Conversation
Wikid82
added
security
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
✅ Supply Chain Verification Results✅ PASSED 📦 SBOM Summary
🔍 Vulnerability Scan
📎 Artifacts
Generated by Supply Chain Verification workflow • View Details |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
…n-major-updates fix(deps): update non-major-updates (feature/beta-release)
…r for better diagnostics
There was a problem hiding this comment.
Pull request overview
This PR advances the Caddy 2.11.1 rollout by updating the default build/version documentation and adding verification-gate documentation, while also hardening E2E reliability (disk pressure detection, clearer SQLite “disk full” failures, and more deterministic import-session cleanup).
Changes:
- Bump/align Caddy version references to
2.11.1(Docker default + architecture docs) and shift rollout planning/docs toward digest-bound verification gates. - Improve Playwright/E2E stability: detect SQLite “database or disk is full” as an infrastructure failure, add disk-space preflight cleanup/gates in CI, and make import-session cleanup more deterministic.
- Minor dependency update:
axios^1.13.5→^1.13.6.
Reviewed changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
Dockerfile |
Updates default Caddy build ARG to 2.11.1. |
ARCHITECTURE.md |
Syncs documented Caddy version + adds rollout-gate notes and digest-based scan examples. |
docs/plans/current_spec.md |
Reframes current plan toward deterministic rollout verification gates. |
VERSION.md |
Updates release process docs and adds mandatory rollout verification gates. |
docs/reports/qa_report.md |
QA report content updated (currently has a broken title line). |
tests/utils/TestDataManager.ts |
Adds SQLite-disk-full detection and fail-fast behavior for test data creation. |
tests/global-setup.ts |
Adds SQLite-disk-full detection during global setup emergency reset. |
tests/core/caddy-import/import-page-helpers.ts |
Refactors and strengthens pending import-session cleanup and adds a deterministic reload recovery. |
tests/core/caddy-import/caddy-import-gaps.spec.ts |
Adds pre-test import-session reset; enhances session banner test via mocked status response + deterministic navigation retry. |
frontend/package.json |
Bumps axios version. |
frontend/package-lock.json |
Locks updated axios (and related transitive updates). |
.github/workflows/security-pr.yml |
Updates pinned upload-sarif action SHA. |
.github/workflows/e2e-tests-split.yml |
Adds disk diagnostics + best-effort cleanup + a free-space threshold gate before starting E2E environments. |
Files not reviewed (1)
- frontend/package-lock.json: Language not supported
| if (sqliteInfraFailureMessage) { | ||
| throw new Error(sqliteInfraFailureMessage); | ||
| } |
There was a problem hiding this comment.
sqliteInfraFailureMessage stores only the message string, and the early guard throws new Error(sqliteInfraFailureMessage), which loses the original InfrastructureSQLiteFullError name and stack context. Consider caching the actual Error instance (or at least preserving name) so follow-on failures are clearly categorized as infrastructure failures.
| double check our caddy version# QA Report: Nightly Workflow Fix Audit | ||
|
|
There was a problem hiding this comment.
The first line appears to have accidental text prepended to the markdown heading (double check our caddy version# QA Report...). This breaks the document title formatting and may fail markdown validation/rendering. Please restore the heading to a proper # QA Report: ... line and move any note text to its own paragraph below.
| double check our caddy version# QA Report: Nightly Workflow Fix Audit | |
| # QA Report: Nightly Workflow Fix Audit | |
| double check our caddy version |
| ## Try to build the requested Caddy v2.x tag (Renovate can update this ARG). | ||
| ## If the requested tag isn't available, fall back to a known-good v2.11.0-beta.2 build. | ||
| ARG CADDY_VERSION=2.11.0-beta.2 | ||
| ## If the requested tag isn't available, fall back to a known-good v2.11.1 build. | ||
| ARG CADDY_VERSION=2.11.1 |
There was a problem hiding this comment.
The comment says “If the requested tag isn't available, fall back …”, but ARG CADDY_VERSION=2.11.1 is a single default value and this Dockerfile section doesn’t implement a fallback mechanism by itself. To avoid misleading future edits, either adjust the comment to describe the actual behavior (default pin) or add an explicit fallback strategy where the version is resolved.
| Compatibility rollout for Caddy `2.11.1` is already reflected in the build | ||
| default (`Dockerfile` currently sets `ARG CADDY_VERSION=2.11.1`). | ||
|
|
||
| `Nightly Build & Package` currently has two active workflow failures that must | ||
| be fixed together in one minimal-scope PR: | ||
| This plan is now focused on rollout verification and regression-proofing, not | ||
| changing the default ARG. |
There was a problem hiding this comment.
The PR title suggests this is primarily a Caddy version bump, but this plan section shifts focus to rollout verification gates and the PR also includes substantial E2E/test/workflow reliability changes. Consider updating the PR title/description to reflect the broader scope so reviewers don’t miss the non-version-impacting changes.
| for (let attempt = 0; attempt < 3; attempt += 1) { | ||
| const status = await readImportStatus(page); | ||
| if (!status.hasPending) { | ||
| return; | ||
| } | ||
|
|
||
| await issuePendingSessionCancel(page, status.sessionId); | ||
|
|
||
| await expect | ||
| .poll(async () => { | ||
| const next = await readImportStatus(page); | ||
| return next.hasPending; | ||
| }, { | ||
| timeout: 3000, | ||
| }) | ||
| .toBeFalsy(); | ||
| } |
There was a problem hiding this comment.
clearPendingImportSession() loops up to 3 times, but expect.poll(...).toBeFalsy() will throw on timeout, which exits the function on the first failed poll and prevents subsequent attempts. If the intent is to retry cancel/status checks, catch poll failures and continue (or remove the loop and rely on a single poll with an appropriate timeout).
| for (let attempt = 0; attempt < 3; attempt += 1) { | |
| const status = await readImportStatus(page); | |
| if (!status.hasPending) { | |
| return; | |
| } | |
| await issuePendingSessionCancel(page, status.sessionId); | |
| await expect | |
| .poll(async () => { | |
| const next = await readImportStatus(page); | |
| return next.hasPending; | |
| }, { | |
| timeout: 3000, | |
| }) | |
| .toBeFalsy(); | |
| } | |
| const status = await readImportStatus(page); | |
| if (!status.hasPending) { | |
| return; | |
| } | |
| await issuePendingSessionCancel(page, status.sessionId); | |
| await expect | |
| .poll(async () => { | |
| const next = await readImportStatus(page); | |
| return next.hasPending; | |
| }, { | |
| // Original implementation attempted up to 3 × 3000 ms polls; use a single 9000 ms window instead. | |
| timeout: 9000, | |
| }) | |
| .toBeFalsy(); |
No description provided.