odoo-tower/odoo-addons
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
299 Commits 7 Branches 13 Tags
73fe38e3b772d736e52fd338e9f7f43a2e761d3c
Commit Graph

4 Commits

Author SHA1 Message Date
git_admin
72a1c1a94c chore(compat): refresh cold-start seed (sha256:a4a88515128708329a00e506761cbdc6513d4a0442f7e6555fd98625433668ba) 2026-05-10 14:06:47 +00:00
compat-seeder
ed0e835863 feat(compat): sign seeded-ci.json with cosign (Phase 4.1)
All checks were successful
addon-qualify / qualify (push) Successful in 12s
Details 
Adds cosign install + sign-blob step before commit. The detached
.sig (base64-encoded ASN.1 DER ECDSA over SHA256(file)) is committed
alongside seeded-ci.json. Tower's loader verifies it pure-Go before
replay; mismatched/missing sig → refuse + log.

cosign.pub is also checked in so the workflow can self-verify before
push (catches key-rotation mismatch early). The same pubkey is
embedded in Tower's binary at compat_bootstrap_pubkey.pem; both
copies must match or replay will fail.
 2026-05-10 16:59:39 +03:00
compat-seeder
2dfe7be06c chore(compat): refresh cold-start seed (sha256:a4a88515128708329a00e506761cbdc6513d4a0442f7e6555fd98625433668ba) 2026-05-09 21:17:00 +00:00
compat-seeder
820ee83c09 feat(compat): seed-compat workflow + emitter (Phase 4)
All checks were successful
addon-qualify / qualify (push) Successful in 10s
Details 
Wires the nightly cold-start seeder. The Gitea Action runs
qualify-addon.py against every addon on each version branch (18.0 +
19.0), emits a canonical JSON snapshot to compat-bootstrap/seeded-ci.json,
and commits only when content changed. Tower's CompatSeedLoader fetches
this file at startup + every 24h, replays unseen stampIds into the
matrix.

Decisions: Git-as-bus over HTTP endpoint, static lint over real install,
content-hash stampId for byte-stability across runs.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-10 00:14:14 +03:00