Matt Holt
40927d2f75
Require disclosure of LLM usage in security reports
...
Added requirement to disclose the use of LLMs in security reports.
2026-02-05 06:12:26 -07:00
Mohammed Al Sahaf
df9386fa12
ci: escape backticks in changelogs embedded in JS ( #7382 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-12-03 16:40:31 +00:00
Mohammed Al Sahaf
56282c5737
ci: implement new release flow ( #7341 )
...
* ci: implement new release flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* remove redundant validation
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* extract key sha
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* pin github-scripts
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* switch to PR-based flow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* don't use top-level permissions
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* restricted global perms + specific local perms
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* make PR draft
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-11-14 14:55:30 -07:00
dependabot[bot]
afbdcec08b
build(deps): bump the actions-deps group with 8 updates ( #7284 )
...
Bumps the actions-deps group with 8 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.13.0` | `2.13.1` |
| [actions/setup-go](https://github.com/actions/setup-go ) | `5.5.0` | `6.0.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) | `4.7.3` | `4.8.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.9.2` | `3.10.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.5` | `0.20.6` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) | `3.0.0` | `4.0.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.2` | `2.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.30.0` | `3.30.5` |
Updates `step-security/harden-runner` from 2.13.0 to 2.13.1
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](ec9f2d5744...f4a75cfd61https://github.com/actions/setup-go/releases )
- [Commits](d35c59abb0...4469467582https://github.com/actions/dependency-review-action/releases )
- [Commits](595b5aeba7...56339e523chttps://github.com/sigstore/cosign-installer/releases )
- [Commits](d58896d6a1...d7543c93d8https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](da167eac91...f8bdd1d8achttps://github.com/peter-evans/repository-dispatch/releases )
- [Commits](ff45666b94...5fc4efd1a4https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](05b42c6244...4eaacf0543https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d92b76c45...3599b3baa1support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-01 23:11:09 +00:00
dependabot[bot]
2d0f3f887b
build(deps): bump the actions-deps group with 5 updates ( #7237 )
...
Bumps the actions-deps group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.2` | `5.0.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) | `6.3.0` | `6.4.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action ) | `4.7.1` | `4.7.3` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.4` | `0.20.5` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.29.7` | `3.30.0` |
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4.2.2...08c6903cd8c0fde910a37f88322edcfb5dd907a8 )
Updates `goreleaser/goreleaser-action` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](9c156ee8a1...e435ccd777https://github.com/actions/dependency-review-action/releases )
- [Commits](da24556b54...595b5aeba7https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](7b36ad622f...da167eac91https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](51f77329af...2d92b76c45support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-02 13:05:58 -06:00
Matthew Holt
b866a9e099
It can't be in the subfolder!?
2025-08-25 13:13:27 -06:00
Matthew Holt
1db26128a6
Uhh I guess it has to be named something specific
2025-08-25 13:11:30 -06:00
Matthew Holt
02c9f0ff90
Tweak issue form
2025-08-25 13:07:17 -06:00
Matthew Holt
63ec1f4e1c
Issue template chooser config
2025-08-25 13:05:02 -06:00
Matthew Holt
293de94f34
Fix issue form ... again
2025-08-25 13:02:54 -06:00
Matthew Holt
d8d359eca2
Fix syntax of issue form
2025-08-25 12:59:41 -06:00
Matt Holt
11a95cee6d
AI assistance disclosure ( #7212 )
...
* AI disclosure templates
* Update assistance disclosure
* Add AI moderator
* Set read permissions by default
* Pin to hash
2025-08-25 12:50:26 -06:00
Matthew Holt
b7c022a61a
Set read permissions as default
2025-08-25 10:18:40 -06:00
Kévin Dunglas
493898d9bd
ci: set proper build tags in golangci and minor cleanup ( #7183 )
...
* ci: set proper build tags in golangci and minor cleanup
* clean
* review
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com >
2025-08-21 20:43:38 +00:00
Kévin Dunglas
05acc5131e
chore: bump Go to v1.25 ( #7184 )
2025-08-14 08:38:42 -06:00
dependabot[bot]
5bc2afbbb6
build(deps): bump the actions-deps group with 6 updates ( #7142 )
...
Bumps the actions-deps group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner ) | `2.12.1` | `2.13.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.1` | `4.6.2` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `e9a05e6d32d7ed22b5656cd874ef31af58d05bfa` | `d58896d6a1865668819e1d91763c7751a165e159` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.20.1` | `0.20.4` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.1` | `2.4.2` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.29.0` | `3.29.4` |
Updates `step-security/harden-runner` from 2.12.1 to 2.13.0
- [Release notes](https://github.com/step-security/harden-runner/releases )
- [Commits](002fdce3c6...ec9f2d5744https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4.6.1...ea165f8d65b6e75b540449e92b4886f43607fa02 )
Updates `sigstore/cosign-installer` from e9a05e6d32d7ed22b5656cd874ef31af58d05bfa to d58896d6a1865668819e1d91763c7751a165e159
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e9a05e6d32...d58896d6a1https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](9246b90769...7b36ad622fhttps://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ce28f5bb42...4e828ff8d4support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-01 04:34:14 +03:00
Mohammed Al Sahaf
b7ae39e906
ci: reduce dependabot spam ( #7078 )
...
* ci: reduce dependabot spam
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* group actions deps
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-07-24 16:40:00 -06:00
Mohammed Al Sahaf
2f0fc62b34
chore: apply security best practices for CI ( #7066 )
...
* chore: apply security best practices for CI
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* remove redundant codeql job
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* run scorecard flow on PRs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-06-16 20:14:09 +00:00
Mohammed Al Sahaf
1a0f168b6e
ci: add {base,head}-ref to dep review check ( #7064 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-06-13 08:13:17 +03:00
Mohammed Al Sahaf
7a33f481f1
ci: add dep review, OSSF scorecard actions ( #7063 )
...
* ci: add dep review action
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* sprinkle permissions on Actions jobs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* README: add OpenSSF best practices badge
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* add draft OpenSSF Scorecard workflow
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-06-12 23:40:51 +00:00
Matt Holt
fe26751491
Update SECURITY.md
2025-06-12 09:38:48 -06:00
dependabot[bot]
45c9341deb
build(deps): bump golangci/golangci-lint-action from 6 to 8 ( #7044 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 6 to 8.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v6...v8 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-version: '8'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-06-03 02:33:40 +03:00
Mohammed Al Sahaf
e039a5bb5c
chore: upgrade .golangci.yml and workflow to v2 ( #6924 )
...
* chore: upgrade .golangci.yml and workflow to v2
run `golangci-lint fmt`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* run `golangci-lint run --fix`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* bring back comments to .golangci.yml
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* appease the linter some more
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* oops
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* use embedded structs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* use embedded structs where they were used before
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* disable rule `-QF1006`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* missed a spot
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-06-03 02:24:32 +03:00
Kévin Dunglas
d2a2311bfd
ci: fix Go matrix ( #6846 )
...
Co-authored-by: Matt Holt <mholt@users.noreply.github.com >
2025-03-07 10:40:51 -07:00
Matt Holt
d7764dfdbb
caddytls: Encrypted ClientHello (ECH) ( #6862 )
...
* caddytls: Initial commit of Encrypted ClientHello (ECH)
* WIP Caddyfile
* Fill out Caddyfile support
* Enhance godoc comments
* Augment, don't overwrite, HTTPS records
* WIP
* WIP: publication history
* Fix republication logic
* Apply global DNS module to ACME challenges
This allows DNS challenges to be enabled without locally-configured DNS modules
* Ignore false positive from prealloc linter
* ci: Use only latest Go version (1.24 currently)
We no longer support older Go versions, for security benefits.
* Remove old commented code
Static ECH keys for now
* Implement SendAsRetry
2025-03-05 17:04:10 -07:00
Mohammed Al Sahaf
6a8d4f1d60
chore: ci: upgrade Go version to 1.24 ( #6839 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2025-02-17 07:58:20 -07:00
Matt Holt
47391e4ec7
Update SECURITY.md
...
Clarify version support
2024-12-18 21:36:22 -07:00
Mohammed Al Sahaf
16d5b22349
ci: prevent jobs running on PRs from forks ( #6720 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2024-11-30 17:05:09 +03:00
Mohammed Al Sahaf
b285763969
ci: use commit sha in goreleaser-check ( #6677 )
...
* ci: use commit sha in goreleaser-check
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* fix output assignment
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* run only on non-fork or caddyserver repo, and use branch name
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2024-11-05 16:07:25 -05:00
Kévin Dunglas
eaaa2e5872
chore: compile without nosql's support for Postgres and MySQL ( #6655 )
...
* chore: compile without nosql's support for Postgres and MySQL
* Update cross-build.yml
* Update cross-build.yml
* Update README.md
2024-10-22 14:53:14 -06:00
Mohammed Al Sahaf
01be1b54a8
ci: install xcaddy to fix release flow ( #6602 )
2024-10-02 16:12:29 +00:00
Francis Lavoie
792f1c7ed7
caddyhttp: Escaping placeholders in CEL, add vars and vars_regexp ( #6594 )
...
* caddyhttp: Escaping placeholders in CEL
* Simplify some of the test cases
* Implement vars and vars_regexp in CEL
* dupl lint is dumb
* Better consts for the placeholder CEL shortcut
* Bump CEL version, register a few extensions
* Refactor s390x test script for readability
* Add retries for s390x to smooth over flakiness
* Switch to `ph` for the CEL shortcut (match it in templates cause why not)
2024-10-02 06:34:04 -06:00
Mohammed Al Sahaf
6ab9fb6f74
ci: update the linter action version ( #6575 )
...
* ci: update the linter action version
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
* exclude rule `G115`; disable deprecated linter
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2024-09-16 07:50:26 -06:00
Kévin Dunglas
2028da4e74
ci: build and test with Go 1.23 ( #6526 )
...
* chore: build and test with Go 1.23
* ci: bump golangci-lint to v1.60
* fix: make properly wrap errors
* ci: remove Go 1.21
2024-08-23 11:01:28 -06:00
Mohammed Al Sahaf
043fe41ab8
ci: don't exit early on error in remote CI machine ( #6519 )
2024-08-18 12:54:12 +03:00
June 🍓🦴
3afa02ba4e
ci: correct -tags nobadger on binary build ( #6470 )
2024-07-22 23:37:44 +00:00
Francis Lavoie
9338741ca7
browse: Exclude symlink target size from total, show arrow on size ( #6412 )
...
* fileserver: Exclude symlink target size from total, show arrow on size
* Keep both totals
* Linter doesn't like my spelling :(
* Stop parallelizing tests for now
* Update modules/caddyhttp/fileserver/browse.html
* Minor renamings
---------
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com >
2024-07-07 07:01:07 -06:00
Mohammed Al Sahaf
5db2f81695
ci: add version key for .goreleaser.yml ( #6376 )
...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com >
2024-06-06 11:33:19 +03:00
dependabot[bot]
a63767d3f8
build(deps): bump golangci/golangci-lint-action from 5 to 6 ( #6361 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-02 02:26:31 +03:00
Francis Lavoie
874d0ce822
chore: Bump Go version in CI ( #6310 )
2024-05-10 14:56:18 +00:00
Viktor Szépe
d7e3a1974b
Fix typos ( #6311 )
...
* Fix typos
* Revert
* Revert to "htlm"
* fix indentations
2024-05-10 08:08:54 -06:00
dependabot[bot]
7e2510ef43
build(deps): bump golangci/golangci-lint-action from 4 to 5 ( #6289 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-02 03:09:19 +03:00
Mohammed Al Sahaf
4d6370bf92
ci: remove android and plan9 from cross-build workflow ( #6268 )
2024-04-24 17:31:40 -04:00
Mohammed Al Sahaf
8f87c5d993
cmd: Only validate config is proper JSON if config slice has data ( #6250 )
...
* cmd: fix error when running without config
* ci: add smoke test
2024-04-18 15:40:12 -06:00
Francis Lavoie
01d5568b20
logging: Implement append encoder, allow flatter filters config ( #6069 )
...
* logging: Implement `add` encoder
* Allow flatter config structure for `filter` & `add`
* Rename to append
* govulncheck was unhappy
2024-03-05 16:24:32 -07:00
dependabot[bot]
8f8204708a
ci: bump golangci/golangci-lint-action from 3 to 4 ( #6141 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-02 02:38:57 +03:00
Francis Lavoie
c78ebb3d6a
chore: Rename CI jobs, run on M1 mac ( #6089 )
...
* Try macos-14 for fun
* Decouple OS names and VM names
* Shorten `cross-build-test` to `build`
2024-02-09 15:31:26 -07:00
WeidiDeng
bc1e63198d
bump to golang 1.22 ( #6083 )
2024-02-07 02:13:58 -05:00
dependabot[bot]
223f314331
build(deps): bump peter-evans/repository-dispatch from 2 to 3 ( #6080 )
...
Bumps [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch ) from 2 to 3.
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases )
- [Commits](https://github.com/peter-evans/repository-dispatch/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: peter-evans/repository-dispatch
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-01 18:34:40 -05:00
Marten Seemann
697cc593a1
chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 ( #6043 )
...
Co-authored-by: Francis Lavoie <lavofr@gmail.com >
Co-authored-by: Matt Holt <mholt@users.noreply.github.com >
2024-01-25 13:58:19 -05:00
