Skip to content

feat: Add Docker testing, enhanced audit output, and v3.3.0 improvements#106

Merged
dandersonsw merged 4 commits into
mainfrom
feat/v3.3.0-improvements
Apr 30, 2026
Merged

feat: Add Docker testing, enhanced audit output, and v3.3.0 improvements#106
dandersonsw merged 4 commits into
mainfrom
feat/v3.3.0-improvements

Conversation

@wz-gsa
Copy link
Copy Markdown
Contributor

@wz-gsa wz-gsa commented Apr 29, 2026
edited
Loading

Summary

This release modernizes Caulking with comprehensive local testing infrastructure, improved documentation, and enhanced audit capabilities for federal compliance.

Features

  • Add Docker-based local testing (Dockerfile, docker-compose.yml)
  • Add multi-distro testing (Ubuntu, Debian, Alpine) via Docker
  • Add CI simulation and upgrade path testing via Docker
  • Add make status for quick health checks
  • Add verification ID to audit output for compliance (NIST AU-10)
  • Add platform info (OS/arch) to audit output
  • Add caulking version to audit output

Bug Fixes

  • Fix find argument order in check_repos.sh (-maxdepth before -name)
  • Improve error handling for Homebrew gitleaks installation

Documentation

  • Add "What gets blocked" section documenting gitleaks patterns and filename denylist
  • Add Linux installation instructions to README
  • Add pre-push scanning flow documentation in hook-wrapper.sh
  • Add Windows/WSL guidance
  • Add upgrading instructions
  • Clarify SKIP=gitleaks limitations (only bypasses content scanning, not denylist)

Code Quality

  • DRY refactor: Centralize XDG paths in lib.sh (caulking_export_paths)
  • Remove unused color variables from pretty.sh
  • Update pre-commit-shfmt to v3.13.1-1
  • Update actionlint to v1.7.12

Testing

  • Add test_prepush_ref_parsing.sh (5 test cases)
  • Add test_skip_gitleaks.sh (3 test cases)
  • Add test_gitleaks_missing.sh
  • Add test_local_hook_chain.sh (3 test cases)

Enhanced Audit Output

The make verify audit box now includes compliance-friendly information:

+---------------------------------------------------------+
| Caulking Audit [OK]                                     |
+---------------------------------------------------------+
| - All checks passed.                                    |
|                                                         |
| - Verification ID : caulk-20260429-221622-bb9a4a92      |
|                                                         |
| - User            : username                            |
| - Host            : hostname                            |
| - Platform        : macOS 15.0 (arm64)                  |
| - Date            : 2026-04-29T22:16:22Z                |
|                                                         |
| - caulking        : 3.3.0                               |
| - prek            : prek 0.3.11                         |
| - gitleaks        : 8.30.1                              |
| ...                                                     |
+---------------------------------------------------------+

Docker Testing Commands

For local Linux testing (no CI required):

make docker-test     # Fast Ubuntu tests
make docker-full     # Full Ubuntu pipeline
make docker-debian   # Debian 12 compatibility
make docker-alpine   # Alpine/musl compatibility  
make docker-ci       # CI environment simulation
make docker-fresh    # Error handling (no gitleaks)
make docker-upgrade  # Upgrade path testing
make docker-all      # Run everything

Testing

  • make test passes on macOS
  • make docker-test passes on Linux (Ubuntu)
  • make docker-full passes (install + verify + test)
  • make docker-debian passes
  • make docker-alpine passes

@wz-gsa
feat: Add Linux CI, Docker testing, enhanced audit output, and v3.3.0…
4358360 
… improvements

This release modernizes Caulking with comprehensive testing infrastructure,
improved documentation, and enhanced audit capabilities for federal compliance.

Features:
- Add Linux CI coverage with ubuntu-latest matrix build
- Add Docker-based local testing (Dockerfile, docker-compose.yml)
- Add multi-distro testing (Ubuntu, Debian, Alpine)
- Add CI simulation and upgrade path testing
- Add 'make status' for quick health checks
- Add verification ID to audit output for compliance (NIST AU-10)
- Add platform info (OS/arch) to audit output
- Add caulking version to audit output
- Add automated changelog via release-please

Bug Fixes:
- Fix 'find' argument order in check_repos.sh (-maxdepth before -name)
- Improve error handling for Homebrew gitleaks installation

Documentation:
- Add Linux installation instructions to README
- Add pre-push scanning flow documentation in hook-wrapper.sh

Code Quality:
- DRY refactor: Centralize XDG paths in lib.sh (caulking_export_paths)
- Remove unused color variables from pretty.sh
- Update pre-commit-shfmt to v3.13.1-1
- Update actionlint to v1.7.12

Testing:
- Add test_prepush_ref_parsing.sh (5 test cases)
- Add test_skip_gitleaks.sh (3 test cases)
- Add test_gitleaks_missing.sh
- Add test_local_hook_chain.sh (3 test cases)

CI/CD:
- Security-harden CI workflow (SHA-pinned actions, checksum verification)
- Add concurrency control for CI runs
- Separate install/verify/test steps

Co-Authored-By: AI Agent <agent@gsa.gov>
@wz-gsa wz-gsa requested review from a team as code owners April 29, 2026 22:29
wz-gsa and others added 3 commits April 29, 2026 18:32
@wz-gsa
fix: Skip pre-commit runner check in CI environments
b2ddfb5 
The pre-commit/prek tooling is for linting the caulking repo itself,
not for caulking's core functionality. In CI environments where these
tools aren't installed, skip the check with a warning instead of failing.

Co-Authored-By: AI Agent <agent@gsa.gov>
@wz-gsa
docs: Improve README with detection details, compliance context, and …
dd2f68b 
…clarity

- Add 'What gets blocked' section documenting gitleaks patterns and filename denylist
- Add GSA/cloud.gov operator attribution
- Clarify SKIP=gitleaks only bypasses content scanning, not denylist
- Add verification ID documentation for audit trail
- Add XDG specification link and explanation
- Add Windows/WSL section
- Add upgrading instructions
- Fix gitleaks version requirement (v8.21.0+ not just v8+)
- Use actual repo URL in quick start
- Clarify what 'make install' does vs showing commands
- Document check_repos.sh purpose

Co-Authored-By: AI Agent <agent@gsa.gov>
@wz-gsa
chore: Remove GitHub Actions CI workflows in preparation for GitLab m…
b14d501 
…igration

- Revert run-tests.yml to original macOS-only workflow
- Remove release-please workflow and config files
- Add GITLAB_CI environment detection to verify-precommit-runner.sh

The Linux CI matrix and release-please automation are being removed as
the repository will be transitioning to GitLab CI. Docker-based local
testing remains available for Linux verification.

Co-Authored-By: AI Agent <agent@gsa.gov>
@wz-gsa wz-gsa changed the title feat: Add Linux CI, Docker testing, enhanced audit output, and v3.3.0 improvements feat: Add Docker testing, enhanced audit output, and v3.3.0 improvements Apr 30, 2026
@dandersonsw dandersonsw merged commit e92b975 into main Apr 30, 2026
3 checks passed
@dandersonsw dandersonsw deleted the feat/v3.3.0-improvements branch April 30, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dandersonsw dandersonsw dandersonsw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wz-gsa @dandersonsw