cf63e0d2f7
This commit addresses the OWASP security audit by enforcing strict host key verification and resolves persistent CI issues. Security Changes: - Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops. - Removed insecure host key verification from pkg/ansible. - Implemented synchronous host key discovery using ssh-keyscan during VM boot. - Updated Boot lifecycle to wait for host key verification. - Handled missing known_hosts file in pkg/ansible. - Refactored hardcoded SSH port to DefaultSSHPort constant. CI and Maintenance: - Fixed auto-merge.yml by inlining the script and adding repository context to 'gh' command, resolving the "not a git repository" error in CI. - Resolved merge conflicts in .github/workflows/auto-merge.yml with dev branch. - Added pkg/ansible/ssh_test.go for SSH client verification. - Fixed formatting in pkg/io/local/client.go to pass QA checks.
45 lines
652 B
YAML
45 lines
652 B
YAML
# Core CLI release configuration
|
|
# Used by: core release
|
|
|
|
version: 1
|
|
|
|
project:
|
|
name: core
|
|
repository: host-uk/core
|
|
|
|
build:
|
|
targets:
|
|
- os: linux
|
|
arch: amd64
|
|
- os: linux
|
|
arch: arm64
|
|
- os: darwin
|
|
arch: amd64
|
|
- os: darwin
|
|
arch: arm64
|
|
- os: windows
|
|
arch: amd64
|
|
|
|
publishers:
|
|
- type: github
|
|
prerelease: false
|
|
draft: false
|
|
- type: homebrew
|
|
tap: host-uk/homebrew-tap
|
|
formula: core
|
|
- type: scoop
|
|
bucket: host-uk/scoop-bucket
|
|
manifest: core
|
|
|
|
changelog:
|
|
include:
|
|
- feat
|
|
- fix
|
|
- perf
|
|
- refactor
|
|
exclude:
|
|
- chore
|
|
- docs
|
|
- style
|
|
- test
|
|
- ci
|