lerko
aac8d4dd0e
fix(security): remove unused openssh-client from Docker image
...
CI / test (pull_request) Successful in 2m25s
CI / lint (pull_request) Successful in 40s
CI / vulncheck (pull_request) Successful in 41s
openssh-client was never used — uptop uses pure Go SSH via
charmbracelet/ssh. Removing it eliminates CVE-2026-25680,
CVE-2026-35386, CVE-2026-35387, and CVE-2026-35388.
2026-05-29 20:19:08 -04:00
lerko
13a0860dd3
fix(security): patch Docker Scout CVEs in x/net and Alpine packages
...
CI / test (pull_request) Successful in 2m26s
CI / lint (pull_request) Successful in 51s
CI / vulncheck (pull_request) Successful in 46s
Upgrade golang.org/x/net v0.54.0 → v0.55.0 (CVE-2026-41589 critical,
CVE-2025-60876, CVE-2026-42502, CVE-2026-42506, CVE-2026-25681,
CVE-2026-35414). Add apk upgrade to Dockerfile for openssh and busybox
CVEs (CVE-2026-25680, CVE-2026-27136, CVE-2026-35386, CVE-2026-35387,
CVE-2026-35388).
2026-05-29 20:05:28 -04:00
lerko
2cd3dcddb4
chore: bump Go 1.24.4 → 1.26.3, Alpine 3.21 → 3.23
...
CI / test (pull_request) Successful in 2m57s
CI / lint (pull_request) Successful in 1m11s
CI / vulncheck (pull_request) Failing after 1m1s
Go 1.24 EOL since Feb 2026. Fixes 33 stdlib vulns found by
govulncheck (database/sql, os/exec, net/http). Gets Green Tea GC.
2026-05-26 20:12:43 -04:00
lerko
5aab391b74
ci: overhaul pipeline — caching, GoReleaser, govulncheck
...
- Add module + build cache to CI (was only caching go-build, not go/pkg/mod)
- Declare explicit Alpine container instead of relying on runner image
- Drop redundant go vet (already in golangci-lint)
- Add govulncheck job for dependency CVE scanning
- Add GoReleaser config for Gitea-native binary releases + checksums
- Replace .github/workflows/docker.yml with .gitea/workflows/release.yml
- Docker multiarch (amd64+arm64) via buildx in release workflow
- Dockerfile: add --mount=type=cache for mod/build, add -trimpath
2026-05-26 18:24:19 -04:00
lerko
bd561d9a5e
fix(security): phase 3 medium reliability and hardening
...
CI / test (pull_request) Successful in 4m23s
CI / lint (pull_request) Successful in 1m11s
- Fail hard on critical migration errors (ignore only "already exists")
- Cache SSH user keys with 30s TTL (avoid DB query per auth attempt)
- Configure DB connection pooling (25 open, 5 idle, 5m lifetime)
- Enable SQLite WAL mode for concurrent read/write
- Optimize check history pruning (only prune above 1100 rows)
- Add security headers: X-Content-Type-Options, X-Frame-Options, CSP, Referrer-Policy
- Add CORS policy on /status/json via UPTOP_CORS_ORIGIN env var
- Add HTTP request logging middleware (method, path, status, duration, IP)
- Fix config file permissions from 0644 to 0600
- Pin Docker images: golang:1.24-alpine3.21, alpine:3.21
- Fix Docker CI tag pattern for CalVer (was semver)
- Pass build args (VERSION, COMMIT, BUILD_DATE) to Docker build
2026-05-26 16:57:03 -04:00
lerko
9d12e3ecf1
chore: complete rename from go-upkeep to uptop
...
CI / test (pull_request) Successful in 4m26s
CI / lint (pull_request) Successful in 1m11s
- Module path: gitea.lerkolabs.com/lerko/uptop
- Binary: cmd/uptop/
- All imports updated to full module path
- Env vars: UPKEEP_* → UPTOP_*
- Prometheus metrics: upkeep_* → uptop_*
- Default DB: uptop.db
- Docker image: lerko/uptop
- All docs, compose files, CI updated
Only remaining "go-upkeep" reference is the fork attribution in README.
2026-05-24 20:20:35 -04:00
lerko
8f9210b451
feat: add --version flag with build metadata injection
...
Supports `goupkeep version`, `--version`, and `-v`. Prints version,
commit hash, and build date when injected via ldflags. Shows "dev"
for local builds. Dockerfile updated with ARGs for version injection.
2026-05-24 14:14:13 -04:00
lerko
02f0a39d97
feat: initial commit — uptime monitor (forked from go-upkeep)
...
Go-based uptime monitor with SQLite/Postgres storage, TUI dashboard,
SSH server, alerting, and clustering support.
2026-05-14 11:05:10 -04:00
lerko