vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-05-07 00:37:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
4826 commits 5 branches 432 tags 272 MiB
Commit graph

196 commits

Author SHA1 Message Date
rcourtman
47b6d0fb1c Align release header audit with publish contract 2026-04-11 18:25:53 +01:00
rcourtman
a48fb63cb3 Preserve draft release validation state 2026-04-11 17:35:14 +01:00
rcourtman
d643b0fb51 Govern RC-to-GA rehearsal record capture 2026-04-11 14:08:57 +01:00
rcourtman
be2b987cf0 Add public browser smoke proof to demo workflows 2026-04-11 13:50:00 +01:00
rcourtman
3a992a4fae Route demo updates over governed Tailscale path 2026-04-11 13:35:37 +01:00
rcourtman
5e7c6d4c7b Correct stable demo host example 2026-04-11 13:08:57 +01:00
rcourtman
a462b730ec Verify demo host identity before deploy 2026-04-11 12:46:18 +01:00
rcourtman
5b2005a645 Parse demo entry script for parity proof 2026-04-11 11:09:14 +01:00
rcourtman
c9cd8cf14b Fix preview frontend parity asset detection 2026-04-11 10:59:06 +01:00
rcourtman
6e2b58d555 Harden preview demo deployment verification 2026-04-11 00:39:07 +01:00
rcourtman
58ad221d47 Add governed v6 preview demo targets 2026-04-10 10:53:17 +01:00
rcourtman
c6de686cb4 Fix release workflow branch policy env 2026-04-04 15:13:16 +01:00
rcourtman
0b98a0d3e0 fix(deploy): pin docs links to release refs 2026-03-28 21:32:11 +00:00
rcourtman
f34ec16138 fix(release): require explicit rollback targets in workflows 2026-03-26 13:03:24 +00:00
rcourtman
79898ec86c fix(release): fail closed on stale promotion rehearsals 2026-03-26 12:26:17 +00:00
rcourtman
bd230d9c72 Own release artifact promotion surfaces under installability 2026-03-25 17:24:29 +00:00
rcourtman
e87c2629ea Polish remaining prerelease release wording 2026-03-25 11:12:46 +00:00
rcourtman
cb41473018 Rename promotion RC wording to prerelease 2026-03-25 11:08:05 +00:00
rcourtman
eae124f5d3 Rename user-facing RC wording to prerelease 2026-03-25 10:35:00 +00:00
rcourtman
76e4d6dd23 Add v6 RC feedback issue intake 2026-03-25 09:24:16 +00:00
rcourtman
11c50eb7a0 Align v6 release branch governance 2026-03-19 10:18:45 +00:00
rcourtman
778a2577b6 feat: Pulse v6 release 2026-03-18 16:06:30 +00:00
rcourtman
8036d9c3fd Improve issue triage with version-aware automation 2026-02-08 19:28:24 +00:00
rcourtman
b501820899 fix: use $HOME for cookie file in demo server workflow 
The /tmp directory on the demo server isn't writable by the relay
user, causing the verification step's cookie file to silently fail.
This meant the /api/state request had no session cookie and returned
401, making the node count check report 0 nodes.

Use $HOME instead of /tmp for the cookie file path.
 2026-02-04 17:58:05 +00:00
rcourtman
ac9003d105 fix: build pulse:test Docker image for integration tests 
The docker-compose test stack expects a pulse:test image. Build it
from the Dockerfile before running docker compose.
 2026-02-04 17:13:17 +00:00
rcourtman
04dbfa6329 fix: use docker compose plugin instead of standalone docker-compose 
GitHub Actions runners no longer include the standalone docker-compose
binary. Use the docker compose plugin syntax instead.
 2026-02-04 17:08:56 +00:00
rcourtman
cae9ed7332 fix: skip frontend rebuild in integration test job 
The integration_tests job restores the pre-built frontend dist from
cache and copies it to the embed location, but then runs make build
which unconditionally rebuilds the frontend via npm — failing because
node_modules aren't installed. Use go build directly since the
frontend is already embedded.
 2026-02-04 17:04:56 +00:00
rcourtman
e1e70fd78b Fix build workflow: remove obsolete pulse-sensor-proxy step 
The cmd/pulse-sensor-proxy directory was removed in a previous refactor
but the workflow still referenced it, causing build failures.
 2026-02-04 13:58:45 +00:00
rcourtman
07afa94d19 feat(security): add gitleaks secret scanning to pre-commit hook and CI 
Add three layers of secret leak prevention:

1. .gitleaks.toml — config extending the default ruleset (~150 rules for
   AWS, GCP, Stripe, OpenAI, private keys, JWTs, etc.) with allowlists
   tuned to suppress false positives from test fixtures and docs.

2. .husky/pre-commit — enhanced with gitleaks protect --staged (graceful
   skip if not installed), sensitive file type blocking (.pem, .key, .enc,
   id_rsa, etc.), and broadened fallback patterns covering AWS, OpenAI,
   GCP, and private key headers alongside existing Stripe checks.

3. .github/workflows/build-and-test.yml — new secret-scan CI job using
   gitleaks-action that runs in parallel with build on every push/PR,
   serving as the last gate if someone bypasses local hooks.
 2026-02-04 09:52:54 +00:00
rcourtman
655b8905c9 fix(ci): fix YAML quoting on line 494 2026-02-03 22:09:24 +00:00
rcourtman
5b48b37c4f fix(ci): replace emojis with ASCII in workflow 2026-02-03 22:07:12 +00:00
rcourtman
cb54cc5dc3 fix(ci): correct sparse-checkout syntax 2026-02-03 22:05:38 +00:00
rcourtman
75cda5011c fix(ci): wrap job-level if expressions 2026-02-03 22:04:23 +00:00
rcourtman
8fe6d9c753 chore: add comment to force workflow re-parse 2026-02-03 21:58:14 +00:00
rcourtman
a4916fc6ff perf(ci): parallelize release workflow for faster builds 
Optimizations:
- Split monolithic preflight_tests into parallel jobs:
  - frontend_checks (lint) - ~2 min
  - backend_tests (Go tests) - ~5 min
  - docker_build (verify build) - ~5 min
- Skip arm64 builds for prereleases (RC/alpha/beta) - saves ~4 min
- Skip integration tests for prereleases - saves ~3 min
- Don't push staging images, just verify builds
- Merge version_guard into prepare job with sparse checkout
- Use frontend build cache across jobs

Expected time savings:
- RC releases: ~12 min → ~5-6 min (parallel + skip arm64/integration)
- Stable releases: ~12 min → ~8-9 min (parallel jobs)
 2026-02-03 21:55:09 +00:00
rcourtman
1490a6e6e3 revert: remove dual-key license verification 
Restored original license signing key from backup - key was never
compromised (private repo). Removes unnecessary dual-key complexity:

- Remove legacyPublicKey and SetLegacyPublicKey from license.go
- Simplify signature verification to single key
- Remove EmbeddedLegacyPublicKey from pubkey.go
- Remove PULSE_LICENSE_LEGACY_PUBLIC_KEY from Dockerfile and workflows
- Remove dual-key test
- Simplify mock.env
 2026-02-03 21:29:21 +00:00
rcourtman
f810a003eb license: add dual-key verification 2026-02-03 20:45:00 +00:00
rcourtman
445c5c0587 Fix: remove install-sensor-proxy.sh from release workflow (script was removed) 2026-02-03 00:08:19 +00:00
rcourtman
17208cbf9d docs: update AI evaluation matrix and approval workflow documentation 2026-01-30 19:00:40 +00:00
rcourtman
252db2b720 ci: use git pull --rebase in helm-pages.yml to avoid push conflicts 2026-01-20 20:07:51 +00:00
rcourtman
9571f3ed0a ci: add PULSE_DATA_DIR to build-and-test.yml for Go unit tests 2026-01-20 20:06:42 +00:00
rcourtman
2798f89cf6 ci: increase helm smoke test timeout and add debug info 2026-01-20 19:53:22 +00:00
rcourtman
16afc93473 ci: improve demo server update robustness with pipefail and version check 2026-01-20 19:34:35 +00:00
rcourtman
8eb42f6b31 ci: set PULSE_DATA_DIR in test step to prevent /etc/pulse fallback 2026-01-20 18:00:07 +00:00
rcourtman
ee63d438cc docs: standardize markdown syntax and remove deprecated sensor-proxy docs 2026-01-20 09:43:49 +00:00
rcourtman
7d2e002caa fix: add sudo to mv command in deploy 2026-01-18 09:46:50 +00:00
rcourtman
a40be03963 fix: use sudo for systemctl commands in deploy 2026-01-18 09:43:47 +00:00
rcourtman
3114775aa9 fix: clean up stale files before deploy 2026-01-18 09:40:42 +00:00
rcourtman
bfe621eeb9 fix: use FRONTEND_PORT env var for health check port 2026-01-18 09:37:45 +00:00
rcourtman
4fbc08daba fix: use SSH key secret for demo server deployment 2026-01-18 09:32:19 +00:00