dependabot[bot]
168fe79802
build(deps): bump the github-actions group across 1 directory with 11 updates ( #1516 )
...
Bumps the github-actions group with 11 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/setup-node](https://github.com/actions/setup-node ) | `6.2.0` | `6.3.0` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `6.2.0` | `6.3.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action ) | `5.10.0` | `6.0.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.7.0` | `4.0.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) | `3.2.0` | `4.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.12.0` | `4.0.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.18.0` | `7.0.0` |
| [actions-hub/kubectl](https://github.com/actions-hub/kubectl ) | `1.35.1` | `1.35.2` |
| [dominikh/staticcheck-action](https://github.com/dominikh/staticcheck-action ) | `1.4.0` | `1.4.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `6.0.0` | `7.0.0` |
| [shimataro/ssh-key-action](https://github.com/shimataro/ssh-key-action ) | `2.7.0` | `2.8.0` |
Updates `actions/setup-node` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-node/releases )
- [Commits](6044e13b5d...53b83947a5https://github.com/actions/setup-go/releases )
- [Commits](7a3fe6cf4c...4b73464bb3https://github.com/docker/metadata-action/releases )
- [Commits](c299e40c65...030e881283https://github.com/docker/login-action/releases )
- [Commits](c94ce9fb46...b45d80f862https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](96278af6ca...a2bbfa2537https://github.com/docker/setup-buildx-action/releases )
- [Commits](8d2750c68a...4d04d5d948https://github.com/docker/build-push-action/releases )
- [Commits](263435318d...d08e5c354ahttps://github.com/actions-hub/kubectl/releases )
- [Commits](3ece3793e7...5ada4e2c02https://github.com/dominikh/staticcheck-action/releases )
- [Changelog](https://github.com/dominikh/staticcheck-action/blob/master/CHANGES.md )
- [Commits](024238d289...9716614d41https://github.com/actions/upload-artifact/releases )
- [Commits](b7c566a772...bbbca2ddaahttps://github.com/shimataro/ssh-key-action/releases )
- [Changelog](https://github.com/shimataro/ssh-key-action/blob/v2/CHANGELOG.md )
- [Commits](d4fffb5087...6b84f2e793support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-03-16 06:44:18 -04:00
Xe Iaso
04fef9e033
ci: purge govulncheck, it's less signal than i hoped ( #1515 )
...
* ci: purge govulncheck, it's less signal than i hoped
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci(go): use go stable
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: use go stable
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
2026-03-16 10:30:43 +00:00
dependabot[bot]
61026976ec
build(deps): bump the github-actions group across 1 directory with 6 updates ( #1453 )
...
Bumps the github-actions group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [docker/login-action](https://github.com/docker/login-action ) | `3.6.0` | `3.7.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) | `3.1.0` | `3.2.0` |
| [actions-hub/kubectl](https://github.com/actions-hub/kubectl ) | `1.35.0` | `1.35.1` |
| [actions/cache](https://github.com/actions/cache ) | `5.0.2` | `5.0.3` |
| [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request ) | `5.5.3` | `6.1.1` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) | `7.2.0` | `7.3.0` |
Updates `docker/login-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](5e57cd1181...c94ce9fb46https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](00014ed6ed...96278af6cahttps://github.com/actions-hub/kubectl/releases )
- [Commits](f6d776bd78...3ece3793e7https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](8b402f58fb...cdf6c1fa76https://github.com/amannn/action-semantic-pull-request/releases )
- [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md )
- [Commits](0723387faa...48f256284bhttps://github.com/astral-sh/setup-uv/releases )
- [Commits](61cb8a9741...eac588ad8dsupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-15 10:31:51 -05:00
Xe Iaso
bf5d66222c
chore: set up commitlint, husky, and prettier ( #1451 )
...
* chore: add prettier configuration
Signed-off-by: Xe Iaso <me@xeiaso.net >
* format: run prettier tree-wide
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore(prettier): ignore intentionally ungrammatical files
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: add PR title lint rule
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: add DCO check
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: add commitlint and husky
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: add CONTRIBUTING guidelines
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: set SKIP_INTEGRATION in precommit tests
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: update spelling
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci(dco): remove reopened trigger
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: remove dead file
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore(prettier): don't format nginx includes
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
2026-02-15 08:19:12 -05:00
dependabot[bot]
d2205b11a7
build(deps): bump the github-actions group with 4 updates ( #1425 )
...
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/setup-node](https://github.com/actions/setup-node ), [actions/setup-go](https://github.com/actions/setup-go ) and [actions/cache](https://github.com/actions/cache ).
Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e8c483db8...de0fac2e45https://github.com/actions/setup-node/releases )
- [Commits](395ad32622...6044e13b5dhttps://github.com/actions/setup-go/releases )
- [Commits](4dc6199c7b...7a3fe6cf4chttps://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](9255dc7a25...8b402f58fbsupport@github.com >
Co-authored-by: Jason Cameron <git@jsn.cam >
2026-01-28 13:50:19 -05:00
dependabot[bot]
bcf525dbcf
build(deps): bump the github-actions group with 3 updates ( #1369 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-12-28 22:04:16 -05:00
dependabot[bot]
5c97d693c1
build(deps): bump the github-actions group across 1 directory with 4 updates ( #1340 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-12-15 02:34:45 +00:00
dependabot[bot]
071b836741
build(deps): bump the github-actions group with 3 updates ( #1317 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-11-30 22:12:30 -05:00
Jason Cameron
bbdeee00f7
fix: pin Node.js and Go versions in CI configuration files ( #1318 )
...
fixes cache poisoning issues
2025-12-01 03:03:39 +00:00
dependabot[bot]
1a12171d74
build(deps): bump the github-actions group with 3 updates ( #1262 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-11-09 18:08:06 -08:00
Xe Iaso
b5ead0a68c
fix(data): add ruleset to explicitly allow Docker / OCI clients ( #1253 )
...
* fix(data): add ruleset to explicitly allow Docker / OCI clients
Fixes #1252
This is technically a regression as these clients used to work in Anubis
v1.22.0, however it is allowable to make this opt-in as most websites do not
expect to be serving Docker / OCI registry client traffic.
Signed-off-by: Xe Iaso <me@xeiaso.net >
* Update metadata
check-spelling run (pull_request) for Xe/gh-1252/docker-registry-client-fix
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com >
on-behalf-of: @check-spelling <check-spelling-bot@check-spelling.dev >
* test(docker-registry): export the right envvars
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: add simdjson dependency for homebrew node
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: install go/node without homebrew
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test: use right github commit variable
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: remove simdjson dependency
Signed-off-by: Xe Iaso <me@xeiaso.net >
* ci: install ko with an action
Signed-off-by: Xe Iaso <me@xeiaso.net >
* docs: add OCI registry caveat docs
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
Signed-off-by: check-spelling-bot <check-spelling-bot@users.noreply.github.com >
2025-11-08 00:17:25 +00:00
dependabot[bot]
3dab060bfa
build(deps): bump the github-actions group across 1 directory with 6 updates ( #1221 )
...
Bumps the github-actions group with 6 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/cache](https://github.com/actions/cache ) | `4.2.4` | `4.3.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.5.0` | `3.6.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.2` | `5.0.0` |
| [actions/setup-node](https://github.com/actions/setup-node ) | `5.0.0` | `6.0.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) | `6.7.0` | `7.1.2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.30.3` | `4.31.0` |
Updates `actions/cache` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](0400d5f644...0057852bfahttps://github.com/docker/login-action/releases )
- [Commits](184bdaa072...5e57cd1181https://github.com/actions/upload-artifact/releases )
- [Commits](ea165f8d65...330a01c490https://github.com/actions/setup-node/releases )
- [Commits](a0853c2454...2028fbc5c2https://github.com/astral-sh/setup-uv/releases )
- [Commits](b75a909f75...85856786d1https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](192325c861...4e94bd11f7support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-26 22:41:24 -04:00
dependabot[bot]
87c2f1e0e6
build(deps): bump the github-actions group across 1 directory with 8 updates ( #1071 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-09-06 22:30:43 -04:00
Jason Cameron
adda60c163
Revert "build(deps): bump the github-actions group with 2 updates ( #952 )" ( #962 )
2025-08-06 03:01:25 +00:00
dependabot[bot]
e0a15bf4dc
build(deps): bump the github-actions group with 2 updates ( #952 )
...
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-08-05 22:45:07 -04:00
Jason Cameron
1562f88c35
chore: Remove unused/dead code ( #703 )
...
* chore(xess): remove unused xess templates
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore(checker): remove unused staticHashChecker implementation
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat: add pinact and deadcode to go tools (pinact is used for the gha pinning)
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore: update Docker and kubectl actions to latest versions
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore: update Homebrew action from master to main in workflow files
See df537ec97fgit@jasoncameron.dev >
* chore: remove unused go-colorable and tools dependencies from go.sum
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore: update postcss-import and other dependencies to latest versions
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore: update Docusaurus dependencies to version 3.8.1
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* chore: downgrade playwright and playwright-core to version 1.52.0
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
2025-06-25 09:31:33 -04:00
dependabot[bot]
e5455c02d8
build(deps): bump the github-actions group with 3 updates ( #666 )
...
Bumps the github-actions group with 3 updates: [docker/login-action](https://github.com/docker/login-action ), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/login-action` from 3.0.0 to 3.4.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](https://github.com/docker/login-action/compare/v3...74a5d142397b4f367a81961eba4e8cd7edddf772 )
Updates `actions/attest-build-provenance` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](db473fddc0...e8998f9491https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](fca7ace96b...ce28f5bb42support@github.com >
Co-authored-by: Jason Cameron <git@jasoncameron.dev >
2025-06-15 21:13:56 -04:00
Xe Iaso
f5140ae57b
test: introduce SSH based CI for non-native test hosts ( #644 )
...
* feat: ssh based CI
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test: implement SSH ci with caches and github actions
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): fix known hosts secret
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): clone the repo, that's important
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): speed up ci by prebaking the SSH CI image
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): set -euo
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): enable pull_request_target so things work
Signed-off-by: Xe Iaso <me@xeiaso.net >
* chore: spelling
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): oh goody it's broken
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): add cronjob to rebuild ci runner image
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): also run yeet
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): force git version for yeet
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): run set -x in the container
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): fix yeet?
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): remove yeet for now
Signed-off-by: Xe Iaso <me@xeiaso.net >
* test(ssh-ci): disable for PRs for now
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-06-11 12:50:01 -04:00
Jason Cameron
659b577e0e
feat(ci): use dynamic repository owner and name in Docker actions ( #487 )
...
* feat(ci): use dynamic repository owner and name in Docker actions
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): support forks
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): support forks
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): add debug output for Docker repository information
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): update Docker image naming convention in workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): set lowercase image name in Docker workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): remove json/gha branch from Docker workflow triggers
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
* feat(ci): simplify Docker registry configuration in workflow
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
---------
Signed-off-by: Jason Cameron <git@jasoncameron.dev >
2025-05-09 20:18:53 -04:00
dependabot[bot]
8ee0529321
build(deps): bump the github-actions group with 3 updates ( #439 )
...
Bumps the github-actions group with 3 updates: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/attest-build-provenance` from 2.2.3 to 2.3.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](c074443f1a...db473fddc0https://github.com/astral-sh/setup-uv/releases )
- [Commits](c7f87aa956...6b9c6063abhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](28deaeda66...60168efe1csupport@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-04 20:46:48 -04:00
Xe Iaso
2d22491e8c
undo depot for now until I have the corp set up
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-04-20 09:07:54 -04:00
Xe Iaso
62e20a213a
use depot builders ( #262 )
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-04-13 15:57:47 -04:00
Patrick Linnane
1614504922
workflows: hash pin Actions ( #203 )
...
Signed-off-by: Patrick Linnane <patrick@linnane.io >
2025-04-08 00:45:06 -04:00
Patrick Linnane
fc237a1690
workflows: fix zizmor findings (part 1) ( #190 )
...
Signed-off-by: Patrick Linnane <patrick@linnane.io >
2025-04-01 22:33:44 +00:00
Xe Iaso
937f1dd330
all: do not commit generated JS/CSS to source control ( #148 )
...
Closes #125
Closes #40
Among other things, this moves all of the asset generation to run within
the context of an npm script. Developer documentation stubs have been
added so that people can get started more easily.
The top-level Dockerfile (which is no longer used in production) has
been removed as its presence has been causing confusion. This changeset
will break it anyways.
These changes will make for less "repo churn" as the static assets are
built and rebuilt, at the cost of making the build step more complicated
for downstream packagers. If this becomes a burden, we can explore
making a "release tarball" that contains pre-massaged outputs.
2025-03-28 14:55:25 -04:00
Xe Iaso
56cdb2e51b
Fix docker image CI for pull requests ( #84 )
...
Closes #65
Pull request images will now be `ttl.sh/techaro/pr-{number}/anubis:24h`.
2025-03-22 11:26:49 -04:00
Xe Iaso
4ec4dc3624
.github/workflows: don't publish provenance data for PRs
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-21 15:42:51 -04:00
Xe Iaso
38e1e8cb5e
comment out the comment PR experiment for now, ugh, I hate GitHub ACLs
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-21 11:06:31 -04:00
Xe Iaso
f730326814
off by one
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-21 10:40:30 -04:00
Xe Iaso
db6d424aaa
.github/workflows/docker: only do comments if we're in a PR
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-21 10:36:24 -04:00
Xe Iaso
95dddb5549
cmd/containerbuild: default to ttl.sh for third party contributions ( #51 )
...
* cmd/containerbuild: default to ttl.sh for third party contributions
Closes #48
Signed-off-by: Xe Iaso <me@xeiaso.net >
* track comment tags
Signed-off-by: Xe Iaso <me@xeiaso.net >
* empty commit to make sure double-commenting doesn't work
Signed-off-by: Xe Iaso <me@xeiaso.net >
---------
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-21 10:34:01 -04:00
Xe Iaso
1efcb88261
Try using ko to build images
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-19 09:10:29 -04:00
Xe Iaso
fad32f79f9
make docker image for Anubis
...
Signed-off-by: Xe Iaso <me@xeiaso.net >
2025-03-18 08:35:05 -04:00
