle to wait for host key verification. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. CI and Maintenance: - Fixed auto-merge.yml by inlining the script and adding repository context to 'gh' command, resolving the "not a git repository" error in CI. - Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch. - Added pkg/ansible/ssh_test.go for SSH client verification. - Fixed formatting in pkg/io/local/client.go to pass QA checks. |
||
|
Snider
|
18f68ef907 |
refactor(core): decompose Core into serviceManager + messageBus (#282)
* refactor(core): decompose Core into serviceManager + messageBus (#215) Extract two focused, unexported components from the Core "god object": - serviceManager: owns service registry, lifecycle tracking (startables/ stoppables), and service lock - messageBus: owns IPC action dispatch, query handling, and task handling All public API methods on Core become one-line delegation wrappers. Zero consumer changes — no files outside pkg/framework/core/ modified. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): remove unused fields from test struct Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(core): address review feedback from Gemini and Copilot - Move locked check inside mutex in registerService to fix TOCTOU race - Add mutex guards to enableLock and applyLock methods - Replace fmt.Errorf with errors.Join in action() for correct error aggregation (consistent with queryAll and lifecycle methods) - Add TestMessageBus_Action_Bad for error aggregation coverage Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): bump host-uk/build from v3 to v4 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace Wails build with Go CLI build The build action doesn't yet support Wails v3. Comment out the GUI build step and use host-uk/build/actions/setup/go for Go toolchain setup with a plain `go build` for the CLI binary. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(container): check context before select in Stop to fix flaky test Stop() now checks ctx.Err() before entering the select block. When a pre-cancelled context is passed, the select could non-deterministically choose <-done over <-ctx.Done() if the process had already exited, causing TestLinuxKitManager_Stop_Good_ContextCancelled to fail on CI. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix(ci): trim CodeQL matrix to valid languages Remove javascript-typescript and actions from CodeQL matrix — this repo contains only Go and Python. Invalid languages blocked SARIF upload and prevented merge. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat(go): add `core go fuzz` command and wire into QA - New `core go fuzz` command discovers Fuzz* targets and runs them with configurable --duration (default 10s per target) - Fuzz added to default QA checks with 5s burst duration - Seed fuzz targets for core package: FuzzE (error constructor), FuzzServiceRegistration, FuzzMessageDispatch Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): add workflow_dispatch trigger for manual runs Allows manual triggering of CodeQL when the automatic pull_request trigger doesn't fire. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(codeql): remove workflow in favour of default setup CodeQL default setup is now enabled via repo settings for go and python. The workflow-based approach uploaded results as "code quality" rather than "code scanning", which didn't satisfy the code_scanning ruleset requirement. Default setup handles this natively. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): add explicit permissions to all workflows - agent-verify: add issues: write (was missing, writes comments/labels) - ci: add contents: read (explicit least-privilege) - coverage: add contents: read (explicit least-privilege) All workflows now declare permissions explicitly. Repo default is read-only, so workflows without a block silently lacked write access. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * ci(workflows): replace inline logic with org reusable workflow callers agent-verify.yml and auto-project.yml now delegate to centralised reusable workflows in host-uk/.github, reducing per-repo duplication. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
Snider
|
b6fbb781d5 |
ci(workflows): use host-uk/build@dev for releases (#264)
* ci(workflows): use host-uk/build@dev for releases
- Replace manual Go bootstrap with host-uk/build@dev action
- Add matrix builds for linux/amd64, linux/arm64, darwin/universal, windows/amd64
- Update README URLs from Snider/Core to host-uk/core
- Simplify artifact handling with merge-multiple
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* docs(mkdocs): update repo references to host-uk/core
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* chore(coderabbit): disable auto-review, manual trigger only
Trigger with @coderabbitai review to control costs.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* feat(ci): implement semver release channels
- Rename dev-release.yml → alpha-release.yml
- Alpha builds: v0.0.4-alpha.{run_number} (prerelease)
- Add pr-build.yml for draft releases
- PR builds: v0.0.4-pr.{num}.bid.{id} (draft, not published)
- Add attestation permissions for SLSA compliance
- No more deleting/recreating dev tag
Versioning strategy:
- Draft: +pr.{NUM}.bid.{ID} (testable, not published)
- Alpha: -alpha.{N} (canary channel)
- Beta: -beta (quality scored)
- RC: -rc.{N} (release candidate)
- Stable: no suffix
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* fix(ci): use build@v3 and dot notation for versions
- Switch from host-uk/build@dev to host-uk/build@v3
- Use dots instead of + for build metadata (GitHub tag compatible)
- v0.0.4.pr.{num}.bid.{id} format for PR drafts
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci(workflows): update all actions to latest versions
- actions/setup-go: v5 → v6 (Go 1.25+ support)
- actions/upload-artifact: v4 → v6 (immutable artifacts)
- actions/download-artifact: v4 → v7 (attestations support)
- actions/github-script: v7 → v8 (Node 20)
- actions/checkout: standardized on v6
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: temporarily use self-hosted runners
Testing build on local runners while GitHub hosted runners are backed up.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: fix webkit dep for Ubuntu 20.04 runners
Fall back to libwebkit2gtk-4.0-dev on older Ubuntu.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* test: skip unwritable dir test when running as root
Docker self-hosted runners run as root, which can write anywhere.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
* ci: revert to ubuntu-latest runners
Self-hosted runners need environment parity work (ARM64, root user, SDK tools).
Keep self-hosted for future local-llm integration tasks.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
|
Renamed from .github/workflows/dev-release.yml.disabled (Browse further)