mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
59bf72dc49
* feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose - Add ConfigMap template rendering DLP, response scanning, MCP input/tool scanning, and forward proxy settings from values - Mount ConfigMap as /etc/pipelock/pipelock.yaml volume in deployment - Add checksum/config annotation for automatic pod restart on config change - Gate HTTPS_PROXY/HTTP_PROXY env injection on forwardProxy.enabled (skip in MCP-only mode) - Use hasKey for all boolean values to prevent Helm default swallowing false - Single source of truth for ports (forwardProxy.port/mcpProxy.port) - Pipelock-specific imagePullSecrets with fallback to app secrets - Merge standalone compose.example.pipelock.yml into compose.example.ai.yml - Add pipelock.example.yaml for Docker Compose users - Add exclude-paths to CI workflow for locale file false positives * Add CHANGELOG entry for Pipelock security proxy integration * Missed v0.6.8 release --------- Co-authored-by: Juan José Mata <jjmata@jjmata.com>
27 lines
523 B
YAML
27 lines
523 B
YAML
name: Pipelock Security Scan
|
|
|
|
on:
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
security-scan:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Pipelock Scan
|
|
uses: luckyPipewrench/pipelock@v1
|
|
with:
|
|
scan-diff: 'true'
|
|
fail-on-findings: 'true'
|
|
test-vectors: 'false'
|
|
exclude-paths: |
|
|
config/locales/views/reports/
|