lerkolabs/uptop
1
1
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
145 Commits 2 Branches 6 Tags
fix/docker-compliance
Commit Graph

14 Commits

Author SHA1 Message Date
lerko 87270490de fix(docker): non-root user, supply chain attestations, build cleanup
CI / test (pull_request) Successful in 2m29s
Details
CI / lint (pull_request) Successful in 46s
Details
CI / vulncheck (pull_request) Successful in 41s
Details 
BREAKING: Container now runs as UID 1000 (uptop) instead of root.
Existing volumes with root-owned files need migration:

  docker run --rm -v <volume>:/data alpine chown -R 1000:1000 /data

- Add uptop user (UID/GID 1000) with entrypoint writability check
- Enable SBOM and provenance attestations for Docker Scout compliance
- Prune dangling images and build cache after release builds
 2026-06-01 11:46:05 -04:00
lerko 9a4a53f487 ci: sync README to Docker Hub on release
CI / test (pull_request) Successful in 2m23s
Details
CI / lint (pull_request) Successful in 51s
Details
CI / vulncheck (pull_request) Successful in 41s
Details 
Use peter-evans/dockerhub-description to push README.md as the
Docker Hub repository overview after each image build.
 2026-05-29 20:51:40 -04:00
lerko 38c7739995 fix(ci): use docker-builder runner for Docker image builds
CI / lint (pull_request) Successful in 2m14s
Details
CI / vulncheck (pull_request) Successful in 51s
Details
CI / test (pull_request) Successful in 3m59s
Details
2026-05-29 18:01:07 -04:00
lerko 5679dffffa fix(ci): use internal Gitea URL for GoReleaser API calls
CI / test (push) Successful in 2m49s
Details
CI / lint (push) Successful in 1m11s
Details
CI / vulncheck (push) Successful in 1m1s
Details
Release / release (push) Successful in 2m18s
Details
Release / docker (push) Failing after 3m38s
Details
2026-05-29 17:26:57 -04:00
lerko 65406ce69c fix(ci): install git and gcc for GoReleaser in release pipeline
CI / test (pull_request) Successful in 2m49s
Details
CI / lint (pull_request) Successful in 1m12s
Details
CI / vulncheck (pull_request) Successful in 56s
Details
2026-05-29 16:02:28 -04:00
lerko 2cd3dcddb4 chore: bump Go 1.24.4 → 1.26.3, Alpine 3.21 → 3.23
CI / test (pull_request) Successful in 2m57s
Details
CI / lint (pull_request) Successful in 1m11s
Details
CI / vulncheck (pull_request) Failing after 1m1s
Details 
Go 1.24 EOL since Feb 2026. Fixes 33 stdlib vulns found by
govulncheck (database/sql, os/exec, net/http). Gets Green Tea GC.
 2026-05-26 20:12:43 -04:00
lerko 7d4ef1f594 fix(ci): remove explicit container, use sh shell
CI / test (pull_request) Successful in 2m44s
Details
CI / lint (pull_request) Successful in 1m11s
Details
CI / vulncheck (pull_request) Failing after 1m7s
Details 
Act runner is Alpine-based — container: directive breaks node-based
actions (checkout, setup-go). Runner already has apk natively.
Added shell: sh to all jobs since runner lacks bash.
 2026-05-26 18:44:08 -04:00
lerko f0ff87c0d0 fix(ci): rename GITEA_TOKEN to RELEASE_TOKEN
CI / test (pull_request) Failing after 31s
Details
CI / lint (pull_request) Successful in 1m9s
Details
CI / vulncheck (pull_request) Failing after 15s
Details 
Gitea reserves the GITEA_ prefix for repo action secrets.
 2026-05-26 18:36:11 -04:00
lerko 5aab391b74 ci: overhaul pipeline — caching, GoReleaser, govulncheck 
- Add module + build cache to CI (was only caching go-build, not go/pkg/mod)
- Declare explicit Alpine container instead of relying on runner image
- Drop redundant go vet (already in golangci-lint)
- Add govulncheck job for dependency CVE scanning
- Add GoReleaser config for Gitea-native binary releases + checksums
- Replace .github/workflows/docker.yml with .gitea/workflows/release.yml
- Docker multiarch (amd64+arm64) via buildx in release workflow
- Dockerfile: add --mount=type=cache for mod/build, add -trimpath
 2026-05-26 18:24:19 -04:00
lerko d038361320 ci: cache Go build artifacts between runs
CI / test (pull_request) Successful in 6m18s
Details
CI / lint (pull_request) Successful in 56s
Details
2026-05-24 15:52:21 -04:00
lerko 26268bb6ef fix(ci): install gcc for race detector support
CI / test (pull_request) Successful in 4m41s
Details
CI / lint (pull_request) Successful in 1m17s
Details
2026-05-24 12:49:21 -04:00
lerko 5915e0ebe3 fix(ci): enable CGO for race detector, use lint-action v7
CI / test (pull_request) Failing after 1m27s
Details
CI / lint (pull_request) Successful in 1m37s
Details
2026-05-24 12:45:28 -04:00
lerko 6d7ecc46eb fix(ci): use sh instead of bash for runner compatibility
CI / test (pull_request) Failing after 46s
Details
CI / lint (pull_request) Failing after 20s
Details
2026-05-24 12:42:49 -04:00
lerko fb3f96f608 ci: add Gitea Actions pipeline for test and lint
CI / test (pull_request) Failing after 9s
Details
CI / lint (pull_request) Failing after 56s
Details 
Runs on push to main and on pull requests. Two parallel jobs:
- test: go vet + go test -race
- lint: golangci-lint via official action
 2026-05-23 22:02:26 -04:00