Release v1.1.41 (#1574)#1575
Merged
Merged
Conversation
The chmod 600 calls in service_utils.sh and engine.sh were inside creation-only guards, so .env files created before the original fix retained 644 permissions permanently. Move chmod outside the guard so it runs unconditionally whenever .env is present. Fixes xencon#1562
…permissions-on-existing-installs Fix .env permissions not corrected on existing installations (xencon#1562)
Sync main into dev after v1.1.40 release (xencon#1565)
…kills - .gitleaks.toml: add pgadmin-servers.json to paths allowlist -- runtime file triggers false positive on --no-git disk scans - cut-release skill: mandate check-pr-references.sh before gh pr create, add force-push race check, add trailing-whitespace retry pattern - housekeeping skill: add --no-git disk scan note to Check 9, add git ls-files --error-unmatch note to Check 8 Fixes xencon#1567
…in-servers-json Harden release skills and fix gitleaks pgadmin false positive (xencon#1567)
- lib/core/common.sh: add 'podman info | grep rootless: true' fallback in is_rootless() -- Go template fields .Host.ServiceIsRootless and .Host.Rootless do not exist on this Podman version, causing false positive 'Root container engine' warning in check-env - scripts/runtime/openwebui-entrypoint.sh: replace 'exec su -m webui' with 'exec setpriv --reuid --regid --clear-groups' so PID 1 becomes the non-root uvicorn process (setpriv execs directly; su forks and retains PID 1 as root) - pgadmin entrypoint unchanged: PID 1 is already gunicorn at UID 5050 Fixes xencon#1569
…detection-and-container-users Fix rootless detection false positive and open-webui non-root PID 1 (xencon#1569)
…tall docs - lib/core/env_check.sh: add yamllint check to developer tooling section - .pre-commit-config.yaml: bump shellcheck-py rev v0.10.0.1 -> v0.11.0.1 to match local brew (0.11.0) and CI (ludeeus 2.0.0) - .github/workflows/documentation-checks.yml: pin yamllint==1.35.1 to match pre-commit rev and prevent unpinned pip install drift - README.md: add gitleaks 8.21.2 and git-cliff 2.13.1 install steps to Contributors CI tools section -- previously undocumented Fixes xencon#1571
…-fixes Comprehensive developer tooling audit fixes (xencon#1571)
sbadakhc
added
component:infrastructure
4 tasks
…cancel races Fixes xencon#1576
…tion-double-trigger Fix pr-validation double-trigger blocking release merges (xencon#1576)
sbadakhc
force-pushed
the
issue-1574/release-v1-1-41
branch
from
64c83f3 to
b1336da
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release v1.1.41
Fixes #1574
Retrospective discussion: #1573
What's in this release
Fixed
suwithsetprivso uvicorn (UID 1000) is PID 1. Closes [BUG] is_rootless() false positive on Podman and pgadmin/open-webui run as root in container #1569.Changed