17 Commits

Author	SHA1	Message	Date
Colin	2907277b52	Disable trivy-image scan, clean up debug output ... - Comment out trivy-image step (scanning stale images, needs investigation) - Remove debug output from build-image and trivy-fs	2026-01-23 20:55:35 -05:00
Colin	0386e7b44c	Fix YAML parsing - replace colons in echo statements	2026-01-23 20:17:59 -05:00
Colin	2ea5e878e9	Fix: use npm ci in Dockerfile to respect package-lock.json ... - Changed npm install to npm ci --omit=dev - Removed unnecessary mocha install (dev dependency) - Added debug output to build-image and trivy-image steps	2026-01-23 20:16:30 -05:00
Colin	78646afe4e	Add debug output to trivy-fs scan	2026-01-23 20:14:13 -05:00
Colin	5e6fbcad3d	Add lockfile version verification to trivy-fs step	2026-01-23 20:13:40 -05:00
Colin	4f58b92a31	Fix lockfile-check: use temp dir to avoid node_modules race ... - Check mode now works in isolated temp directory - Removed dependency on test step (not needed) - No longer touches workspace node_modules	2026-01-23 20:09:08 -05:00
Colin	11f1b46055	Fix CI: handle missing package-lock.json gracefully ... Fall back to npm install if package-lock.json doesn't exist	2026-01-23 20:05:15 -05:00
Colin	b70949e904	Fix lockfile script for Alpine Linux compatibility ... - Change shebang from bash to sh (POSIX-compliant) - Auto-detect hash command (sha256sum/shasum) - Use sh explicitly in CI step	2026-01-23 20:03:54 -05:00
Colin	a4b6db6a22	Fix security vulnerabilities and add lockfile refresh automation ... - Regenerate package-lock.json to apply npm overrides (glob, mime, tar) - Add refresh-lockfile.sh script for automated lock file management - Add lockfile-check CI step to catch stale lock files - Add npm run refresh:lockfile convenience script	2026-01-23 19:58:43 -05:00
Colin	83fe4ad161	fix: make scan-unused depend on test to avoid parallel node_modules race ... Both steps were running in parallel and competing for the same node_modules directory, causing ENOTEMPTY errors.	2026-01-23 19:49:38 -05:00
Colin	9bc853ed58	fix: clean node_modules before npm ci to avoid ENOTEMPTY error ... CI was failing because npm ci couldn't remove stale node_modules directory. Explicitly removing it first ensures a clean install.	2026-01-23 19:48:10 -05:00
Colin	edc1680f1c	Add unused code/dependency scanning with knip and depcheck ... Adds automated scanning for unused files, exports, and dependencies: - New CI step (scan-unused) in Woodpecker pipeline - Pre-push git hook blocks pushes if unused code detected - npm scripts: scan:unused, scan:deps - Config files for knip and depcheck to handle dynamic imports	2026-01-23 09:04:57 -05:00
Colin	63de9cfd84	Remove intermediate hastebin:test tag, build directly to registry path	2026-01-21 10:32:39 -05:00
Colin	259c2fe731	Build directly to final registry tag and update all references	2026-01-21 10:32:09 -05:00
Colin	90c10e1896	Install curl in CI test step for HTTP tests	2026-01-21 10:27:32 -05:00
Colin	95d9982973	Remove fallback error handling from image push - fail fast if credentials missing	2026-01-21 10:22:41 -05:00
Colin	618a2c1ff7	Security improvements and local testing scripts ... - Fix Dockerfile to run as non-root user (node) for security - Fix phonetic key generator to always start with consonant (test fix) - Add local security scanning scripts (SBOM, Trivy) - Update test script to exclude security tests from mocha - Add npm scripts for security scans - Update .gitignore for generated files - Update Woodpecker CI to use modern Trivy syntax and push images	2026-01-21 10:21:55 -05:00