Propagate changes from main into development #56
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR propagates changes from the main branch into development, bringing production-tested improvements and fixes from the stable branch into the development environment. The changes include infrastructure improvements, dependency updates, security enhancements, and bug fixes.
Key Changes:
- Infrastructure: New GitHub workflows for security scanning, quality checks, and automated dependency management
- Backend: Model cleanup, version field corrections, and test database configuration improvements
- Frontend: Test stability improvements with proper React Testing Library
act()usage, dependency additions - Docker: Enhanced multi-platform build support, security scanning with Trivy, and POSIX-compliant entrypoint script
Reviewed Changes
Copilot reviewed 36 out of 46 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| backend/go.mod | Updates Go version (contains invalid version 1.25.4) and promotes testify to direct dependency |
| backend/go.sum | Updates Go dependency checksums for crypto, sys, and text packages |
| backend/internal/models/proxy_host.go | Removes unused CaddyConfig model |
| backend/internal/api/handlers/proxy_host_handler.go | Removes duplicate HealthHandler (moved to dedicated file) |
| backend/internal/api/handlers/health_handler.go | Fixes field references from SemVer/BuildDate to Version/BuildTime |
| backend/internal/api/handlers/handlers_test.go | Changes SQLite test DB from shared cache to simple in-memory |
| frontend/package.json | Adds TanStack React Query, axios, and clsx dependencies |
| frontend/package-lock.json | Resolves new frontend dependencies and updates lockfile |
| frontend/src/services/api.ts | Removes trailing whitespace |
| frontend/src/pages/*.tsx | Removes trailing whitespace across multiple page components |
| frontend/src/hooks/useRemoteServers.ts | Adds testConnection method and enabledServers helper |
| frontend/src/hooks/useImport.ts | Removes trailing whitespace |
| frontend/src/hooks/tests/*.test.ts | Wraps state-changing operations in act() for test stability |
| frontend/.vite/deps_temp_c8b409d7/package.json | Adds temporary Vite dependencies directory |
| requirements.txt | Updates Python runtime dependencies (fastapi, sqlalchemy, passlib, python-multipart) |
| requirements.dev.txt | Updates Python dev dependencies (pytest, black, isort, bandit, coverage) |
| tools/python_compile_check.sh | Adds python3/python fallback detection with error handling |
| tools/dockerfile_check.sh | New script to validate Dockerfile base image and package manager compatibility |
| docker-entrypoint.sh | Converts from bash to POSIX sh, removes --adapter flag, improves process management |
| docker-compose.yml | Changes from local build to pre-built GHCR image |
| docker-compose.dev.yml | Adds dev image reference |
| Dockerfile | Multi-platform build improvements, pinnable Caddy base, removes bash dependency |
| .github/workflows/docker-publish.yml | Comprehensive rewrite: skip logic, Trivy scanning, digest pinning, normalized image names |
| .github/workflows/docker-build.yml | Removed (replaced by docker-publish.yml) |
| .github/workflows/ci.yml | Removed (replaced by quality-checks.yml) |
| .github/workflows/quality-checks.yml | New workflow for Go and frontend quality checks |
| .github/workflows/propagate-changes.yml | Improved PR creation logic for branch synchronization |
| .github/workflows/release.yml | Updates action versions with SHA pinning |
| .github/workflows/docs.yml | Updates action versions with SHA pinning, trailing whitespace cleanup |
| .github/workflows/renovate.yml | New Renovate bot workflow for automated dependency updates |
| .github/workflows/codeql.yml | New CodeQL security scanning workflow |
| .github/workflows/caddy-major-monitor.yml | New workflow to monitor Caddy v3 releases |
| .github/workflows/auto-add-to-project.yml | Adds conditional project URL check and new token reference |
| .github/workflows/create-labels.yml | Updates github-script action with SHA pinning |
| .github/workflows/auto-label-issues.yml | Updates github-script action with SHA pinning |
| .github/renovate.json | New Renovate configuration with Go, npm, and Docker dependency rules |
| .pre-commit-config.yaml | Adds frontend exclusions and Dockerfile validation hook |
| .gitignore | Comprehensive update for Python, Node, Go, and IDE artifacts |
| .dockerignore | Expanded to properly exclude build artifacts and temporary files |
| .codecov.yml | Updates test exclusion patterns for all languages |
| docs/github-setup.md | Updates to reflect automatic GHCR authentication (no PAT needed) |
| PHASE_7_SUMMARY.md | Removes trailing whitespace |
| GHCR_MIGRATION_SUMMARY.md | Removes trailing whitespace |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
… clean up condition syntax in branch propagation workflow
- Change ruff>=0.15 to ruff>=0.6.0 (0.15 doesn't exist yet) - Replace CPMP_GHCR_TOKEN with GITHUB_TOKEN for GHCR authentication - GITHUB_TOKEN is automatically provided by GitHub Actions with correct permissions
GitHub Actions automatically provides GITHUB_TOKEN with correct permissions for GHCR, so users don't need to create PATs anymore.
- Add @tanstack/react-query, axios, and clsx to frontend dependencies - Remove trailing whitespace from multiple files to pass pre-commit hooks - These were required but missing from package.json
Generated files (coverage/, dist/, .vite/, *.tsbuildinfo) should not be checked by trailing-whitespace or end-of-file-fixer hooks.
This is a Go + React project, not Python. Updated CI workflow to: - Run Go tests (backend) - Run frontend tests with npm (React) - Remove Python test coverage requirement
- Remove duplicate CaddyConfig in proxy_host.go (exists in caddy_config.go) - Remove duplicate HealthHandler in proxy_host_handler.go - Fix version variable names in health_handler.go (SemVer→Version, BuildDate→BuildTime) - Update frontend package-lock.json to sync with package.json dependencies - Backend now compiles successfully (1 test fails but will be fixed later)
- Update docker-compose.yml to use ghcr.io/wikid82/caddyproxymanagerplus:latest - Update docker-compose.dev.yml to use ghcr.io/wikid82/caddyproxymanagerplus:dev - Fix backend test database isolation (remove shared cache mode) - Add testConnection and enabledServers to useRemoteServers hook - Fix frontend test assertions to wait for async state updates - Wrap mutation assertions in waitFor for proper async handling Backend tests: ✅ ALL PASSING (22 tests) Frontend tests:⚠️ 45/49 passing (4 useImport tests need mock refinement)
The backend-builder stage was using golang:latest (Debian) but trying to run Alpine's apk package manager, causing build failures with 'apk: not found'. Changed to golang:alpine for consistency with the RUN commands. Fixes Docker build workflow failures in GitHub Actions.
Added custom Dockerfile validation script that detects mismatches between base image OS (Debian vs Alpine) and package managers (apt vs apk). This will catch errors like: - Using golang:latest (Debian) with apk commands - Using alpine images with apt commands The hook runs automatically on commit and would have caught the recent golang:latest + apk mismatch that caused Docker build failures.
Updated .gitignore, .dockerignore, and .codecov.yml to properly exclude: - Python artifacts (__pycache__, .venv, coverage) - Node artifacts (node_modules, dist, coverage, .vite) - Go artifacts (*.out, coverage files) - Database files (*.db, *.sqlite) - IDE files (.vscode, .idea) - Build artifacts and temporary files - Documentation and scripts from Docker context - Test files from codecov analysis
…m64 build - Wrap async mutations in act() across useImport, useProxyHosts, useRemoteServers tests - Add npm_config_rollup_skip_nodejs_native=1 in Dockerfile to bypass native binary for arm64 - Enable Go module caching in CI via cache-dependency-path on setup-go action - All frontend tests now pass cleanly (49/49) without React Testing Library warnings
- Remove ruff/flake8/pre-commit steps (legacy Python scaffold) - Remove needs dependencies on non-existent lint job - Backend and frontend tests now run independently
- Add Trivy vulnerability scanner after image build - Upload SARIF results to GitHub Security tab - Display critical/high severity issues in workflow logs - Add security-events permission for SARIF upload - Skip scanning on pull requests to save time
…(remove matchUpdateTypes from allowedVersions rule)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automated PR to propagate commits from main into development.
Triggered by push by @Wikid82.