dunglas / mercure / 25047470207

Builds Branch Commit Type Ran Committer Via Coverage
25047470207 feat/chart-network-policy feat(chart): add an opt-in NetworkPolicy template Lets operators restrict the hub pods' inbound and outbound traffic without templating their own NetworkPolicy outside the chart. Disabled by default (no behaviour change). When enabled with no ru... Pull #1229 dunglas github
83.83
25046991551 main chore(examples/chat/chart): scope NetworkPolicy to Deployment pods (#1228) Tag the Deployment pods with `app.kubernetes.io/component: server` and select on it in the NetworkPolicy podSelector. The Helm test pod inherits selectorLabels via `<chart... push web-flow github
83.83
25046014503 chore/example-chat-np-scope-deployment chore(examples/chat/chart): scope NetworkPolicy to Deployment pods Tag the Deployment pods with `app.kubernetes.io/component: server` and select on it in the NetworkPolicy podSelector. The Helm test pod inherits selectorLabels via `<chart>.labels... Pull #1228 dunglas github
83.83
25045912896 main feat(chart): support readOnlyRootFilesystem out of the box (#1226) * feat(chart): mount /config and /tmp so readOnlyRootFilesystem works Caddy writes autosave config under XDG_CONFIG_HOME=/config, and /tmp is useful general-purpose scratch. Unti... push web-flow github
83.83
25044998569 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.83
25044181636 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.83
25044174714 main feat(examples/chat): bump deps + harden chart security context (#1227) * feat(examples/chat): bump deps + harden chart security context Refresh the demo chat to current Python and Flask versions, ship a hardened chart that runs as non-root on a ... push web-flow github
83.89
25043966155 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.82
25043709645 feat/chat-example-deps-security review(chart): fail on empty parentRefs, allow same-ns egress, guard except - httproute.yaml: when httpRoute.enabled is true and parentRefs is empty, fail rendering with a clear message. An HTTPRoute without parentRefs is invalid. - networkpo... Pull #1227 dunglas github
83.89
25043640216 feat/chart-readonly-rootfs fix(caddy): create the bolt data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fai... Pull #1226 dunglas github
83.89
25043349067 feat/chat-example-deps-security review(chart): default pathType, allow same-ns NP ingress, gate HTTPRoute Carry over the same Copilot-flagged fixes from the uri-template-tester chart: - ingress.yaml: pathType is required for networking.k8s.io/v1 paths; default to Prefix when... Pull #1227 dunglas github
83.89
25043001581 feat/chart-readonly-rootfs feat(chart): mount /data, /config, and /tmp so readOnlyRootFilesystem works Caddy needs writable space at XDG_DATA_HOME=/data (transport state, e.g. BoltDB), XDG_CONFIG_HOME=/config (autosave.json), and a generic /tmp. Until now /data was only mo... Pull #1226 dunglas github
83.89
25042966184 feat/chat-example-deps-security feat(examples/chat): bump deps + harden chart security context Refresh the demo chat to current Python and Flask versions, ship a hardened chart that runs as non-root on a read-only rootfs, and add a Gateway API HTTPRoute alongside the Ingress. ... Pull #1227 dunglas github
83.89
25042875677 main docs(chart): document NET_BIND_SERVICE in the rootless securityContext example (#1225) * docs(chart): document NET_BIND_SERVICE in the rootless securityContext example The image's binary now carries cap_net_bind_service as a file capability (#12... push web-flow github
83.89
25042765635 feat/chart-readonly-rootfs feat(chart): mount /data, /config, and /tmp so readOnlyRootFilesystem works Caddy needs writable space at XDG_DATA_HOME=/data (transport state, e.g. BoltDB), XDG_CONFIG_HOME=/config (autosave.json), and a generic /tmp. Until now /data was only mo... Pull #1226 dunglas github
83.89