Skip to content

feat: complete Phase 2 - API server, Dashboard, and CVE sync #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
chojuninengu merged 26 commits into from
Apr 28, 2026
Merged

feat: complete Phase 2 - API server, Dashboard, and CVE sync #5

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
4b94c20
feat: implement CVE synchronization module, database schema, and enha…
chojuninengu Apr 4, 2026
13a8c80
feat: implement scan history page, enable settings navigation, and ad…
chojuninengu Apr 4, 2026
f549a1b
feat: add manual refresh and error handling to scan history UI, incre…
chojuninengu Apr 4, 2026
ccdb699
feat: implement dynamic AI model fetching and configuration in the se…
chojuninengu Apr 4, 2026
b0a5718
feat: implement document scanning integration, add configurable API U…
chojuninengu Apr 4, 2026
df0f513
feat: add Zenvra sidebar webview for scanner interface and command ma…
chojuninengu Apr 4, 2026
090bd2d
feat: add settings navigation command and update extension activation…
chojuninengu Apr 4, 2026
a754524
chore: bump version to v0.1.1-rc.2 with SSE real-time streaming
chojuninengu Apr 4, 2026
9ea9fee
feat: add success notification and active configuration badge to AI s…
chojuninengu Apr 5, 2026
fe140bf
refactor: implement shared AI configuration store and add SSE replay …
chojuninengu Apr 6, 2026
9f9ce16
feat: implement OSV sync service, add dynamic API base URL configurat…
chojuninengu Apr 6, 2026
7253d4d
style: apply consistent code formatting and cleanup across multiple c…
chojuninengu Apr 6, 2026
0c20bdc
refactor: improve error handling type safety and add keyed each block…
chojuninengu Apr 6, 2026
37b85bb
refactor: update eslint config for svelte files and improve type safe…
chojuninengu Apr 6, 2026
5acb8c7
fix: resolve lint errors, improve OSV sync, and finalize CI/CD
chojuninengu Apr 6, 2026
31932d2
fix(vscode): resolve lint errors and packaging issues
chojuninengu Apr 6, 2026
0b7c343
fix: resolve final lint errors in web and vscode
chojuninengu Apr 6, 2026
c9ecbb2
refactor: improve error handling, add JSON validation for NVD sync, u…
chojuninengu Apr 6, 2026
2f34dee
feat: implement workspace scanning with real-time SSE updates and add…
chojuninengu Apr 11, 2026
4fad9e9
chore: add env config guide and verify SAST engine end-to-end
chojuninengu Apr 16, 2026
fc003d0
fix: resolve security audit failures and update dependencies
chojuninengu Apr 16, 2026
1f73707
fix: update dependencies to resolve npm audit vulnerabilities
chojuninengu Apr 16, 2026
33d87a3
Changes before error encountered
Copilot Apr 28, 2026
dd8e5e8
feat: Phase 3 polish - live dashboard, explanation persistence, works…
Copilot Apr 28, 2026
5ca0757
refactor: extract none_if_empty helper and RESULTS_CACHE_TTL_SECS con…
Copilot Apr 28, 2026
08d77ca
Merge pull request #6 from Cameroon-Developer-Network/copilot/verify-…
chojuninengu Apr 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 40 additions & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
pull_request:
branches: [main, develop]
push:
branches: [develop]
branches: [main, develop]

concurrency:
group: ci-${{ github.ref }}
Expand Down Expand Up @@ -132,3 +132,42 @@ jobs:
- name: npm audit (web)
working-directory: apps/web
run: pnpm install --frozen-lockfile && pnpm audit --audit-level=high

# ─── Deploy (Latest) ──────────────────────────────────────────────────────
deploy:
name: Deploy — Build & Push (Latest)
needs: [rust, web, vscode, audit]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Build and push API (latest)
uses: docker/build-push-action@v5
with:
context: .
file: crates/server/Dockerfile
push: true
tags: ghcr.io/${{ github.repository }}-api:latest
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Build and push Web (latest)
uses: docker/build-push-action@v5
with:
context: ./apps/web
push: true
tags: ghcr.io/${{ github.repository }}-web:latest
cache-from: type=gha
cache-to: type=gha,mode=max
Comment on lines +157 to +174
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Potential :latest tag conflict with release.yml.

Both this deploy job and the docker-publish job in release.yml push :latest tags to the same image names (ghcr.io/${{ github.repository }}-api:latest and -web:latest). When a release tag is pushed to main, both workflows may run concurrently, causing race conditions on the :latest tag.

Consider one of these approaches:

  1. Use a different tag here (e.g., :main or :edge) to distinguish CI builds from releases
  2. Add a condition to skip this job when a version tag is present
  3. Remove the :latest tag push from one of the workflows
Option 1: Use distinct tag for CI builds 
      - name: Build and push API (latest)
        uses: docker/build-push-action@v5
        with:
          context: .
          file: crates/server/Dockerfile
          push: true
-          tags: ghcr.io/${{ github.repository }}-api:latest
+          tags: ghcr.io/${{ github.repository }}-api:edge
          cache-from: type=gha
          cache-to: type=gha,mode=max

      - name: Build and push Web (latest)
        uses: docker/build-push-action@v5
        with:
          context: ./apps/web
          push: true
-          tags: ghcr.io/${{ github.repository }}-web:latest
+          tags: ghcr.io/${{ github.repository }}-web:edge
          cache-from: type=gha
          cache-to: type=gha,mode=max
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 156 - 173, The CI workflow's Docker
steps "Build and push API (latest)" and "Build and push Web (latest)" push
:latest tags that conflict with the release.yml docker-publish job; update these
steps to avoid the race by either (A) changing the tags from ghcr.io/${{
github.repository }}-api:latest and -web:latest to a CI-specific tag like :main
or :edge, or (B) adding a condition to these jobs to skip when a Git tag event
is present (e.g., check github.ref for refs/tags), or (C) remove the push of the
:latest tag here and keep it only in release.yml—apply the chosen change to both
the API and Web docker/build-push-action steps so tags do not collide.

57 changes: 57 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ jobs:
runs-on: ubuntu-latest
permissions:
contents: write
packages: write
steps:
- uses: actions/checkout@v4

Expand All @@ -30,3 +31,59 @@ jobs:
generate_release_notes: true
draft: false
prerelease: ${{ contains(github.ref, '-beta') || contains(github.ref, '-alpha') }}

docker-publish:
name: Build & publish images
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract metadata (API)
id: meta-api
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}-api
tags: |
type=semver,pattern={{version}}
type=raw,value=latest,enable=${{ !contains(github.ref, '-') }}

- name: Build and push Zenvra API
uses: docker/build-push-action@v5
with:
context: .
file: crates/server/Dockerfile
push: true
tags: ${{ steps.meta-api.outputs.tags }}
labels: ${{ steps.meta-api.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Extract metadata (Web)
id: meta-web
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository }}-web
tags: |
type=semver,pattern={{version}}
type=raw,value=latest,enable=${{ !contains(github.ref, '-') }}

- name: Build and push Zenvra Web
uses: docker/build-push-action@v5
with:
context: ./apps/web
push: true
tags: ${{ steps.meta-web.outputs.tags }}
labels: ${{ steps.meta-web.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,3 +32,4 @@ coverage
.idea
*.swp
*.swo
deploy-ghcr.sh
Loading
Loading