stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

consolidation of some of the modules, localization fixes, product advisories work, qa work

Browse Source
This commit is contained in:
master
2026-03-05 03:54:22 +02:00
parent 7bafcc3eef
commit 8e1cb9448d
3878 changed files with 72600 additions and 46861 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
.gitea/config/path-filters.yml
View File

@@ -144,14 +144,11 @@ modules:
dependencies:
- 'src/__Libraries/StellaOps.Plugin/**'
excititor:
source:
- 'src/Excititor/**'
tests:
- 'src/Excititor/__Tests/**'
workflows:
- 'vex-*.yml'
- 'export-*.yml'
# excititor: absorbed into concelier (Sprint 203)
# Source now lives under src/Concelier/StellaOps.Excititor.* and
# src/Concelier/__Libraries/StellaOps.Excititor.* -- covered by concelier paths above.
# feedser: absorbed into concelier (Sprint 203)
# Source now lives under src/Concelier/StellaOps.Feedser.* -- covered by concelier paths above.
vexlens:
source:
@@ -177,12 +174,6 @@ modules:
- 'src/__Libraries/StellaOps.Cryptography*/**'
- 'src/__Libraries/StellaOps.Plugin/**'
gateway:
source:
- 'src/Gateway/**'
tests:
- 'src/Gateway/__Tests/**'
router:
source:
- 'src/Router/**'
@@ -243,17 +234,18 @@ modules:
provenance:
source:
- 'src/Provenance/**'
- 'src/Attestor/StellaOps.Provenance.*/**'
tests:
- 'src/Provenance/__Tests/**'
- 'src/Attestor/__Tests/StellaOps.Provenance.*/**'
workflows:
- 'provenance-*.yml'
signer:
source:
- 'src/Signer/**'
- 'src/Attestor/StellaOps.Signer/**'
- 'src/Attestor/__Libraries/StellaOps.Signer.*/**'
tests:
- 'src/Signer/__Tests/**'
- 'src/Attestor/StellaOps.Signer/StellaOps.Signer.Tests/**'
dependencies:
- 'src/__Libraries/StellaOps.Cryptography*/**'
@@ -270,9 +262,9 @@ modules:
risk_engine:
source:
- 'src/RiskEngine/**'
- 'src/Findings/StellaOps.RiskEngine.*/**'
tests:
- 'src/RiskEngine/__Tests/**'
- 'src/Findings/__Tests/StellaOps.RiskEngine.*/**'
dependencies:
- 'src/__Libraries/StellaOps.Verdict/**'
@@ -296,29 +288,30 @@ modules:
workflows:
- 'notify-*.yml'
orchestrator:
jobengine:
source:
- 'src/Orchestrator/**'
- 'src/JobEngine/**'
tests:
- 'src/Orchestrator/__Tests/**'
- 'src/JobEngine/StellaOps.JobEngine/StellaOps.JobEngine.Tests/**'
# scheduler, task_runner, packs_registry consolidated under JobEngine domain (Sprint 208)
scheduler:
source:
- 'src/Scheduler/**'
- 'src/JobEngine/StellaOps.Scheduler.*/**'
tests:
- 'src/Scheduler/__Tests/**'
- 'src/JobEngine/StellaOps.Scheduler.__Tests/**'
task_runner:
source:
- 'src/TaskRunner/**'
- 'src/JobEngine/StellaOps.TaskRunner*/**'
tests:
- 'src/TaskRunner/__Tests/**'
- 'src/JobEngine/StellaOps.TaskRunner.__Tests/**'
packs_registry:
source:
- 'src/PacksRegistry/**'
- 'src/JobEngine/StellaOps.PacksRegistry*/**'
tests:
- 'src/PacksRegistry/__Tests/**'
- 'src/Orchestrator/StellaOps.PacksRegistry.__Tests/**'
workflows:
- 'packs-*.yml'
@@ -375,6 +368,15 @@ modules:
- 'aoc-*.yml'
# Integration
integrations:
source:
- 'src/Integrations/**'
tests:
- 'src/Integrations/__Tests/**'
# Note: __Extensions/ contains non-.NET IDE plugins (TypeScript/Kotlin)
# that do not participate in .NET CI. Separate CI would be needed for
# npm/gradle builds if required.
cli:
source:
- 'src/Cli/**'
@@ -393,9 +395,12 @@ modules:
issuer_directory:
source:
- 'src/IssuerDirectory/**'
- 'src/Authority/StellaOps.IssuerDirectory/**'
- 'src/Authority/__Libraries/StellaOps.IssuerDirectory.Persistence/**'
- 'src/Authority/__Libraries/StellaOps.IssuerDirectory.Client/**'
tests:
- 'src/IssuerDirectory/__Tests/**'
- 'src/Authority/__Tests/StellaOps.IssuerDirectory.Persistence.Tests/**'
- 'src/Authority/StellaOps.IssuerDirectory/StellaOps.IssuerDirectory.Core.Tests/**'
mirror:
source:
@@ -413,13 +418,7 @@ modules:
workflows:
- 'advisory-*.yml'
symbols:
source:
- 'src/Symbols/**'
tests:
- 'src/Symbols/__Tests/**'
workflows:
- 'symbols-*.yml'
# symbols: merged into binary_index (Sprint 202)
graph:
source:

2
.gitea/scripts/release/generate_changelog.py
View File

@@ -47,7 +47,7 @@ MODULE_PATTERNS = {
"Policy": r"src/Policy/",
"Signer": r"src/Signer/",
"Excititor": r"src/Excititor/",
"Gateway": r"src/Gateway/",
"Router": r"src/Router/",
"Scheduler": r"src/Scheduler/",
"CLI": r"src/Cli/",
"Orchestrator": r"src/Orchestrator/",

2
.gitea/scripts/validate/validate-migrations.sh
View File

@@ -168,7 +168,7 @@ MIGRATION_PATHS=(
["ExportCenter"]="src/ExportCenter/StellaOps.ExportCenter/StellaOps.ExportCenter.Infrastructure/Db/Migrations"
["IssuerDirectory"]="src/IssuerDirectory/StellaOps.IssuerDirectory/StellaOps.IssuerDirectory.Storage.Postgres/Migrations"
["Orchestrator"]="src/Orchestrator/StellaOps.Orchestrator/StellaOps.Orchestrator.Infrastructure/migrations"
["TimelineIndexer"]="src/TimelineIndexer/StellaOps.TimelineIndexer/StellaOps.TimelineIndexer.Infrastructure/Db/Migrations"
["TimelineIndexer"]="src/Timeline/__Libraries/StellaOps.TimelineIndexer.Infrastructure/Db/Migrations"
["BinaryIndex"]="src/BinaryIndex/__Libraries/StellaOps.BinaryIndex.Persistence/Migrations"
["Unknowns"]="src/Unknowns/__Libraries/StellaOps.Unknowns.Storage.Postgres/Migrations"
["VexHub"]="src/VexHub/__Libraries/StellaOps.VexHub.Storage.Postgres/Migrations"

2
.gitea/workflows-archived/build-test-deploy.yml
View File

@@ -221,7 +221,7 @@ jobs:
- name: Run TimelineIndexer tests (EB1 evidence linkage gate)
run: |
mkdir -p "$TEST_RESULTS_DIR"
dotnet test src/TimelineIndexer/StellaOps.TimelineIndexer/StellaOps.TimelineIndexer.sln \
dotnet test src/Timeline/__Tests/StellaOps.TimelineIndexer.Tests/StellaOps.TimelineIndexer.Tests.csproj \
--configuration $BUILD_CONFIGURATION \
--logger "trx;LogFileName=timelineindexer-tests.trx" \
--results-directory "$TEST_RESULTS_DIR"

95
.gitea/workflows/supply-chain-hardening.yml Normal file
View File

@@ -0,0 +1,95 @@
name: Supply Chain Hardening
on:
pull_request:
paths:
- 'tests/supply-chain/**'
- 'src/Scanner/**'
- 'src/Attestor/**'
- 'src/BinaryIndex/**'
- '.gitea/workflows/supply-chain-hardening.yml'
push:
branches:
- main
paths:
- 'tests/supply-chain/**'
- 'src/Scanner/**'
- 'src/Attestor/**'
- 'src/BinaryIndex/**'
- '.gitea/workflows/supply-chain-hardening.yml'
schedule:
- cron: '15 3 * * *'
workflow_dispatch:
inputs:
profile:
description: 'Execution profile'
required: false
default: 'smoke'
type: choice
options:
- smoke
- nightly
jobs:
hardening-suite:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.12'
- name: Resolve profile
shell: bash
run: |
PROFILE="smoke"
RETENTION_DAYS="14"
if [ "${{ github.event_name }}" = "schedule" ]; then
PROFILE="nightly"
RETENTION_DAYS="30"
elif [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ github.event.inputs.profile }}" ]; then
PROFILE="${{ github.event.inputs.profile }}"
if [ "$PROFILE" = "nightly" ]; then
RETENTION_DAYS="30"
fi
fi
echo "SUPPLY_CHAIN_PROFILE=${PROFILE}" >> "$GITHUB_ENV"
echo "SUPPLY_CHAIN_RETENTION_DAYS=${RETENTION_DAYS}" >> "$GITHUB_ENV"
- name: Run deterministic supply-chain suite
shell: bash
run: |
python tests/supply-chain/run_suite.py \
--profile "${SUPPLY_CHAIN_PROFILE}" \
--seed 20260226 \
--output out/supply-chain
- name: Quality gate
shell: bash
run: |
python - <<'PY'
import json
from pathlib import Path
summary = json.loads(Path("out/supply-chain/summary.json").read_text(encoding="utf-8"))
failed = [lane for lane in summary["lanes"] if lane["returnCode"] != 0]
if failed:
raise SystemExit(f"Supply-chain hardening failed lanes: {failed}")
fuzz_report = json.loads(Path("out/supply-chain/02-schema-fuzz/report.json").read_text(encoding="utf-8"))
if fuzz_report["counts"]["crash"] != 0:
raise SystemExit(f"Fuzz crash count must be zero, got {fuzz_report['counts']['crash']}")
print("Quality gate passed")
PY
- name: Upload hardening artifacts
uses: actions/upload-artifact@v4
with:
name: supply-chain-hardening-${{ github.run_id }}
path: out/supply-chain
retention-days: ${{ env.SUPPLY_CHAIN_RETENTION_DAYS }}