dunglas / mercure / 25046991551

Builds Branch Commit Type Ran Committer Via Coverage
25046991551 main chore(examples/chat/chart): scope NetworkPolicy to Deployment pods (#1228) Tag the Deployment pods with `app.kubernetes.io/component: server` and select on it in the NetworkPolicy podSelector. The Helm test pod inherits selectorLabels via `<chart... push web-flow github
83.83
25046014503 chore/example-chat-np-scope-deployment chore(examples/chat/chart): scope NetworkPolicy to Deployment pods Tag the Deployment pods with `app.kubernetes.io/component: server` and select on it in the NetworkPolicy podSelector. The Helm test pod inherits selectorLabels via `<chart>.labels... Pull #1228 dunglas github
83.83
25045912896 main feat(chart): support readOnlyRootFilesystem out of the box (#1226) * feat(chart): mount /config and /tmp so readOnlyRootFilesystem works Caddy writes autosave config under XDG_CONFIG_HOME=/config, and /tmp is useful general-purpose scratch. Unti... push web-flow github
83.83
25044998569 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.83
25044181636 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.83
25044174714 main feat(examples/chat): bump deps + harden chart security context (#1227) * feat(examples/chat): bump deps + harden chart security context Refresh the demo chat to current Python and Flask versions, ship a hardened chart that runs as non-root on a ... push web-flow github
83.89
25043966155 feat/chart-readonly-rootfs fix(bolt): create the data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fails wit... Pull #1226 dunglas github
83.82
25043709645 feat/chat-example-deps-security review(chart): fail on empty parentRefs, allow same-ns egress, guard except - httproute.yaml: when httpRoute.enabled is true and parentRefs is empty, fail rendering with a clear message. An HTTPRoute without parentRefs is invalid. - networkpo... Pull #1227 dunglas github
83.89
25043640216 feat/chart-readonly-rootfs fix(caddy): create the bolt data directory if missing When the bolt transport's path resolves to a fresh emptyDir or PVC, the parent directory does not exist (the host image's pre-created `/data/caddy` is masked by the mount), and `bolt.Open` fai... Pull #1226 dunglas github
83.89
25043349067 feat/chat-example-deps-security review(chart): default pathType, allow same-ns NP ingress, gate HTTPRoute Carry over the same Copilot-flagged fixes from the uri-template-tester chart: - ingress.yaml: pathType is required for networking.k8s.io/v1 paths; default to Prefix when... Pull #1227 dunglas github
83.89
25043001581 feat/chart-readonly-rootfs feat(chart): mount /data, /config, and /tmp so readOnlyRootFilesystem works Caddy needs writable space at XDG_DATA_HOME=/data (transport state, e.g. BoltDB), XDG_CONFIG_HOME=/config (autosave.json), and a generic /tmp. Until now /data was only mo... Pull #1226 dunglas github
83.89
25042966184 feat/chat-example-deps-security feat(examples/chat): bump deps + harden chart security context Refresh the demo chat to current Python and Flask versions, ship a hardened chart that runs as non-root on a read-only rootfs, and add a Gateway API HTTPRoute alongside the Ingress. ... Pull #1227 dunglas github
83.89
25042875677 main docs(chart): document NET_BIND_SERVICE in the rootless securityContext example (#1225) * docs(chart): document NET_BIND_SERVICE in the rootless securityContext example The image's binary now carries cap_net_bind_service as a file capability (#12... push web-flow github
83.89
25042765635 feat/chart-readonly-rootfs feat(chart): mount /data, /config, and /tmp so readOnlyRootFilesystem works Caddy needs writable space at XDG_DATA_HOME=/data (transport state, e.g. BoltDB), XDG_CONFIG_HOME=/config (autosave.json), and a generic /tmp. Until now /data was only mo... Pull #1226 dunglas github
83.89
25041896142 feat/chart-rootless-securitycontext-example Update docs/hub/install.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: Kévin Dunglas <kevin@dunglas.fr> Pull #1225 web-flow github
83.89