sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:ci/make-check
Branches Tags
sneak:main sneak:ci/make-check sneak:fix-memory-security
..
compare: sneak:0e083af22c5ef5d9b0054c55ff16ca5fb462152a
Branches Tags
sneak:ci/make-check sneak:main sneak:fix-memory-security

12 Commits
ci/make-ch ... 0e083af22c

Author SHA1 Message Date
Jeffrey Paul
0e083af22c Merge branch 'main' into ci/make-check
Some checks failed
check / check (push) Failing after 12s
Details
2026-03-14 07:37:43 +01:00
clawbot
8fbe95a834 fix: include .golangci.yml in Docker build context
All checks were successful
check / check (push) Successful in 22s
Details
2026-03-11 06:30:47 -07:00
clawbot
88a7235c50 fix: add fmt-check to make check prerequisites
All checks were successful
check / check (push) Successful in 21s
Details 
REPO_POLICIES requires make check prereqs to include test, lint,
and fmt-check.
 2026-03-10 18:14:16 -07:00
clawbot
e4deaf41cc fix: use digest-only FROM syntax (no tags)
All checks were successful
check / check (push) Successful in 21s
Details 
Remove tags from FROM lines — use image@sha256:digest only,
matching the upaas pattern. tag@sha256 syntax is invalid.
 2026-03-10 17:49:50 -07:00
clawbot
31b09ea8b0 fix: pin all Docker base images by SHA256 digest
All checks were successful
check / check (push) Successful in 22s
Details 
Pin all three FROM lines with SHA256 digests per REPO_POLICIES.md:
- golangci/golangci-lint:v2.1.6@sha256:568ee1c1...
- golang:1.24-alpine@sha256:8bee1901...
- alpine:3.23@sha256:25109184... (was alpine:latest)

Also replaced mutable 'alpine:latest' tag with 'alpine:3.23'.
 2026-03-10 17:25:37 -07:00
clawbot
f8e8eec43d refactor: use official golangci-lint image for lint stage
All checks were successful
check / check (push) Successful in 1m15s
Details 
Restructure Dockerfile to match upaas/dnswatcher pattern:
- Separate lint stage using golangci/golangci-lint:v2.1.6 image
- Builder stage for tests and compilation (no lint dependency)
- Add fmt-check Makefile target
- Decouple test from lint in Makefile (lint runs in its own stage)
- Run gofmt on all files
- docker build verified passing locally
 2026-03-10 12:36:19 -07:00
clawbot
9be6e2a4eb fix: use correct checkout SHA and simplify CI workflow
All checks were successful
check / check (push) Successful in 1m1s
Details 
The previous checkout SHA was invalid, causing immediate CI failure.
Use the known-good actions/checkout v4.2.2 SHA. Simplify trigger to
on: [push] to match other repos. Keep --ulimit memlock=-1:-1 for
10MB secret tests that need mlock.
 2026-03-10 12:29:39 -07:00
user
1109fa6ed9 fix: resolve CI failures in docker build
Some checks failed
Check / check (pull_request) Failing after 15s
Details 
- Install golangci-lint v2 via binary download instead of go install
  (avoids Go 1.25 requirement of golangci-lint v2.10+)
- Add darwin build tags to tests that depend on macOS keychain:
  derivation_index_test.go, pgpunlock_test.go, validation (keychain tests)
- Move generateRandomString to helpers_darwin.go (only called from
  darwin-only keychainunlocker.go)
- Fix unchecked error returns flagged by errcheck linter
- Add gnupg to builder stage for PGP-related tests
- Use --ulimit memlock=-1:-1 in CI for memguard large secret tests
- Add //nolint:unused for intentionally kept but currently unused test helpers
 2026-03-10 12:25:48 -07:00
user
b80936cade ci: encapsulate checks in Dockerfile, simplify CI to docker build
Some checks failed
Check / check (pull_request) Failing after 12s
Details 
Per new policy: CI actions simply run 'docker build .'. The Dockerfile
now installs golangci-lint and runs 'make check' early in the build
process, so a successful docker build implies all checks pass.

- Dockerfile: add golangci-lint install and 'make check' before final build
- CI workflow: simplify to just 'docker build .' (no Go setup needed)
- Makefile targets unchanged
 2026-02-28 10:32:36 -08:00
clawbot
eb8ed52f4c security: pin all go install refs to commit SHAs 2026-02-28 10:31:58 -08:00
user
bbfbf43bc2 security: pin CI actions to commit SHAs 2026-02-28 10:31:58 -08:00
user
c0b1302a4e ci: add Gitea Actions workflow for make check 2026-02-28 10:31:58 -08:00
3 changed files with 1 additions and 5 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -27,7 +27,7 @@ RUN go mod download
COPY . . COPY . .
RUN make test RUN make test
RUN make build RUN CGO_ENABLED=1 go build -v -ldflags "-X 'git.eeqj.de/sneak/secret/internal/cli.Version=0.1.0' -X 'git.eeqj.de/sneak/secret/internal/cli.GitCommit=$(git rev-parse HEAD)'" -o secret cmd/secret/main.go
# Runtime stage # Runtime stage
# alpine 3.23 (2026-03-10) # alpine 3.23 (2026-03-10)

2
internal/macse/secure_enclave.h
View File

@@ -1,5 +1,3 @@
//go:build darwin
#ifndef SECURE_ENCLAVE_H #ifndef SECURE_ENCLAVE_H
#define SECURE_ENCLAVE_H #define SECURE_ENCLAVE_H

2
internal/macse/secure_enclave.m
View File

@@ -1,5 +1,3 @@
//go:build darwin
#import <Foundation/Foundation.h> #import <Foundation/Foundation.h>
#import <Security/Security.h> #import <Security/Security.h>
#include "secure_enclave.h" #include "secure_enclave.h"