Build(deps): Bump actions/checkout from 4 to 6#3
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
systemslibrarian
added a commit
that referenced
this pull request
May 31, 2026
Lands recommendation items #2 (samples) and #3 (deployment guide) from the adoption analysis in chat.md, and captures the operational blueprint for items #1, #4, #5, #6 (Azure KMS, AWS KMS, external review, 1.0 cut) in future.md rather than scaffolding cloud crypto code that cannot be honestly tested in a single session. samples/WorkerService.Sample - LivenessWorker mints a content key every 10 seconds, encrypts a probe payload, then unwraps and decrypts it. Logs round-trip latency + the active KEK id so an ops dashboard can scrape both. A failure here is the early warning that something is wrong with the provider, the keyring, or the host's entropy. - RotationWorker rotates the active KEK on a configurable interval and persists the multi-KEK ring through the registered IKeyringStore on every rotation. Default 2 minutes; Development environment overrides to 30 seconds so the demo is visible at human speed. - README explains the production adaptation points (real secret-manager passphrase source, cadence, health-check integration, keyring backup). samples/EfCore.Sample - SQLite + EF Core console app showing per-row envelope encryption. A SecureNote entity carries Ciphertext + Nonce + Tag + WrappedKey (encoded via WrappedContentKey.Encode) as separate columns; SecureNotesRepository does the async wrap/unwrap at the persistence boundary. - Demo run: insert encrypted, read back through the repo, dump the raw row to prove only ciphertext is on disk, rotate the KEK, re-read the same row to prove the row's wrapped key still references the original KEK and decrypts without re-encryption. - README documents why explicit columns + async repository beats EF Core ValueConverter (async support + lazy migration without re-encrypting every row on rotation). docs/deployment.md - Production operational guide. Opens with "the four things you absolutely must get right": passphrase only in your secret manager, keyring backups, automated rotation, tested restore procedure. - Covers: passphrase storage (and where NOT to store it); keyring metadata durability + the realities of a single-file FileKeyringStore vs. cloud object stores; Argon2id preset selection by frequency-of-derivation rather than "how secure each preset feels"; what to log (KEK ids, rotation timestamps, liveness duration) and what to NEVER log (passphrases, DEK bytes); multi-instance deployments (shared keyring vs. dedicated rotator, and what does NOT work — shared passphrase without shared salt, two hosts both rotating); container + Kubernetes notes; the disaster-recovery matrix down to the irrecoverable "lost keyring AND passphrases" case. future.md - Concrete blueprint for items #1, #4, #5, #6: - Azure Key Vault provider: az provisioning script (RG, RBAC vault, RSA-3072 KEK, role assignment, purge protection), provider skeleton pinned to versioned key URIs, integration-test project layout using Xunit.SkippableFact so missing env vars skip rather than fail, and a GitHub Actions OIDC workflow. - AWS KMS provider: same shape with AWSSDK.KeyManagementService, aws kms create-key + alias, aws-actions/configure-aws-credentials OIDC, note that KMS Encrypt/Decrypt is already authenticated so Ciphertext just holds the AWS blob as-is. - External cryptographic review: two realistic engagement paths (named consultant at $15-50k for ~2-4 weeks vs. community/academic, slower but cheaper), exactly what to hand the reviewer (commit hash, threat model, KNOWN-GAPS, scope letter), and what to do with the report (publish it). - Cutting 1.0: explicit checklist (cloud providers shipped + in real use, audit done, formats stable for 2+ minors, named production deployment), and what 1.0 obligates the maintainer to (no breaking changes without a 2.0, backport policy, deprecation cycles). - Closes with sequencing: don't reorder; each step's value depends on the previous one being done. Plumbing - PostQuantum.KeyManagement.slnx references the two new sample projects. - README links to docs/deployment.md and future.md from the security section and the samples table now lists all three samples + what each demonstrates. - CHANGELOG updated under 0.3.0-preview.1. Build: full solution 0 warnings, 0 errors on net8/9/10. 42 core tests + 11 DI tests = 53 tests, all green. Both new samples build clean; EfCore.Sample was smoke-tested end-to-end including a rotation. To God be the glory - 1 Corinthians 10:31 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
systemslibrarian
added a commit
that referenced
this pull request
May 31, 2026
Lifts the 0.3 hardened core into a production-shaped preview by adding API refinements, expanded test coverage, polished documentation, and stronger NuGet metadata. Cloud KMS providers, external review, and 1.0 remain mapped out in future.md. API refinements (additive only) - WrappedContentKey.TryDecode(string? token, out WrappedContentKey? result) for exception-free parsing of untrusted input. The throwing Decode remains for programmer-error scenarios. - LocalKeyringMetadata.TryDecode(...) — same pattern for keyring tokens. - LocalContentKeyProvider now rejects empty passphrases with a clear ArgumentException at the library boundary, before any cryptographic work runs. Eliminates a confusing inner exception from Argon2id. - AddPostQuantumKeyManagement is now idempotent: switched the singleton registrations to TryAddSingleton so calling it twice does not double-register. Test expansion (53 -> 74 tests) - TryDecodeTests: positive and negative cases for both TryDecode overloads. - PassphraseEdgeCaseTests: 8 KiB passphrases, Unicode passphrases (BMP, RTL, emoji, CJK), keyring export/import round-trips with Unicode passphrases, and the empty-passphrase rejection on Create and Rotate. - AdvancedRotationTests: 25 rapid rotations with every probe still unwrappable, ExportMetadata reflecting the new active KEK, two-hop rewrap preserving content-key bytes, and mid-lifecycle Import preserving the active KEK. - IdempotencyAndConfigurationTests (DI package): double-registration is now safe, IConfiguration binding works, relative KeyringPath resolves. Documentation - README rewritten to lead with concrete value, a 60-second demo across all three samples, a TryDecode usage snippet, a PostQuantum.FileEncryption integration sketch, a local-vs-cloud KMS comparison table, and a TOC of every supporting doc. - SECURITY.md enumerates the protections the library now actually delivers (verifier, hostile-input resistance, boundary validation, concurrent safety) and cross-links to the threat model, deployment guide, and future.md. - KNOWN-GAPS.md reflects 0.4 state: gaps #3 (keyring persistence) and #7 (threading) marked closed with version anchors; the 0.4 roadmap line lists the DI package, samples, docs, TryDecode, and boundary validation. Packaging and release prep - Version bumped to 0.4.0-preview.1 on both packages (core + DI extensions). - Core declares IsAotCompatible=true. Builds clean under the AOT/trim analyzer on net8/9/10. - NuGet metadata elevated on both packages: stronger Title, Description, PackageTags (added hsm, ihealthcheck, hosting), and detailed PackageReleaseNotes covering everything new in 0.4. SourceLink + deterministic builds + symbol packages preserved. - CHANGELOG.md has a complete 0.4 entry under Keep-a-Changelog conventions. Verification - Full solution: 0 warnings, 0 errors on net8.0/net9.0/net10.0. - 60 core tests + 14 DI tests = 74 tests, all passing. - dotnet pack on both packages produces .nupkg + .snupkg at v0.4.0-preview.1. To God be the glory - 1 Corinthians 10:31 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Author
|
Superseded by #9. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps actions/checkout from 4 to 6.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)