Release v1.1.40 (#1559)#1561
Merged
Merged
Conversation
Sync main into dev after v1.1.39 release (xencon#1545)
Three deleted lambda/ commits contain non-existent Slack webhook URLs that trigger false positives in full-history local scans. Allowlisted by commit SHA -- CI is unaffected (fetch-depth: 1). Fixes xencon#1548
…torical-slack-webhook-commits Allowlist historical Slack webhook commits in gitleaks config (xencon#1548)
- .pre-commit-config.yaml: add gitleaks v8.21.2 hook (uses .gitleaks.toml) - scripts/checks/check-environment.sh: add check_pre_commit, check_gitleaks, check_git_cliff functions - docs/developer/pre-commit-setup.md: document gitleaks hook in hook table Fixes xencon#1550
…precommit-and-check-env-tooling Add gitleaks pre-commit hook and check-env tooling checks (xencon#1550)
- lib/core/env_check.sh: add 'Checking developer tooling...' section with warning-only checks for pre-commit, gitleaks, and git-cliff - Missing tools warn with install instructions; exit code unaffected Fixes xencon#1552
…ooling-in-check-env Surface developer tooling checks in aixcl utils check-env (xencon#1552)
- .pre-commit-config.yaml: add check-generated-files and check-agents at commit stage; check-paths, security-tests, lib-tests at push stage - tests/run-security-tests.sh: thin wrapper for pre-push hook and CI parity - tests/run-lib-tests.sh: thin wrapper for pre-push hook and CI parity - docs/developer/pre-commit-setup.md: document commit vs push stage split Fixes xencon#1554
…g-ci-checks-into-precommit Wire remaining CI checks into pre-commit and pre-push hooks (xencon#1554)
- vault-init.sh: detect split state (initialized but keys missing) and self-heal by wiping aixcl-vault-data volume and re-initializing; replaces misleading 'Run: ./aixcl vault init to recover' error - utils.sh: move .security/ artefact deletion to AFTER volume removal to prevent split state if volume rm fails - vault-rekey.sh: new script implementing vault operator rekey flow -- generates new unseal key shares and GPG-encrypts to .security/ - vault.sh: wire 'rekey' subcommand and update help text Fixes xencon#1557
…it-state-prune-ordering-rekey Fix Vault split-state, prune ordering, and add unseal key rotation (xencon#1557)
- add v1.1.40 entry: vault split-state fix, prune ordering, rekey command, pre-commit CI/local parity, developer tooling checks - add missing v1.1.39 entry: housekeeping skill, gitleaks CI, Dependabot, git-cliff, app layer tests, OpenCode demotion Fixes xencon#1559
sbadakhc
added
component:infrastructure
2 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Release v1.1.40. Updates CHANGELOG.md with the v1.1.40 entry and the missing v1.1.39 entry.
Fixes #1559
What's in this release
Vault reliability
CI/local parity
Also in v1.1.39 (backfilling missing CHANGELOG entry)
Discussion
Change Checklist