Hotfix: CI #580
Merged
Hotfix: CI #580
+2,777
−620
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chore(docker): migrate from Alpine to Debian Trixie base image
Propagate changes from development into feature/beta-release
- Updated Docker Compose files to use digest-pinned images for CI contexts. - Enhanced Dockerfile to pin Go tool installations and verify external downloads with SHA256 checksums. - Added Renovate configuration for tracking Go tool versions and digest updates. - Introduced a new design document outlining the architecture and data flow for dependency tracking. - Created tasks and requirements documentation to ensure compliance with the new digest pinning policy. - Updated security documentation to reflect the new digest pinning policy and exceptions.
Contributor
|
| Severity | Count |
|---|---|
| 🔴 Critical | 0 |
| 🟠 High | 7 |
| 🟡 Medium | 20 |
| 🟢 Low | 2 |
| Total | 409 |
📎 Artifacts
- SBOM (CycloneDX JSON) and Grype results available in workflow artifacts
Generated by Supply Chain Verification workflow • View Details
Contributor
✅ E2E Test Results: PASSEDAll E2E tests passed!
Per-Shard HTML Reports (easier to debug):
📊 View workflow run & download reports 🤖 This comment was automatically generated by the E2E Tests workflow. |
Fixes nightly build failures caused by: GoReleaser v2 requiring version 2 config syntax Zig cross-compilation failing for macOS CGO targets SQLite Driver Migration: Replace gorm.io/driver/sqlite with github.com/glebarez/sqlite (pure-Go) Execute PRAGMA statements via SQL instead of DSN parameters All platforms now build with CGO_ENABLED=0 GoReleaser v2 Migration: Update version: 1 → version: 2 snapshot.name_template → version_template archives.format → formats (array syntax) archives.builds → ids nfpms.builds → ids Remove Zig cross-compilation environment Also fixes Docker Compose E2E image reference: Use CHARON_E2E_IMAGE_TAG instead of bare digest Add fallback default for local development All database tests pass with the pure-Go SQLite driver.
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Adds automated workflow that creates a PR from nightly → main every Monday at 9:00 AM UTC for scheduled release promotion. Features: Pre-flight health check verifies critical workflows are passing Skips PR creation if nightly has no new commits Detects existing PRs and adds comments instead of duplicates Labels PRs with 'automated' and 'weekly-promotion' Creates GitHub issue on failure for visibility Manual trigger via workflow_dispatch with reason input NO auto-merge - requires human review and approval This gives early-week visibility into nightly changes and prevents Friday surprises from untested code reaching main.
The "Save Docker Image as Artifact" and "Upload Image Artifact" steps were running even when skip_build=true, causing CI failures on Renovate dependency update PRs. Add skip_build check to artifact saving step condition Add skip_build check to artifact upload step condition Aligns artifact steps with existing build skip logic
- Add TestConnect_PRAGMAExecutionAfterClose to verify all PRAGMA settings - Add TestConnect_JournalModeVerificationFailure for verification path - Add TestConnect_IntegrityCheckWithNonOkResult for corruption detection branch - Addresses Codecov patch coverage requirements for database.go
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses critical CI/CD infrastructure failures that were blocking the release pipeline and E2E test execution. The hotfix resolves four interconnected issues: Docker Compose E2E image references, SQLite driver compatibility, GoReleaser v2 syntax migration, and CGO removal for cross-platform binary compatibility.
🔴 Problems Identified
1. Docker Compose E2E Image Reference Mismatch
Symptom: E2E tests failed in CI with "image not found" errors.
Root Cause: The
docker-compose.playwright-ci.ymlreferenced a hardcoded image tag that didn't match the dynamically built image from CI.2. SQLite CGO Dependency Blocking Cross-Compilation
Symptom: GoReleaser nightly builds failed on macOS (darwin) and Windows targets.
Root Cause: The SQLite driver (
mattn/go-sqlite3) requires CGO, which doesn't work with cross-compilation. Even with Zig toolchain configured, the CGO requirement prevented reliable cross-platform builds.3. GoReleaser v2 Syntax Incompatibility
Symptom: GoReleaser failed with deprecation warnings and syntax errors.
Root Cause: The
.goreleaser.yamlconfiguration used v1 syntax (format:instead offormats:) which is deprecated in GoReleaser v2.x.4. CGO Inconsistency Across Platforms
Symptom: Binary incompatibility and runtime crashes on some platforms.
Root Cause: Different build configurations had inconsistent CGO settings, with some enabling CGO and others disabling it.
✅ Solutions Implemented
1. Docker Compose E2E Image Variable
File:
.docker/compose/docker-compose.playwright-ci.ymlBenefit: CI can inject the actual built image tag via environment variable, with a sensible default for local development.
2. Pure-Go SQLite Driver Migration
File:
backend/go.mod,backend/internal/database/database.goDatabase Configuration Changes:
db.Exec()instead of DSN parametersmodernc.org/sqlitedriver3. GoReleaser v2 Syntax Migration
File:
.goreleaser.yaml4. CGO Disabled Across All Platforms
File:
.goreleaser.yamlBenefit: Eliminates the need for Zig toolchain, C compilers, and platform-specific build configurations. Produces fully static, portable binaries.
📁 Files Changed
Core Changes
.goreleaser.yamlbackend/go.modgithub.com/glebarez/sqlite(pure-Go SQLite)backend/internal/database/database.go.docker/compose/docker-compose.playwright-ci.ymlWorkflow Adjustments
.github/workflows/e2e-tests.yml.github/workflows/release-goreleaser.ymlTest Verification
backend/internal/database/database_test.gobackend/internal/database/errors_test.gobackend/internal/database/settings_query_test.go🧪 Testing Verification
Backend Database Tests
Pure-Go SQLite Functionality Verified
Cross-Compilation Test
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /tmp/charon-linux ./cmd/api CGO_ENABLED=0 GOOS=darwin GOARCH=arm64 go build -o /tmp/charon-darwin ./cmd/api CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -o /tmp/charon.exe ./cmd/api # Result: All builds succeed without CGONone for End Users
For Developers
glebarez/sqlitereplacesmattn/go-sqlite3- this is transparent but changes import paths📋 Checklist
Pre-Merge
go test ./internal/database/...)Post-Merge Verification
🔗 Related Issues
📚 Technical References
Impact: This hotfix unblocks the beta release pipeline by ensuring all CI workflows can execute successfully without CGO dependencies or image reference mismatches.