Propagate changes from development into feature/beta-release#974
Merged
Wikid82 merged 4 commits intofeature/beta-releasefrom Apr 26, 2026
Merged
Propagate changes from development into feature/beta-release#974Wikid82 merged 4 commits intofeature/beta-releasefrom
Wikid82 merged 4 commits intofeature/beta-releasefrom
Conversation
fix: update ownership handling for data volume and subdirectories in entrypoint script for rootless Docker environments
Automated checksum update for GeoLite2-Country.mmdb database. Old: 62049119bd084e19fff4689bebe258f18a5f27a386e6d26ba5180941b613fc2b New: c880cbc7e6b1a9b1a96d530c34996480d6d809d2c89a6bd73a5072e4fffbc01c Auto-generated by: .github/workflows/update-geolite2.yml
… to staged changes
- Add nosemgrep inline suppression on os.Open call in logs_handler.go;
path is already validated by LogService.GetLogPath via filepath.Base
equality check and prefix validation
- Scope semgrep pre-commit scan to staged files via {staged_files} in
lefthook, with full-scan fallback when no file args are provided
- Scope golangci-lint pre-commit scan to new-from-rev HEAD so only
issues introduced by the current change are reported, preventing
pre-existing issues in unrelated files from blocking commits
- renovate.json: align dependency grouping configuration
chore(docker): update GeoLite2-Country.mmdb checksum
Contributor
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Contributor
There was a problem hiding this comment.
Pull request overview
Automated branch-sync PR bringing development branch updates into feature/beta-release, primarily focusing on pre-commit security/linting workflow adjustments plus a small Docker build arg update and Renovate configuration alignment.
Changes:
- Run Semgrep on staged files in pre-commit via Lefthook, with a script fallback to full-scope scanning.
- Limit
golangci-lint“fast” pre-commit output to only findings on lines changed sinceHEAD. - Update Renovate base-branch rules and refresh the GeoLite2 SHA256 ARG value in the Dockerfile.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/pre-commit-hooks/semgrep-scan.sh | Accept staged file targets from Lefthook; fallback to scanning key directories. |
| scripts/pre-commit-hooks/golangci-lint-fast.sh | Restrict lint output to issues on changed lines since HEAD. |
| lefthook.yml | Add Semgrep as a blocking pre-commit command running on staged files. |
| backend/internal/api/handlers/logs_handler.go | Clarify path validation justification for os.Open and align linter suppressions. |
| Dockerfile | Update GeoLite2 SHA256 ARG value (still not enforced in build). |
| .github/renovate.json | Adjust Renovate base-branch patterns and packageRules for dependency updates. |
Comment on lines
+36
to
+39
| if [ "$#" -gt 0 ]; then | ||
| TARGETS=("$@") | ||
| else | ||
| TARGETS=(Dockerfile backend frontend/src scripts .github/workflows) |
| # This uses the publicly available GeoLite2 database | ||
| # In CI, timeout quickly rather than retrying to save build time | ||
| ARG GEOLITE2_COUNTRY_SHA256=62049119bd084e19fff4689bebe258f18a5f27a386e6d26ba5180941b613fc2b | ||
| ARG GEOLITE2_COUNTRY_SHA256=c880cbc7e6b1a9b1a96d530c34996480d6d809d2c89a6bd73a5072e4fffbc01c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated PR to propagate changes from development into feature/beta-release.
Triggered by push to development.