Skip to content

Release: 1 feature, 1 fix, 2 chores → Main#7752

Merged
h0lybyte merged 4 commits intomainfrom
dev
Mar 7, 2026
Merged

Release: 1 feature, 1 fix, 2 chores → Main#7752
h0lybyte merged 4 commits intomainfrom
dev

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Mar 7, 2026
edited
Loading

Release: Dev → Main

4 atomic commits ready for main

Features

Bug Fixes

Chores

This PR is automatically maintained by CI — KBVE Studio

@h0lybyte
fix(crossplane): use bracket notation for dotted secret key field pat…
86abd1e 
…hs (#7751)

Crossplane Object references interpret dots as path separators, so
data.ca.crt was parsed as data->ca->crt instead of data->"ca.crt".
Switch to bracket notation data[ca.crt] to correctly reference
Kubernetes secret keys that contain dots.
@github-project-automation github-project-automation bot moved this to Review in KBVE Mar 7, 2026
@h0lybyte
feat(kube): add NetworkPolicy to restrict runner egress (#7753)
3d5ccdb 
Restricts arc-runners namespace egress to DNS (53), HTTPS (443),
HTTP (80), and SSH (22). Blocks runners from directly accessing
internal cluster services on non-standard ports like PostgreSQL,
Redis, and RCON.
@github-actions
Copy link
Contributor Author

github-actions bot commented Mar 7, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@h0lybyte
chore(kube): pin runner images and harden cache cleanup CronJob (#7754)
6c3c1b0 
Pin floating image tags to prevent supply chain drift:
- actions-runner:latest → actions-runner:2.332.0
- docker:dind → docker:29.2.1-dind
- alpine:3.19 → alpine:3.21

Harden cache cleanup CronJob:
- Add securityContext (non-root, read-only FS, drop ALL caps, seccomp)
- Add activeDeadlineSeconds: 300
- Set backoffLimit: 0 and restartPolicy: Never
@github-actions github-actions bot changed the title Release: 1 fix → Main Release: 1 feature, 1 fix, 1 chore → Main Mar 7, 2026
@github-actions
chore(kube): update axum-kbve to v1.0.32 (#7755)
97668c1 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
@github-actions github-actions bot changed the title Release: 1 feature, 1 fix, 1 chore → Main Release: 1 feature, 1 fix, 2 chores → Main Mar 7, 2026
@h0lybyte h0lybyte merged commit 427d2d0 into main Mar 7, 2026
17 checks passed
@github-project-automation github-project-automation bot moved this from Review to Done in KBVE Mar 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-pr dev→main

Projects

KBVE
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h0lybyte