lerkolabs/uptop
1
1
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects 2 Releases 4 Wiki Activity
219 Commits 1 Branch 4 Tags
d1ab842283fd1a568a476be9713e603303fadf22
Commit Graph

4 Commits

Author SHA1 Message Date
lerko d1ab842283 ci: harden release pipeline and pin tooling 
Un-neuter grype CVE gate (was || echo, now fails on critical).
Add .grype.yaml with ignore for CVE-2026-41589 (wish SCP —
unreachable, we only import wish/bubbletea).

Pin: grype v0.114.0, git-cliff v2.13.1, govulncheck v1.1.4.
Tag `latest` only on tag push, not workflow_dispatch.
Build path ./cmd/uptop (survives a main.go split).
Add dist/ and uptop to .dockerignore.
 2026-06-11 13:03:53 -04:00
lerko c963acb574 fix(ci): make Grype CVE scan non-blocking for known wish vuln
CI / test (pull_request) Successful in 2m21s
Details
CI / lint (pull_request) Successful in 46s
Details
CI / vulncheck (pull_request) Successful in 31s
Details 
GHSA-xjvp-7243-rg9h (wish SCP middleware path traversal) is
not exploitable — uptop only uses bubbletea middleware.
Scan still runs and warns but won't fail the release.
 2026-06-02 11:24:44 -04:00
lerko 3a169b2bcd ci(docker): add Grype CVE scanning after image push 
Scans published image for Alpine and dependency CVEs.
Fails on critical severity, reports all others in table output.
 2026-06-01 21:32:20 -04:00
lerko 50eb43971c refactor(ci): split release pipeline, add nfpm/homebrew/git-cliff 
Split monolithic release.yml into independent workflows:
- release-binaries.yml: tag-triggered, GoReleaser + git-cliff notes
- release-docker.yml: tag-triggered + manual dispatch, SHA tags

Add DEB/RPM packaging via nfpm in GoReleaser. Add Homebrew cask
config (skip_upload until macOS builds exist). Replace GoReleaser
built-in changelog with git-cliff for structured release notes.
 2026-06-01 21:14:54 -04:00