Merged
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Previously the command was a stub that always printed 'You are running the latest version.' regardless. Now it: - Fetches releases from GitHub API (trydirect/stacker) - Compares current vs latest version (semver) - Downloads the platform-specific .tar.gz asset - Extracts the stacker binary and replaces the running exe atomically - Supports --channel stable (default) and --channel beta Added dependencies: tempfile, flate2, tar (moved from dev-dependencies). Added unit tests: is_newer(), detect_asset_suffix logic, parse_channel. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…bitMQ The publish() method was publishing to exchanges without declaring them first. If the exchange didn't exist (e.g., consumer hadn't run yet), the AMQP channel would error with 404 NOT_FOUND. - Extract declare_exchange() helper (Topic, durable) shared by publish and consume - Call declare_exchange() before basic_publish() so exchanges are created idempotently on first use — self-healing regardless of startup order - Replace expect() panics in consume() with proper error propagation - Improve error messages to include exchange/queue names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…alOcean - htz: default OS changed from ubuntu-22.04 to docker-ce (Hetzner snapshot with Docker CE pre-installed on Ubuntu 24.04 — no manual Docker install needed) - do: already used docker-20-04 (DigitalOcean marketplace image with Docker pre-installed); kept as-is with an explanatory comment Linode and Vultr remain on ubuntu-22.04 as neither provider offers a standardised pre-built Docker slug accessible via a simple image name. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- CloudProvider enum: add Contabo variant (serialises as "contabo") - provider_code_for_remote(): "contabo" → "cnt" - resolve_remote_cloud_credentials(): Contabo needs 4 fields — client_id (STACKER_CONTABO_CLIENT_ID / CNT_CLIENT_ID), client_secret (STACKER_CONTABO_CLIENT_SECRET / CNT_CLIENT_SECRET), api_user (STACKER_CONTABO_API_USER / CNT_API_USER), api_password (STACKER_CONTABO_API_PASSWORD / CNT_API_PASSWORD) - Default region: EU, default size: V45 (VPS S), default OS: ubuntu-22.04 - Error message updated to include contabo - All 711 lib tests pass Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Migration: ADD COLUMN verifications JSONB DEFAULT '{}' on stack_template
- Casbin migration: PATCH /admin/templates/:id/verifications for admin_service + group_admin
- StackTemplate model: add verifications field (serde_json::Value)
- All SELECT queries updated to include t.verifications; query_as! macros
converted to query_as::<_, StackTemplate>() for offline-build compatibility
- db::marketplace::update_verifications(): merges JSONB patch via || operator
- security_scan_handler: auto-sets security_reviewed=true when scan passes
- New PATCH /{id}/verifications admin endpoint (update_verifications_handler)
- startup.rs: register new route
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add `check_hardened_images()` to security_validator.rs (static analysis):
- Detects :latest / untagged images (fail)
- Detects image@sha256: digest pinning (strong positive)
- Recognises known hardened registries: cgr.dev/, gcr.io/distroless/,
bitnami/, rapidfort/, registry1.dso.mil/
- Docker Official Images (no-namespace, e.g. nginx:1.25) count as hardened
- Non-root user: directive detection
- read_only filesystem detection
- Quality advisory check — does NOT block overall_passed
- Add `hardened_images: SecurityCheckResult` field to SecurityReport
- Update `to_checklist_json()` to include hardened_images
- Auto-set `verifications.hardened_images` (true/false) after passing scan
- Add `hardened_images: Option<bool>` to AdminVerificationsRequest (manual override)
- Priority sort boost in list_approved(): hardened templates float to top
of all sort orders (popular, rating, recent) via JSONB containment check
- 8 new unit tests for check_hardened_images
- TODO.md: Docker Hub API + Trivy integration plan
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Previously hardened_images was only recorded when overall_passed=true. Now it is always written (true/false) on every scan, so the frontend can show the amber warning badge even when other checks fail. security_reviewed is still only set on overall_passed=true. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Updated the runner configuration to use self-hosted Linux for multiple jobs.
…into fix/free-plan
StackTemplate struct initializers in tests - Fix user_has_plan() calls: add None as 3rd argument (user_token) to match the updated connector trait signature Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The -f shorthand is not recognized by all Docker versions on CI runners. Use the long-form --file flag for docker compose -f / docker compose down -f to ensure compatibility across Docker Engine versions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
In dry-run mode, artifacts (Dockerfile, docker-compose.yml) are already generated before the strategy is invoked. Calling 'docker compose config' was optional validation that fails on CI runners without the Docker Compose plugin. Since dry-run semantically means 'preview without executing', skip the docker call entirely and return success immediately after file generation. Updated unit tests accordingly. Fixes: cli_deploy integration tests on self-hosted CI runner Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The stack builder UI (ServiceDockerhub.jsx) fires POST requests to
/api/builder/dockerhub/events to log autocomplete interactions. The
Next.js proxy forwards them to stacker at POST /dockerhub/events, but
no such route existed — Casbin denied it with 403.
- Add log_event handler: accepts {event, payload} JSON body, logs via
tracing at DEBUG level, returns 204 No Content (fire-and-forget)
- Register in startup.rs under /dockerhub scope
- Add Casbin migration granting group_user and group_admin POST access
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.