Skip to content

Commit 117fd51

Browse files
authored
Merge pull request #754 from Wikid82/feature/beta-release
Enable and test Gotify and Custom Webhook notifications
2 parents 4b9508a + b66ba3a commit 117fd51

167 files changed

Lines changed: 11296 additions & 2974 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.docker/compose/docker-compose.dev.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@ services:
3232
#- CPM_SECURITY_RATELIMIT_ENABLED=false
3333
#- CPM_SECURITY_ACL_ENABLED=false
3434
- FEATURE_CERBERUS_ENABLED=true
35+
# Docker socket group access: copy docker-compose.override.example.yml
36+
# to docker-compose.override.yml and set your host's docker GID.
3537
volumes:
3638
- /var/run/docker.sock:/var/run/docker.sock:ro # For local container discovery
3739
- crowdsec_data:/app/data/crowdsec

.docker/compose/docker-compose.local.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@ services:
2727
- FEATURE_CERBERUS_ENABLED=true
2828
# Emergency "break-glass" token for security reset when ACL blocks access
2929
- CHARON_EMERGENCY_TOKEN=03e4682c1164f0c1cb8e17c99bd1a2d9156b59824dde41af3bb67c513e5c5e92
30+
# Docker socket group access: copy docker-compose.override.example.yml
31+
# to docker-compose.override.yml and set your host's docker GID.
3032
extra_hosts:
3133
- "host.docker.internal:host-gateway"
3234
cap_add:
Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
# Docker Compose override — copy to docker-compose.override.yml to activate.
2+
#
3+
# Use case: grant the container access to the host Docker socket so that
4+
# Charon can discover running containers.
5+
#
6+
# 1. cp docker-compose.override.example.yml docker-compose.override.yml
7+
# 2. Uncomment the service that matches your compose file:
8+
# - "charon" for docker-compose.local.yml
9+
# - "app" for docker-compose.dev.yml
10+
# 3. Replace <GID> with the output of: stat -c '%g' /var/run/docker.sock
11+
# 4. docker compose up -d
12+
13+
services:
14+
# Uncomment for docker-compose.local.yml
15+
charon:
16+
group_add:
17+
- "<GID>" # e.g. "988" — run: stat -c '%g' /var/run/docker.sock
18+
volumes:
19+
- /var/run/docker.sock:/var/run/docker.sock:ro
20+
21+
# Uncomment for docker-compose.dev.yml
22+
app:
23+
group_add:
24+
- "<GID>" # e.g. "988" — run: stat -c '%g' /var/run/docker.sock
25+
volumes:
26+
- /var/run/docker.sock:/var/run/docker.sock:ro

.docker/compose/docker-compose.playwright-ci.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,7 @@ services:
8585
- playwright_data:/app/data
8686
- playwright_caddy_data:/data
8787
- playwright_caddy_config:/config
88+
- /var/run/docker.sock:/var/run/docker.sock:ro # For container discovery in tests
8889
healthcheck:
8990
test: ["CMD", "curl", "-sf", "http://localhost:8080/api/v1/health"]
9091
interval: 5s
@@ -111,6 +112,7 @@ services:
111112
volumes:
112113
- playwright_crowdsec_data:/var/lib/crowdsec/data
113114
- playwright_crowdsec_config:/etc/crowdsec
115+
- /var/run/docker.sock:/var/run/docker.sock:ro # For container discovery in tests
114116
healthcheck:
115117
test: ["CMD", "cscli", "version"]
116118
interval: 10s

.docker/compose/docker-compose.playwright-local.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,8 @@ services:
4949
# True tmpfs for E2E test data - fresh on every run, in-memory only
5050
# mode=1777 allows any user to write (container runs as non-root)
5151
- /app/data:size=100M,mode=1777
52+
volumes:
53+
- /var/run/docker.sock:/var/run/docker.sock:ro # For container discovery in tests
5254
healthcheck:
5355
test: ["CMD-SHELL", "curl -fsS http://localhost:8080/api/v1/health || exit 1"]
5456
interval: 5s

.docker/docker-entrypoint.sh

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -27,30 +27,24 @@ get_group_by_gid() {
2727
}
2828

2929
create_group_with_gid() {
30-
local gid="$1"
31-
local name="$2"
32-
3330
if command -v addgroup >/dev/null 2>&1; then
34-
addgroup -g "$gid" "$name" 2>/dev/null || true
31+
addgroup -g "$1" "$2" 2>/dev/null || true
3532
return
3633
fi
3734

3835
if command -v groupadd >/dev/null 2>&1; then
39-
groupadd -g "$gid" "$name" 2>/dev/null || true
36+
groupadd -g "$1" "$2" 2>/dev/null || true
4037
fi
4138
}
4239

4340
add_user_to_group() {
44-
local user="$1"
45-
local group="$2"
46-
4741
if command -v addgroup >/dev/null 2>&1; then
48-
addgroup "$user" "$group" 2>/dev/null || true
42+
addgroup "$1" "$2" 2>/dev/null || true
4943
return
5044
fi
5145

5246
if command -v usermod >/dev/null 2>&1; then
53-
usermod -aG "$group" "$user" 2>/dev/null || true
47+
usermod -aG "$2" "$1" 2>/dev/null || true
5448
fi
5549
}
5650

@@ -142,8 +136,15 @@ if [ -S "/var/run/docker.sock" ] && is_root; then
142136
fi
143137
fi
144138
elif [ -S "/var/run/docker.sock" ]; then
145-
echo "Note: Docker socket mounted but container is running non-root; skipping docker.sock group setup."
146-
echo " If Docker discovery is needed, run with matching group permissions (e.g., --group-add)"
139+
DOCKER_SOCK_GID=$(stat -c '%g' /var/run/docker.sock 2>/dev/null || echo "unknown")
140+
echo "Note: Docker socket mounted (GID=$DOCKER_SOCK_GID) but container is running non-root; skipping docker.sock group setup."
141+
echo " If Docker discovery is needed, add 'group_add: [\"$DOCKER_SOCK_GID\"]' to your compose service."
142+
if [ "$DOCKER_SOCK_GID" = "0" ]; then
143+
if [ "${ALLOW_DOCKER_SOCK_GID_0:-false}" != "true" ]; then
144+
echo "⚠️ WARNING: Docker socket GID is 0 (root group). group_add: [\"0\"] grants root-group access."
145+
echo " Set ALLOW_DOCKER_SOCK_GID_0=true to acknowledge this risk."
146+
fi
147+
fi
147148
else
148149
echo "Note: Docker socket not found. Docker container discovery will be unavailable."
149150
fi
@@ -191,7 +192,7 @@ if command -v cscli >/dev/null; then
191192
echo "Initializing persistent CrowdSec configuration..."
192193

193194
# Check if .dist has content
194-
if [ -d "/etc/crowdsec.dist" ] && [ -n "$(ls -A /etc/crowdsec.dist 2>/dev/null)" ]; then
195+
if [ -d "/etc/crowdsec.dist" ] && find /etc/crowdsec.dist -mindepth 1 -maxdepth 1 -print -quit 2>/dev/null | grep -q .; then
195196
echo "Copying config from /etc/crowdsec.dist..."
196197
if ! cp -r /etc/crowdsec.dist/* "$CS_CONFIG_DIR/"; then
197198
echo "ERROR: Failed to copy config from /etc/crowdsec.dist"
@@ -208,7 +209,7 @@ if command -v cscli >/dev/null; then
208209
exit 1
209210
fi
210211
echo "✓ Successfully initialized config from .dist directory"
211-
elif [ -d "/etc/crowdsec" ] && [ ! -L "/etc/crowdsec" ] && [ -n "$(ls -A /etc/crowdsec 2>/dev/null)" ]; then
212+
elif [ -d "/etc/crowdsec" ] && [ ! -L "/etc/crowdsec" ] && find /etc/crowdsec -mindepth 1 -maxdepth 1 -print -quit 2>/dev/null | grep -q .; then
212213
echo "Copying config from /etc/crowdsec (fallback)..."
213214
if ! cp -r /etc/crowdsec/* "$CS_CONFIG_DIR/"; then
214215
echo "ERROR: Failed to copy config from /etc/crowdsec (fallback)"
@@ -248,7 +249,7 @@ if command -v cscli >/dev/null; then
248249
echo "Expected: /etc/crowdsec -> /app/data/crowdsec/config"
249250
echo "This indicates a critical build-time issue. Symlink must be created at build time as root."
250251
echo "DEBUG: Directory check:"
251-
ls -la /etc/ | grep crowdsec || echo " (no crowdsec entry found)"
252+
find /etc -mindepth 1 -maxdepth 1 -name '*crowdsec*' -exec ls -ld {} \; 2>/dev/null || echo " (no crowdsec entry found)"
252253
exit 1
253254
fi
254255

.github/agents/Backend_Dev.agent.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@
22
name: 'Backend Dev'
33
description: 'Senior Go Engineer focused on high-performance, secure backend implementation.'
44
argument-hint: 'The specific backend task from the Plan (e.g., "Implement ProxyHost CRUD endpoints")'
5-
tools: vscode/extensions, vscode/getProjectSetupInfo, vscode/installExtension, vscode/memory, vscode/openIntegratedBrowser, vscode/runCommand, vscode/askQuestions, vscode/vscodeAPI, execute, read, agent, 'github/*', 'github/*', 'io.github.goreleaser/mcp/*', edit, search, web, 'github/*', 'playwright/*', todo, vscode.mermaid-chat-features/renderMermaidDiagram, github.vscode-pull-request-github/issue_fetch, github.vscode-pull-request-github/labels_fetch, github.vscode-pull-request-github/notification_fetch, github.vscode-pull-request-github/doSearch, github.vscode-pull-request-github/activePullRequest, github.vscode-pull-request-github/openPullRequest, ms-azuretools.vscode-containers/containerToolsConfig, ms-python.python/getPythonEnvironmentInfo, ms-python.python/getPythonExecutableCommand, ms-python.python/installPythonPackage, ms-python.python/configurePythonEnvironment, ''
5+
tools: vscode/extensions, vscode/getProjectSetupInfo, vscode/installExtension, vscode/memory, vscode/runCommand, vscode/vscodeAPI, execute/getTerminalOutput, execute/awaitTerminal, execute/killTerminal, execute/runTask, execute/createAndRunTask, execute/runTests, execute/runNotebookCell, execute/testFailure, execute/runInTerminal, read/terminalSelection, read/terminalLastCommand, read/getTaskOutput, read/getNotebookSummary, read/problems, read/readFile, read/readNotebookCellOutput, agent/askQuestions, agent/runSubagent, browser/openBrowserPage, edit/createDirectory, edit/createFile, edit/createJupyterNotebook, edit/editFiles, edit/editNotebook, edit/rename, search/changes, search/codebase, search/fileSearch, search/listDirectory, search/searchResults, search/textSearch, search/searchSubagent, search/usages, web/fetch, github/add_comment_to_pending_review, github/add_issue_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, github/add_comment_to_pending_review, github/add_issue_comment, github/add_reply_to_pull_request_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_pull_request_with_copilot, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_copilot_job_status, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, io.github.goreleaser/mcp/check, playwright/browser_click, playwright/browser_close, playwright/browser_console_messages, playwright/browser_drag, playwright/browser_evaluate, playwright/browser_file_upload, playwright/browser_fill_form, playwright/browser_handle_dialog, playwright/browser_hover, playwright/browser_install, playwright/browser_navigate, playwright/browser_navigate_back, playwright/browser_network_requests, playwright/browser_press_key, playwright/browser_resize, playwright/browser_run_code, playwright/browser_select_option, playwright/browser_snapshot, playwright/browser_tabs, playwright/browser_take_screenshot, playwright/browser_type, playwright/browser_wait_for, github/add_comment_to_pending_review, github/add_issue_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, github/add_reply_to_pull_request_comment, github/create_pull_request_with_copilot, github/get_copilot_job_status, microsoftdocs/mcp/microsoft_code_sample_search, microsoftdocs/mcp/microsoft_docs_fetch, microsoftdocs/mcp/microsoft_docs_search, mcp-refactor-typescript/code_quality, mcp-refactor-typescript/file_operations, mcp-refactor-typescript/refactoring, mcp-refactor-typescript/workspace, todo, vscode.mermaid-chat-features/renderMermaidDiagram, github.vscode-pull-request-github/issue_fetch, github.vscode-pull-request-github/labels_fetch, github.vscode-pull-request-github/notification_fetch, github.vscode-pull-request-github/doSearch, github.vscode-pull-request-github/activePullRequest, github.vscode-pull-request-github/pullRequestStatusChecks, github.vscode-pull-request-github/openPullRequest, ms-azuretools.vscode-containers/containerToolsConfig, ms-python.python/getPythonEnvironmentInfo, ms-python.python/getPythonExecutableCommand, ms-python.python/installPythonPackage, ms-python.python/configurePythonEnvironment
6+
67

7-
model: GPT-5.3-Codex (copilot)
88
target: vscode
99
user-invocable: true
1010
disable-model-invocation: false

.github/agents/DevOps.agent.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,8 @@
22
name: 'DevOps'
33
description: 'DevOps specialist for CI/CD pipelines, deployment debugging, and GitOps workflows focused on making deployments boring and reliable'
44
argument-hint: 'The CI/CD or infrastructure task (e.g., "Debug failing GitHub Action workflow")'
5-
tools: vscode/extensions, vscode/getProjectSetupInfo, vscode/installExtension, vscode/memory, vscode/openIntegratedBrowser, vscode/runCommand, vscode/askQuestions, vscode/vscodeAPI, execute, read, agent, 'github/*', 'github/*', 'io.github.goreleaser/mcp/*', edit, search, web, 'github/*', 'playwright/*', todo, vscode.mermaid-chat-features/renderMermaidDiagram, github.vscode-pull-request-github/issue_fetch, github.vscode-pull-request-github/labels_fetch, github.vscode-pull-request-github/notification_fetch, github.vscode-pull-request-github/doSearch, github.vscode-pull-request-github/activePullRequest, github.vscode-pull-request-github/openPullRequest, ms-azuretools.vscode-containers/containerToolsConfig, ms-python.python/getPythonEnvironmentInfo, ms-python.python/getPythonExecutableCommand, ms-python.python/installPythonPackage, ms-python.python/configurePythonEnvironment, ''
5+
tools: vscode/extensions, vscode/getProjectSetupInfo, vscode/installExtension, vscode/memory, vscode/runCommand, vscode/vscodeAPI, execute/getTerminalOutput, execute/awaitTerminal, execute/killTerminal, execute/runTask, execute/createAndRunTask, execute/runTests, execute/runNotebookCell, execute/testFailure, execute/runInTerminal, read/terminalSelection, read/terminalLastCommand, read/getTaskOutput, read/getNotebookSummary, read/problems, read/readFile, read/readNotebookCellOutput, agent/askQuestions, agent/runSubagent, browser/openBrowserPage, edit/createDirectory, edit/createFile, edit/createJupyterNotebook, edit/editFiles, edit/editNotebook, edit/rename, search/changes, search/codebase, search/fileSearch, search/listDirectory, search/searchResults, search/textSearch, search/searchSubagent, search/usages, web/fetch, github/add_comment_to_pending_review, github/add_issue_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, github/add_comment_to_pending_review, github/add_issue_comment, github/add_reply_to_pull_request_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_pull_request_with_copilot, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_copilot_job_status, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, io.github.goreleaser/mcp/check, playwright/browser_click, playwright/browser_close, playwright/browser_console_messages, playwright/browser_drag, playwright/browser_evaluate, playwright/browser_file_upload, playwright/browser_fill_form, playwright/browser_handle_dialog, playwright/browser_hover, playwright/browser_install, playwright/browser_navigate, playwright/browser_navigate_back, playwright/browser_network_requests, playwright/browser_press_key, playwright/browser_resize, playwright/browser_run_code, playwright/browser_select_option, playwright/browser_snapshot, playwright/browser_tabs, playwright/browser_take_screenshot, playwright/browser_type, playwright/browser_wait_for, github/add_comment_to_pending_review, github/add_issue_comment, github/assign_copilot_to_issue, github/create_branch, github/create_or_update_file, github/create_pull_request, github/create_repository, github/delete_file, github/fork_repository, github/get_commit, github/get_file_contents, github/get_label, github/get_latest_release, github/get_me, github/get_release_by_tag, github/get_tag, github/get_team_members, github/get_teams, github/issue_read, github/issue_write, github/list_branches, github/list_commits, github/list_issue_types, github/list_issues, github/list_pull_requests, github/list_releases, github/list_tags, github/merge_pull_request, github/pull_request_read, github/pull_request_review_write, github/push_files, github/request_copilot_review, github/search_code, github/search_issues, github/search_pull_requests, github/search_repositories, github/search_users, github/sub_issue_write, github/update_pull_request, github/update_pull_request_branch, github/add_reply_to_pull_request_comment, github/create_pull_request_with_copilot, github/get_copilot_job_status, microsoftdocs/mcp/microsoft_code_sample_search, microsoftdocs/mcp/microsoft_docs_fetch, microsoftdocs/mcp/microsoft_docs_search, mcp-refactor-typescript/code_quality, mcp-refactor-typescript/file_operations, mcp-refactor-typescript/refactoring, mcp-refactor-typescript/workspace, todo, vscode.mermaid-chat-features/renderMermaidDiagram, github.vscode-pull-request-github/issue_fetch, github.vscode-pull-request-github/labels_fetch, github.vscode-pull-request-github/notification_fetch, github.vscode-pull-request-github/doSearch, github.vscode-pull-request-github/activePullRequest, github.vscode-pull-request-github/pullRequestStatusChecks, github.vscode-pull-request-github/openPullRequest, ms-azuretools.vscode-containers/containerToolsConfig, ms-python.python/getPythonEnvironmentInfo, ms-python.python/getPythonExecutableCommand, ms-python.python/installPythonPackage, ms-python.python/configurePythonEnvironment
66

7-
model: GPT-5.3-Codex (copilot)
87
target: vscode
98
user-invocable: true
109
disable-model-invocation: false

0 commit comments

Comments
 (0)