60652e96b4
containerfile: consolidate to single alpine image
2026-01-21 12:17:47 +01:00
79a4d1d0ea
docs: add k1s quick deploy section
2026-01-21 10:35:11 +01:00
70d9a7f9f7
tests: remove name field assertion from index test
2026-01-21 10:18:01 +01:00
b78d033192
ci: trigger workflow
2026-01-21 10:05:03 +01:00
fec9e22bb3
api: remove name field from index endpoint
2026-01-20 23:33:41 +01:00
9777cbb053
bump version to 1.5.2
2026-01-20 08:41:22 +01:00
f5f2f8f363
containerfile: remove vendored jaraco from setuptools, purge pip cache
2026-01-20 08:28:26 +01:00
5a05af4764
containerfile: use --no-deps to prevent jaraco.context downgrade
2026-01-20 08:25:16 +01:00
329563f4b9
containerfile: force reinstall jaraco.context to fix GHSA-58pv
2026-01-20 08:23:53 +01:00
66d7948073
containerfile: consolidate security pins in requirements.txt
2026-01-20 08:20:55 +01:00
677cdff58d
containerfile: upgrade base image pip and jaraco.context
2026-01-20 08:19:41 +01:00
aba81f908e
containerfile: force upgrade pip and jaraco.context post-install
2026-01-20 08:16:49 +01:00
e4b313041e
containerfile: pin pip>=25.3 to fix CVE-2025-8869
2026-01-20 08:12:22 +01:00
9c4c907f75
fpaste: add configurable endpoint prefix
...
- Add endpoint config key (FLASKPASTE_ENDPOINT env var)
- Add build_url() helper for URL construction
- Change default server to https://paste.mymx.me
- Support endpoint prefix in config file
2026-01-19 23:58:42 +01:00
0f5742ccc2
containerfile: switch slim image to alpine base
...
Debian distroless had 5 critical CVEs (unfixed in Debian 12).
Alpine has active security patches and smaller footprint.
2026-01-19 23:58:34 +01:00
54190487c8
kubernetes: use slim distroless image
2026-01-19 23:04:06 +01:00
10c94f29dd
ci: fix vuln count to exclude header line
2026-01-19 22:58:58 +01:00
89b019d7df
ci: fix vuln count parsing in harbor scan
2026-01-19 22:54:42 +01:00
9302939890
ci: fix harbor-ctl scan/vulns command syntax
2026-01-19 22:49:18 +01:00
c81988fc1a
ci: add delay before harbor scan for image indexing
2026-01-19 22:47:02 +01:00
46875fba0c
ci: fresh run
2026-01-19 22:36:09 +01:00
1d90de95ac
ci: retrigger after runner fix
2026-01-19 22:24:45 +01:00
adb3d39d71
ci: retrigger build
2026-01-19 21:56:21 +01:00
5c97d76021
ci: add hypothesis fuzz testing job
2026-01-19 19:54:33 +01:00
a206c9939c
ci: build and push slim image variant
2026-01-19 19:52:57 +01:00
fc7d3df308
add distroless slim container image
2026-01-19 19:52:56 +01:00
756d83e066
api: remove prefix from index response
2026-01-19 19:40:04 +01:00
402df5f535
quadlet: remove /paste prefix for root deployment
2026-01-19 19:38:50 +01:00
af1f53137f
config: serve at paste.mymx.me root instead of /paste prefix
...
Migrate from harbor.mymx.me/paste to dedicated paste.mymx.me host.
2026-01-18 20:27:12 +01:00
48094c0bee
ci: add Harbor vulnerability scan after image push
2026-01-18 17:23:19 +01:00
e0310339ee
docs: update for k3s deployment and harbor.mymx.me
2026-01-18 17:07:49 +01:00
435661ae38
kubernetes: update harbor url and health probe paths
...
- use harbor.mymx.me instead of old internal IP
- fix liveness/readiness probes to use /health endpoint
2026-01-18 16:54:59 +01:00
ee0e1211a6
containerfile: remove vendored jaraco.context dist-info
...
setuptools vendors jaraco.context 5.3.0 internally; Trivy detects
this even with 6.1.0 installed separately. Remove the vendored
dist-info to silence the false positive.
2026-01-18 16:29:41 +01:00
278ad73778
containerfile: fix jaraco.context CVE and consolidate
...
- explicitly install jaraco.context>=6.1.0 in runtime stage
to override vendored copy in setuptools (GHSA-58pv-8j8x-9vj2)
- remove redundant installs from builder (requirements.txt
already pins setuptools>=80.0 and jaraco.context>=6.1.0)
- consolidate runtime pip install into single command
- remove redundant comments
2026-01-18 12:09:53 +01:00
cc1bba9a57
container: upgrade system setuptools to fix jaraco.context CVE
2026-01-18 11:12:17 +01:00
6c0e2ab07f
container: use apt instead of apt-get
2026-01-18 10:46:47 +01:00
ba0e591dda
container: clean apt caches and upgrade setuptools for CVE fix
2026-01-18 10:44:24 +01:00
eb60193348
ci: use Containerfile for image build
2026-01-18 10:30:26 +01:00
80edae3e63
ci: run build-push on host instead of container
2026-01-18 10:26:13 +01:00
195752fe75
ci: fix test file references and hardcoded paths
...
- Remove non-existent test_mime_detection.py from unit tests
- Use relative paths in security tests for container compatibility
2026-01-18 10:23:31 +01:00
3be2fd6cf6
tests: fix mypy type errors in security tests
2026-01-18 10:18:09 +01:00
97bf955820
tests: fix ruff lint errors in security tests
2026-01-18 10:04:27 +01:00
661dab4a81
ci: add container image build and push to harbor
2026-01-18 09:57:32 +01:00
9eee14e918
docs: update harbor integration status and remove hardcoded credentials
2026-01-18 09:57:27 +01:00
0fc45587cd
deps: pin transitive dependencies for security fixes
...
- urllib3>=2.6.3 (CVE-2025-43859)
- jaraco.context>=6.1.0 (GHSA-58pv-8j8x-9vj2)
- setuptools>=80.0 (vendored jaraco.context)
reduces High vulnerabilities from 6 to 3
2026-01-18 09:16:08 +01:00
a736bce346
docs: add kubernetes deployment guide
2026-01-17 16:27:56 +01:00
7812af2e47
docs: add harbor registry guide
2026-01-17 16:27:51 +01:00
9b1cddd7f1
kubernetes: use NodePort for external access
...
- change service type from ClusterIP to NodePort (30500)
- enables HAProxy routing from mymx to k8s cluster
2026-01-17 16:27:44 +01:00
f6a69b0b55
add Kubernetes deployment manifest
2026-01-17 13:59:01 +01:00
b9f0283a3b
add Podman Quadlet deployment
...
- flaskpaste.container for rootless systemd integration
- UserNS mapping for bind mount permissions
- README updated with deployment instructions
2026-01-17 13:58:52 +01:00
Username