lerkolabs/uptop
1
1
Fork 0
Code Issues 17 Pull Requests 1 Actions Packages Projects 2 Releases 1 Wiki Activity

ci: harden release pipeline and pin tooling

Browse Source 
Un-neuter grype CVE gate (was || echo, now fails on critical).
Add .grype.yaml with ignore for CVE-2026-41589 (wish SCP —
unreachable, we only import wish/bubbletea).

Pin: grype v0.114.0, git-cliff v2.13.1, govulncheck v1.1.4.
Tag `latest` only on tag push, not workflow_dispatch.
Build path ./cmd/uptop (survives a main.go split).
Add dist/ and uptop to .dockerignore.
This commit is contained in:
Tyler Koenig
2026-06-11 13:03:53 -04:00
parent 92efb8e270
commit d1ab842283
7 changed files with 23 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/release-binaries.yml
+2 -2
View File
@@ -33,8 +33,8 @@ jobs:
- name: Install git-cliff
run: |
apk add --no-cache curl jq
VERSION=$(curl -sS https://api.github.com/repos/orhun/git-cliff/releases/latest | jq -r '.tag_name' | sed 's/^v//')
apk add --no-cache curl
VERSION=2.13.1
curl -sSL "https://github.com/orhun/git-cliff/releases/download/v${VERSION}/git-cliff-${VERSION}-x86_64-unknown-linux-musl.tar.gz" | tar xz -C /tmp
mv /tmp/git-cliff-*/git-cliff /usr/local/bin/
git-cliff --version