Removed the read-only flag from Docker volume mounts in the container CVE scan workflow to allow modifications. Added `max-parallel` and `fetch-depth` configurations to the PostgreSQL compatibility matrix workflow for better performance and efficiency.
This ensures the container runs with root user privileges, providing better compatibility and avoiding potential permission issues. The change affects the development workflow configuration for container CVE scanning.
Simplified the Docker Scout configuration logic by removing unnecessary checks and utilizing Docker's standard auth configuration. Updated environment variable usage and volume mounts to streamline the setup process for scanning containers.
This update introduces a fallback mechanism for Docker Scout login when DockerHub credentials are unavailable, ensuring the workflow does not fail. It also replaces direct Docker config usage with temporary caching to improve flexibility and reduce dependency on runner environment setups.
Set `continue-on-error: true` for Docker Scout steps to ensure workflows proceed even if scans fail. Updated volume paths and environment variables for Docker config and credentials to improve scanning compatibility.
Replaced the use of Docker Hub secrets with a mounted local docker configuration file for authentication. Added a check to ensure the login config exists before running scans, preventing unnecessary failures. This change enhances flexibility and aligns with local environment setups.
This update ensures Docker Scout scans use Docker Hub authentication. If the required credentials are absent, the scans are skipped with a corresponding message. This improves security and prevents unnecessary scan failures.
Replaced Trivy output format from table to JSON for better processing. Added a summary step to parse and count severities using a Python script. Integrated Docker Scout scans for both backend and frontend, and updated uploaded artifacts to include the new JSON and Scout scan outputs.
This commit introduces a GitHub Actions workflow to scan for CVEs in backend and frontend container images. It uses Trivy for scanning and uploads the reports as artifacts, providing better visibility into vulnerabilities in development builds.
The backend Alpine smoke test targeting PostgreSQL 16 was removed from the CI configuration. This cleanup simplifies the workflow by eliminating redundancy, as the functionality might be covered elsewhere or deemed unnecessary.
Enhanced CI workflows by adding an Alpine-based smoke test for the backend with PostgreSQL 16. Updated the Docker build process to support dynamic base images and added provenance, SBOM, and labels to Docker builds. Extended branch compatibility checks and refined backend configurations for broader usage scenarios.
Updated the pg_dump commands in the migration-safety workflow to use `sed` for removing restrict/unrestrict lines. This ensures consistent schema comparison by ignoring irrelevant metadata.
Introduces a GitHub Actions workflow to ensure Alembic migrations are safe and reversible. The workflow validates schema consistency by testing upgrade and downgrade operations and comparing schemas before and after the roundtrip.
This workflow automates building and publishing Docker images upon a release or manual trigger. It includes steps for version resolution, Docker Hub login, and caching to optimize builds for both backend and frontend images.
This change modifies the GitHub Actions workflow to enable the `pg_stat_statements` extension in PostgreSQL service containers during tests. It ensures the required settings are applied and the database is properly restarted to reflect the changes, improving compatibility checks and diagnostics.
This update introduces `PG_DSN_CANDIDATES` for specifying multiple DSN options, improving compatibility and CI portability. The script now attempts connections sequentially using the provided candidates before falling back to single DSN or raising an error. Relevant updates to documentation and workflow configuration have also been made.
Introduced a GitHub Actions workflow to verify compatibility with PostgreSQL versions 14 through 18. Implemented a smoke test script to check core database metrics and version-specific differences. Updated the README with details about the compatibility matrix and usage instructions for the script.
