ci: bump actions/setup-go from 5 to 6#5
Open
dependabot[bot] wants to merge 44 commits into
Open
Conversation
Auto-generated documentation version from release refs/tags/v0.0.6 - Added version 0.0.6 to versions.json - Created versioned_docs/version-0.0.6/ - Created versioned_sidebars/version-0.0.6-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.7 - Added version 0.0.7 to versions.json - Created versioned_docs/version-0.0.7/ - Created versioned_sidebars/version-0.0.7-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.8 - Added version 0.0.8 to versions.json - Created versioned_docs/version-0.0.8/ - Created versioned_sidebars/version-0.0.8-sidebars.json
Auto-generated documentation version from release refs/tags/v0.0.11 - Added version 0.0.11 to versions.json - Created versioned_docs/version-0.0.11/ - Created versioned_sidebars/version-0.0.11-sidebars.json
Auto-updated version files from release refs/tags/v0.0.11 - Updated Chart.yaml version to 0.0.11 - Updated package.json version to 0.0.11
…refresh Backend: atomic RetryOnConflict balance read-modify-write; Deduct returns post-write balance; preserve OverdueAt across deductions; scheduler panic-recovery + jitter; apiServer.replicaCount=1 stopgap vs duplicate billing; K8s client QPS/Burst 50/100; first backend unit tests (calculateCost / Recharge / Deduct / grace / concurrent recharge). Frontend: route-level React.lazy + Vite manualChunks (echarts split out of main bundle); top-level ErrorBoundary; shared getApiErrorMessage; drop unused @ant-design/pro-components; UI version injected from package.json; remove stray console.log. Docs/site: emoji -> Tabler-style inline SVG icons; interactive vector ProductShowcase; corrected install docs (OCI charts/bison, /healthz, OpenCost ns/keys, replicaCount, bison-api/bison-web); 1200x630 social card + SEO meta; reduced-motion particle bg; features.md accuracy; docs/optimization-roadmap.md. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…billing) Lease-based leader election (internal/leader) runs the singleton billing/auto-recharge/alert scheduler on exactly one replica; scheduler made re-startable with tests; replicaCount restored to 2; LEADER_ELECTION_ENABLED toggle; coordination.k8s.io/leases RBAC added. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Auth Secret reuses existing JWT key and admin password on helm upgrade via lookup, instead of regenerating with randAlphaNum every render (which rotated the JWT key and admin password on every upgrade). Fresh installs still auto-generate. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…pare Per-IP login limiter (5 fails / 5min -> 15min lockout, 429 + Retry-After) blocks admin-password brute force; crypto/subtle constant-time username+password comparison removes the timing side channel; limiter unit tests added. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
CORS_ALLOWED_ORIGINS env restricts cross-origin requests to an allowlist (echoes matching origin + Vary + Allow-Credentials); unset preserves prior wildcard behavior for backward compatibility. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…illed timestamp ProcessBilling gates on a persisted lastBilledAt so a cycle runs only after ~the configured interval elapsed, preventing the hourly tick from over-billing when interval>1h and preventing restart re-billing. First run sets a baseline. Timestamp write is conflict-retried; round-trip test added. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
CalculateDailyConsumption divides by the actual deduction-activity span (capped 7d, floored 0.5d) instead of a fixed 7 days, and fetches up to 400 records so a full week of hourly deductions isn't truncated. Recharges/out-of-window excluded. Tests added. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…oad prices once GET /teams no longer runs a discarded OpenCost query per team. Billing/report cost computation resolves the price table once per operation (loadPrices + costFromPrices) instead of reading the resource-config ConfigMap per allocation row. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
OpenCost allocation queries wrapped in a 30s TTL cache that coalesces concurrent identical queries (window/aggregate/filter), cutting duplicate dashboard/billing load. Errors not cached. Self-contained, race-tested, no new dependency. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…b build Release workflow gains a Test & Lint Gate (go vet/fmt/build/test -race + web npm ci/lint/vitest/build) that the publish chain needs, so broken code cannot be released. Declared tslib (phantom dep of echarts-for-react, previously provided by removed pro-components) and synced package-lock so npm ci is reproducible. gofmt applied across api-server. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…nal deps macOS-generated lockfile omits @rollup/rollup-linux-x64-gnu; npm install resolves platform binaries on the Linux runner. Matches the web-ui Dockerfile. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
When AUTH_ENABLED=true the server refuses to start with an empty/default JWT_SECRET or empty/admin ADMIN_PASSWORD, preventing forgeable tokens and the default password in production. Auth-disabled/local dev unaffected; Helm injects random persisted secrets. Config validation tests added. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Replaced 13 duplicated err.response.data.error extraction sites with the shared getApiErrorMessage helper across ClusterNodes/TeamDetail/TeamCreate/Login/ResourceConfig. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
AuthProvider and ThemeProvider memoize their context value with useMemo instead of allocating a new object each render, avoiding cascading consumer re-renders (incl. the antd ConfigProvider subtree). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added values.schema.json so Helm type-checks values at install time (catches e.g. string replicaCount) and kubeVersion >=1.22 so unsupported clusters fail fast. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added optional PodDisruptionBudget, HorizontalPodAutoscaler (deployment drops replicas when HPA on), and NetworkPolicy (api-server ingress from web-ui + release ns). All off by default; values.schema.json extended. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Added Dependabot for gomod/npm(web-ui,website)/github-actions/docker, and .dockerignore for api-server and web-ui to shrink build context and improve reproducibility. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/setup-go from 5 to 6.
Release notes
Sourced from actions/setup-go's releases.
... (truncated)
Commits
4a36011docs: fix Microsoft build of Go link (#734)8f19afcfeat: add go-download-base-url input for custom Go distributions (#721)27fdb26Bump minimatch from 3.1.2 to 3.1.5 (#727)def8c39Rearrange README.md, add advanced-usage.md (#724)4b73464Fix golang download url to go.dev (#469)a5f9b05Update default Go module caching to use go.mod (#705)7a3fe6cBump qs from 6.14.0 to 6.14.1 (#703)b9adafdBump actions/checkout from 5 to 6 (#686)d73f6bcREADME.md: correct to actions/checkout@v6 (#683)ae252eeBump@actions/cacheto v5 (#695)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)