You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
* fix(apt): honor DryRun in Clean() to prevent silent destructive ops
Previously, Clean() executed `apt autoclean` regardless of the DryRun
option, silently defeating the safety mechanism users expect from
dry-run mode. The YUM/Snap/Flatpak Clean implementations on main
already honored DryRun; APT now matches that behavior.
Add the early-return guard immediately after nil-opts defaulting
(matching the pattern at yum/yum.go:467, snap/snap.go:295,
flatpak/flatpak.go:300). Move context creation below the guard so the
DryRun path doesn't allocate an unused context.
Regression tests cover three contracts:
- Clean(DryRun=true) makes zero underlying command calls
- Clean(DryRun=false) does invoke `apt autoclean` (guards against
the fix being implemented as a blanket no-op)
- Clean(nil) preserves the existing nil-opts default behavior
This is security-relevant: a user testing with `--dry-run` on shared
or production hosts could trigger cache cleanup unexpectedly.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* ci(docker): make test failures propagate + harden test-all service
The compose test entrypoints used `bash -c` with `&&` chains and
trailing `|| true` on fixture-generation steps. Due to bash operator
precedence, the trailing `|| true` caught failures from earlier in
the chain — including `go test` itself — letting failed tests pass
CI silently while only the (allowed-to-fail) fixture-generation step
appeared to succeed.
Switch to `bash -ec` with explicit `;` separators for required steps:
- Required commands (go test, apt update) abort the script on
non-zero exit (set -e via -e flag)
- Fixture-generation lines retain `|| true` so they remain
individually allowed to fail
- Statements use `;` instead of `&&` so set -e can actually trigger
on intermediate failures (set -e doesn't apply to commands inside
`&&` lists except the final command)
Applied to ubuntu-apt-test, rockylinux-yum-test, almalinux-yum-test.
Defense-in-depth on the test-all aggregator service:
- read_only: true (it only runs an echo, no writes needed)
- security_opt: [no-new-privileges:true]
The required services (apt/yum tests) need write access for fixture
generation and don't get these constraints.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* docs(changelog): add v0.1.7 entry
Document the APT Clean DryRun safety fix, the docker-compose exit
code propagation fix, the test-all defense-in-depth hardening, the
PackageInfo JSON tags change (#40), and the go.mod toolchain version
fix (#40).
Also picks up pre-commit-mandated cleanup of pre-existing trailing
whitespace and missing trailing newline.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* ci(docker): apply review feedback on test-all hardening
Three small follow-ups to the test-all aggregator service from PR #67
review:
- depends_on switched to long-form with `condition: service_completed_successfully`
for each dependent service. The short form only waited for dependents
to *start*, so test-all's `echo` could finish in milliseconds and abort
the compose run (--abort-on-container-exit) before the real tests
reported failure. Same class of CI-honesty bug the bash -ec change in
this same release fixes one layer up. (gemini-code-assist HIGH)
- /workspace bind mount made read-only (`:ro`). test-all only runs an
echo, so the mount doesn't need write access. Defense-in-depth
consistent with the existing read_only and security_opt. (CodeRabbit)
- Quoted "no-new-privileges:true" to eliminate YAML-parser ambiguity
around `key:value` parsing while preserving Docker's documented form.
(gemini-code-assist SECURITY-MEDIUM)
Verified via `docker compose config`: depends_on shows long-form with
condition: service_completed_successfully; read_only: true on the bind
mount; security_opt preserves the documented form.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* ci(docker): switch to --abort-on-container-failure to stop killing slow tests
`--abort-on-container-exit` aborts the compose run when ANY container
exits — success or failure. With multi-service runs (`make test-docker`,
`make test-docker-all`), the FASTEST test container's success would
kill the slower siblings mid-test, masking failures and skipping most
of the matrix. Long-form depends_on on `test-all` from the prior
commit only addressed the test-all → dependents race; the test
containers race against each other was still there.
Switch to `--abort-on-container-failure` (Docker Compose v2.12+) which
aborts only when a container exits non-zero. Now multi-service runs
wait for all test containers to finish, fail fast on actual failure,
and surface real CI signal.
Applied uniformly across test-docker, test-docker-{ubuntu,rocky,alma},
test-fixtures, and the commented-out future targets.
Catch from chatgpt-codex-connector P1 review on PR #67.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
* ci(docker): use Compose v2 syntax (`docker compose`) for new flag
Docker Compose v1 (`docker-compose`, the standalone Python binary)
was EOL'd June 2023 and does not support `--abort-on-container-failure`
introduced in the prior commit. With the Makefile invoking the legacy
hyphenated form, environments still using v1 would have all the
`make test-docker*` targets fail before any tests run.
Switch all 8 invocations from `docker-compose ...` to `docker compose ...`
(v2 plugin / standalone v2 binary). Filenames containing `docker-compose`
(e.g. `docker-compose.test.yml`) are unchanged.
Verified locally: `make test-docker-ubuntu` exits 0 with the v2 command.
Catch from chatgpt-codex-connector P2 review on PR #67.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: CHANGELOG.md
+18-5Lines changed: 18 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
8
8
## [Unreleased]
9
9
10
+
## [0.1.7] - 2026-05-10
11
+
12
+
### Security
13
+
-**APT `Clean()` now respects `DryRun`**. Previously, `apt autoclean` executed regardless of the `DryRun` option, silently defeating the safety mechanism users expect from dry-run mode. The YUM/Snap/Flatpak Clean implementations already honored DryRun; APT now matches that behavior. Regression tests added in `manager/apt/apt_clean_dryrun_test.go`.
14
+
-**Docker test runners no longer mask test failures**. The compose entrypoints used `bash -c` with `&&` chains and trailing `|| true` on fixture-generation steps; due to bash operator precedence, the `|| true` caught failures from earlier in the chain (including `go test`), letting failed tests pass CI silently. Switched to `bash -ec` with explicit `;` separators so test failures abort immediately while fixture-generation steps remain individually allowed to fail.
15
+
- Added `read_only: true` and `no-new-privileges:true` to the `test-all` aggregator service for defense-in-depth.
16
+
17
+
### Changed
18
+
-**`PackageInfo` JSON output now uses snake_case field names** (e.g. `package_manager`, `new_version`, `additional_data`) instead of Go's default PascalCase. Required fields (`name`, `status`, `package_manager`) are always emitted; optional fields use `omitempty`. Consumers parsing JSON output must update field names. (#40, thanks @aijanai)
19
+
20
+
### Fixed
21
+
-`go.mod` now declares `go 1.23.0` (full version) instead of `go 1.23`, resolving Go toolchain download failures in some environments. (#40)
22
+
10
23
## [0.1.6] - 2025-11-01
11
24
12
25
### Added
@@ -37,14 +50,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
37
50
- Technical debt cleanup and APT Upgrade method fix
38
51
- APT Upgrade method now correctly uses `apt install` for specific packages
0 commit comments