shithub Public

Notifications Fork 0 Star 0

Commits

trunk
Switch branches/tags
s50/cross-cutting scratch trunk default
mfwolffe
mfwolffe
View commits for all users
Until May 10, 2026
June 2026
Su Mo Tu We Th Fr Sa
31 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 1 2 3 4
5 6 7 8 9 10 11
Clear Today

Commits on May 10, 2026

  1. Add org repositories page
    mfwolffe committed
    392e063
  2. Fix duplicate migration versions
    mfwolffe committed
    970ad46
  3. Fix editor lint findings
    mfwolffe committed
    944629e
  4. docs/actions: document runner API and counters (S41c)
    mfwolffe committed
    3ff1cc1
  5. api/runners: accept job logs status and artifacts (S41c)
    mfwolffe committed
    b70f1f2
  6. api/runners: heartbeat claims queued jobs (S41c)
    mfwolffe committed
    e85a1c4
  7. cmd/admin: register and revoke actions runners (S41c)
    mfwolffe committed
    ce48194
  8. actions/runnerjwt: add single-use job token foundation (S41c)
    mfwolffe committed
    ef73d0c
  9. Document in-app file editing
    mfwolffe committed
    5ac31a3
  10. Wire in-app file editor UI
    mfwolffe committed
    0056ee6
  11. Add web file commit service
    mfwolffe committed
    dd2218d
  12. Fix source remote migration markers
    mfwolffe committed
    7f1654e
  13. Renumber source remote migration
    mfwolffe committed
    75af66b
  14. Document source remote imports
    mfwolffe committed
    b6160a3
  15. Use source remotes for submodule backfill
    mfwolffe committed
    93270f2
  16. Import repos from source remotes
    mfwolffe committed
    9b4cf0d
  17. Store repository source remotes
    mfwolffe committed
    0b94e81
  18. actions/secrets: fix store test lint (S41c)
    mfwolffe committed
    e18aa98
  19. Document README presentation chrome
    mfwolffe committed
    7e1f3b6
  20. Align README chrome with GitHub
    mfwolffe committed
    ea2e141
  21. web: add actions secrets and variables settings (S41c)
    mfwolffe committed
    59d5619
  22. actions/variables: store orchestrator and tests (S41c)
    mfwolffe committed
    1bfb40f
  23. actions/secrets: store test suite — 10 cases covering encryption + scope + citext (S41c) 
    - TestSet_RoundTripsThroughSecretbox: set → get → plaintext matches.
  - TestSet_OverwriteOnSameName: UPSERT semantics.
  - TestSet_InvalidNameRejected: regex enforcement (5 bad names).
  - TestSet_EmptyValueRejected: nil/empty plaintext.
  - TestSet_InvalidScopeRejected: zero AND both-set scope.
  - TestList_NamesAndMetadataOnly: load-bearing — listing has no
    plaintext or ciphertext exposed; the public surface can't leak.
  - TestDelete_RemovesRow + TestDelete_MissingIsIdempotent.
  - TestGet_CitextNameIsCaseInsensitive: pins citext semantics.
  - TestCiphertext_IsActuallyEncryptedInDB: the spec called this out
    explicitly. Reads the bytea column directly via SQL and asserts
    the plaintext substring doesn't appear anywhere — would catch a
    silent regression to plaintext-storage.
    mfwolffe committed
    a2030db
  24. actions/secrets: store orchestrator with secretbox round-trip (S41c) 
    Set/Get/List/Delete over workflow_secrets. Plaintext is sealed via
internal/auth/secretbox (ChaCha20Poly1305 AEAD) before INSERT;
ciphertext + nonce live in the bytea columns. Plaintext never lives
in postgres.

Scope is a small XOR struct (RepoID xor OrgID); the table CHECK
mirrors it. Helpers RepoScope/OrgScope keep the XOR honest at call
sites — no struct-literal traps.

Public API:
  Deps.Set(ctx, scope, name, plaintext, createdBy) error
  Deps.Get(ctx, scope, name) ([]byte, error)
  Deps.List(ctx, scope) ([]Meta, error)         — names+metadata, no value
  Deps.Delete(ctx, scope, name) error            — idempotent

Get() is for the runner-side claim resolver only (S41c-2). Web UI
consumes List() — public listing surface deliberately can't reach
plaintext or ciphertext.

Errors mapped:
  ErrInvalidScope — programmer error (zero or both scope fields)
  ErrInvalidName  — name regex/length cap mismatch (mirrors DB CHECK)
  ErrEmptyValue   — empty plaintext (operators usually mean delete)
  ErrNotFound     — no row for (scope, name)
    mfwolffe committed
    5d52b2e
  25. Backfill relative GitHub submodules
    mfwolffe committed
    6a4cb28
  26. Document org settings profile behavior
    mfwolffe committed
    14f0d34
  27. Align org settings profile UI
    mfwolffe committed
    34b69a1
  28. Add org settings profile mutations
    mfwolffe committed
    b507608
  29. Backfill GitHub submodule targets
    mfwolffe committed
    ddcd3b5
  30. actions/trigger + scripts: gofumpt + drop unused placeholder + lint-unused bash 3.2 shim (S41b) 
    - gofumpt fixes across the trigger package + dispatch handler
  - drop the stale 'startedAtNow' placeholder var in enqueue.go that
    the lint-unused script flagged as a dead 'silence unused import'
    shim (it was originally a hint for S41c+, but never used)
  - scripts/lint-unused.sh: ${ALLOWED_FILES[@]:-} so an empty
    array doesn't trip set -u under macOS bash 3.2
    mfwolffe committed
    7c9dd0d