Skip to content

release: promote develop → main (v0.4.0 — auth + client provisioning, cluster doctor) (#106) #107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saadqbal merged 15 commits into from
Jun 24, 2026
Merged

release: promote develop → main (v0.4.0 — auth + client provisioning, cluster doctor) (#106) #107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
1f715c8
ci(security): add public-repo PII gate caller (#81)
LukasWodka Jun 17, 2026
99c6c28
ci: add concurrency cancellation + job timeouts to cli CI (#82)
LukasWodka Jun 17, 2026
d5a7c3f
Merge pull request #79 from tracebloc/chore/sync-ingest-schema
LukasWodka Jun 18, 2026
c6e80df
fix(dataset rm): delete staging files from a uid-65532 pod, not jobs-…
LukasWodka Jun 18, 2026
6b259cd
feat(#88): tracebloc cluster doctor — live-cluster health checks (WS3…
saadqbal Jun 18, 2026
b85f52e
refactor(cli P1): CategorySpec registry — one source for category dis…
LukasWodka Jun 19, 2026
393edc0
feat(#90): cluster doctor — node-fit + image-pull checks (WS3 follow-…
saadqbal Jun 19, 2026
e322613
feat(cli): auth scaffold — login/logout/auth status + config + backen…
LukasWodka Jun 19, 2026
7a38c82
feat(cli): client create / list / use commands (#84) (#92)
LukasWodka Jun 22, 2026
4d3a00e
chore(schema): re-vendor ingest.v1.json from data-ingestors (fix drif…
LukasWodka Jun 24, 2026
937a304
feat(cli): client create reads the cluster anchor — idempotent get-or…
LukasWodka Jun 24, 2026
722d2cf
feat(cli): client create --credential-file — write the credential for…
LukasWodka Jun 24, 2026
f7bc32b
fix(cli/api): address Bugbot findings on the v0.4.0 RC (#106) (#108)
saadqbal Jun 24, 2026
3881746
fix(cli/push): address round-2 Bugbot findings on the v0.4.0 RC (#106…
saadqbal Jun 24, 2026
818db1c
fix: proactive v0.4.0 RC review — fix 4 findings, document 3 non-issu…
saadqbal Jun 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,13 @@ on:
permissions:
contents: read

concurrency:
group: build-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
schema-drift:
timeout-minutes: 10
name: Schema drift check
# Verifies the embedded internal/schema/ingest.v1.json matches
# tracebloc/data-ingestors' master. A green PR that silently
Expand All @@ -30,6 +35,7 @@ jobs:
run: ./scripts/sync-schema.sh --check

test:
timeout-minutes: 15
name: Test
runs-on: ubuntu-latest
steps:
Expand All @@ -52,6 +58,7 @@ jobs:
run: go test -race -cover ./...

lint:
timeout-minutes: 10
name: Lint
runs-on: ubuntu-latest
steps:
Expand Down Expand Up @@ -103,6 +110,7 @@ jobs:
misspell -error .
build:
timeout-minutes: 20
name: Build (${{ matrix.os }}/${{ matrix.arch }})
runs-on: ubuntu-latest
strategy:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,13 @@ on:
permissions:
contents: read

concurrency:
group: e2e-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
integration:
timeout-minutes: 30
name: Integration (kind)
runs-on: ubuntu-latest
# Skip on PRs that aren't explicitly opted in via the `e2e` label;
Expand Down
14 changes: 14 additions & 0 deletions .github/workflows/public-pii-gate-caller.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Public PII gate

# Per-repo caller for the public-repo PII gate. Blocks PRs whose title/body/
# commits contain a denylisted customer/partner name or known secret.
# Logic lives in tracebloc/.github/.github/workflows/public-pii-gate.yml.

on:
pull_request:
types: [opened, edited, reopened, synchronize, labeled, unlabeled]

jobs:
pii-gate:
uses: tracebloc/.github/.github/workflows/public-pii-gate.yml@main
secrets: inherit
7 changes: 7 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,13 @@ permissions:
contents: write # create / update the GitHub Release
id-token: write # cosign keyless OIDC

concurrency:
group: release-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
release:
timeout-minutes: 20
name: Build + sign + publish
runs-on: ubuntu-latest
strategy:
Expand Down Expand Up @@ -158,6 +163,7 @@ jobs:
if-no-files-found: error

publish:
timeout-minutes: 20
name: Aggregate + create GitHub Release
runs-on: ubuntu-latest
needs: release
Expand Down Expand Up @@ -220,6 +226,7 @@ jobs:
# add a HOMEBREW_TAP_TOKEN repo secret with write access to
# tracebloc/homebrew-tap) when that repo exists.
bump-homebrew-tap:
timeout-minutes: 20
name: Bump Homebrew tap formula
runs-on: ubuntu-latest
needs: publish
Expand Down
Loading
Loading