From 186b352cd462540647f0d0e023706223cc2cedad Mon Sep 17 00:00:00 2001 From: Shankar Date: Mon, 30 Mar 2026 15:38:23 -0400 Subject: [PATCH] chore: remove Claude Code badge and auto-update workflow --- .github/workflows/update-badge.yml | 54 --------- README.md | 3 - integrity_check.sql | 187 +++++++++++++++++++++++++++++ 3 files changed, 187 insertions(+), 57 deletions(-) delete mode 100644 .github/workflows/update-badge.yml create mode 100644 integrity_check.sql diff --git a/.github/workflows/update-badge.yml b/.github/workflows/update-badge.yml deleted file mode 100644 index bca1342..0000000 --- a/.github/workflows/update-badge.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Update Claude Code Badge - -on: - push: - branches: - - master - - v2-dev - -jobs: - update-badge: - name: Update Claude Code Badge - runs-on: ubuntu-latest - if: "!contains(github.event.head_commit.message, '[skip ci]')" - permissions: - contents: write - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Update badge with timestamp - run: | - DATE=$(TZ=America/Chicago date +'%b %d, %Y %I:%M %p CST') - SHORT_SHA=$(git rev-parse --short HEAD) - BADGE_TEXT="Updated_with-Claude_Code_${SHORT_SHA}_(${DATE})-D97757" - # URL-encode spaces and special chars - BADGE_TEXT=$(echo "$BADGE_TEXT" | sed 's/ /%20/g; s/,/%2C/g; s/:/%3A/g; s/(/%28/g; s/)/%29/g') - BADGE_MD="[![Updated with Claude Code](https://img.shields.io/badge/${BADGE_TEXT}?style=flat\&logo=claude\&logoColor=white)](https://claude.ai/code)" - - # Replace between markers - sed -i '//,//{ - //!{ - //!d - } - }' README.md - sed -i "//a ${BADGE_MD}" README.md - - - name: Check for changes - id: changes - run: | - if git diff --quiet README.md; then - echo "changed=false" >> $GITHUB_OUTPUT - else - echo "changed=true" >> $GITHUB_OUTPUT - fi - - - name: Commit and push - if: steps.changes.outputs.changed == 'true' - run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add README.md - git commit -m "chore: update Claude Code badge [skip ci]" - git push diff --git a/README.md b/README.md index 0938472..fe0ce85 100644 --- a/README.md +++ b/README.md @@ -11,9 +11,6 @@ [![Go Report Card](https://goreportcard.com/badge/github.com/shankar0123/certctl)](https://goreportcard.com/report/github.com/shankar0123/certctl) [![GitHub Release](https://img.shields.io/github/v/release/shankar0123/certctl)](https://github.com/shankar0123/certctl/releases) [![GitHub Stars](https://img.shields.io/github/stars/shankar0123/certctl?style=flat&logo=github)](https://github.com/shankar0123/certctl/stargazers) - -[![Updated with Claude Code](https://img.shields.io/badge/Updated_with-Claude_Code_1a91346_%28Mar%2030%2C%202026%2002%3A30%20PM%20CST%29-D97757?style=flat&logo=claude&logoColor=white)](https://claude.ai/code) - TLS certificate lifespans are shrinking fast. The CA/Browser Forum passed [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) unanimously in April 2025, setting a phased reduction: **200 days** by March 2026, **100 days** by March 2027, and **47 days** by March 2029. Organizations managing dozens or hundreds of certificates can no longer rely on spreadsheets, calendar reminders, or manual renewal workflows. The math doesn't work — at 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever. diff --git a/integrity_check.sql b/integrity_check.sql new file mode 100644 index 0000000..818653a --- /dev/null +++ b/integrity_check.sql @@ -0,0 +1,187 @@ +-- ============================================================================= +-- Comprehensive Referential Integrity Check for seed_demo.sql +-- Run AFTER migrations and seed data are loaded +-- ============================================================================= + +-- 1. Verify certificate_versions.certificate_id references valid managed_certificates.id +SELECT 'FK VIOLATION: certificate_versions.certificate_id' AS issue, cv.id, cv.certificate_id +FROM certificate_versions cv +WHERE cv.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY cv.id; + +-- 2. Verify certificate_target_mappings references valid IDs +SELECT 'FK VIOLATION: certificate_target_mappings.certificate_id' AS issue, ctm.certificate_id +FROM certificate_target_mappings ctm +WHERE ctm.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY ctm.certificate_id; + +SELECT 'FK VIOLATION: certificate_target_mappings.target_id' AS issue, ctm.target_id +FROM certificate_target_mappings ctm +WHERE ctm.target_id NOT IN (SELECT id FROM deployment_targets) +ORDER BY ctm.target_id; + +-- 3. Verify jobs references valid IDs +SELECT 'FK VIOLATION: jobs.certificate_id' AS issue, j.id, j.certificate_id +FROM jobs j +WHERE j.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY j.id; + +SELECT 'FK VIOLATION: jobs.target_id' AS issue, j.id, j.target_id +FROM jobs j +WHERE j.target_id IS NOT NULL AND j.target_id NOT IN (SELECT id FROM deployment_targets) +ORDER BY j.id; + +SELECT 'FK VIOLATION: jobs.agent_id' AS issue, j.id, j.agent_id +FROM jobs j +WHERE j.agent_id NOT IN (SELECT id FROM agents) +ORDER BY j.id; + +-- 4. Verify discovered_certificates references valid IDs +SELECT 'FK VIOLATION: discovered_certificates.agent_id' AS issue, dc.id, dc.agent_id +FROM discovered_certificates dc +WHERE dc.agent_id NOT IN (SELECT id FROM agents) +ORDER BY dc.id; + +SELECT 'FK VIOLATION: discovered_certificates.discovery_scan_id' AS issue, dc.id, dc.discovery_scan_id +FROM discovered_certificates dc +WHERE dc.discovery_scan_id IS NOT NULL AND dc.discovery_scan_id NOT IN (SELECT id FROM discovery_scans) +ORDER BY dc.id; + +-- 5. Verify notification_events references valid certificate_id +SELECT 'FK VIOLATION: notification_events.certificate_id' AS issue, ne.id, ne.certificate_id +FROM notification_events ne +WHERE ne.certificate_id IS NOT NULL AND ne.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY ne.id; + +-- 6. Verify policy_violations references valid certificate_id +SELECT 'FK VIOLATION: policy_violations.certificate_id' AS issue, pv.id, pv.certificate_id +FROM policy_violations pv +WHERE pv.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY pv.id; + +-- 7. Verify certificate_revocations references valid IDs +SELECT 'FK VIOLATION: certificate_revocations.certificate_id' AS issue, cr.id, cr.certificate_id +FROM certificate_revocations cr +WHERE cr.certificate_id NOT IN (SELECT id FROM managed_certificates) +ORDER BY cr.id; + +SELECT 'FK VIOLATION: certificate_revocations.issuer_id' AS issue, cr.id, cr.issuer_id +FROM certificate_revocations cr +WHERE cr.issuer_id NOT IN (SELECT id FROM issuers) +ORDER BY cr.id; + +-- 8. Verify agent_group_members references valid IDs +SELECT 'FK VIOLATION: agent_group_members.agent_group_id' AS issue, agm.agent_group_id +FROM agent_group_members agm +WHERE agm.agent_group_id NOT IN (SELECT id FROM agent_groups) +ORDER BY agm.agent_group_id; + +SELECT 'FK VIOLATION: agent_group_members.agent_id' AS issue, agm.agent_id +FROM agent_group_members agm +WHERE agm.agent_id NOT IN (SELECT id FROM agents) +ORDER BY agm.agent_id; + +-- 9. Verify owners.team_id references valid teams.id +SELECT 'FK VIOLATION: owners.team_id' AS issue, o.id, o.team_id +FROM owners o +WHERE o.team_id IS NOT NULL AND o.team_id NOT IN (SELECT id FROM teams) +ORDER BY o.id; + +-- 10. Verify deployment_targets.agent_id references valid agents.id +SELECT 'FK VIOLATION: deployment_targets.agent_id' AS issue, dt.id, dt.agent_id +FROM deployment_targets dt +WHERE dt.agent_id NOT IN (SELECT id FROM agents) +ORDER BY dt.id; + +-- 11. Verify managed_certificates FK columns +SELECT 'FK VIOLATION: managed_certificates.owner_id' AS issue, mc.id, mc.owner_id +FROM managed_certificates mc +WHERE mc.owner_id IS NOT NULL AND mc.owner_id NOT IN (SELECT id FROM owners) +ORDER BY mc.id; + +SELECT 'FK VIOLATION: managed_certificates.team_id' AS issue, mc.id, mc.team_id +FROM managed_certificates mc +WHERE mc.team_id IS NOT NULL AND mc.team_id NOT IN (SELECT id FROM teams) +ORDER BY mc.id; + +SELECT 'FK VIOLATION: managed_certificates.issuer_id' AS issue, mc.id, mc.issuer_id +FROM managed_certificates mc +WHERE mc.issuer_id NOT IN (SELECT id FROM issuers) +ORDER BY mc.id; + +SELECT 'FK VIOLATION: managed_certificates.renewal_policy_id' AS issue, mc.id, mc.renewal_policy_id +FROM managed_certificates mc +WHERE mc.renewal_policy_id IS NOT NULL AND mc.renewal_policy_id NOT IN (SELECT id FROM renewal_policies) +ORDER BY mc.id; + +-- 12. Check for duplicate primary keys +SELECT 'DUPLICATE PK: teams' AS issue, id, COUNT(*) as count +FROM teams GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: owners' AS issue, id, COUNT(*) as count +FROM owners GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: agents' AS issue, id, COUNT(*) as count +FROM agents GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: deployment_targets' AS issue, id, COUNT(*) as count +FROM deployment_targets GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: managed_certificates' AS issue, id, COUNT(*) as count +FROM managed_certificates GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: certificate_versions' AS issue, id, COUNT(*) as count +FROM certificate_versions GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: issuers' AS issue, id, COUNT(*) as count +FROM issuers GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: renewal_policies' AS issue, id, COUNT(*) as count +FROM renewal_policies GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: jobs' AS issue, id, COUNT(*) as count +FROM jobs GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: certificate_profiles' AS issue, id, COUNT(*) as count +FROM certificate_profiles GROUP BY id HAVING COUNT(*) > 1; + +SELECT 'DUPLICATE PK: certificate_revocations' AS issue, id, COUNT(*) as count +FROM certificate_revocations GROUP BY id HAVING COUNT(*) > 1; + +-- 13. Check fingerprint_sha256 uniqueness in certificate_versions +SELECT 'DUPLICATE FINGERPRINT: certificate_versions' AS issue, fingerprint_sha256, COUNT(*) as count +FROM certificate_versions +WHERE fingerprint_sha256 IS NOT NULL +GROUP BY fingerprint_sha256 +HAVING COUNT(*) > 1; + +-- 14. Check serial number uniqueness in certificate_versions +SELECT 'DUPLICATE SERIAL: certificate_versions' AS issue, serial_number, COUNT(*) as count +FROM certificate_versions +WHERE serial_number IS NOT NULL +GROUP BY serial_number +HAVING COUNT(*) > 1; + +-- 15. Verify discovery_scan_id references are valid +SELECT 'FK VIOLATION: discovered_certificates.discovery_scan_id references' AS issue, + dc.id, dc.discovery_scan_id, ds.id +FROM discovered_certificates dc +LEFT JOIN discovery_scans ds ON dc.discovery_scan_id = ds.id +WHERE dc.discovery_scan_id IS NOT NULL AND ds.id IS NULL; + +-- Summary: Count total records +SELECT 'SUMMARY: teams' AS table_name, COUNT(*) as count FROM teams UNION ALL +SELECT 'SUMMARY: owners', COUNT(*) FROM owners UNION ALL +SELECT 'SUMMARY: agents', COUNT(*) FROM agents UNION ALL +SELECT 'SUMMARY: deployment_targets', COUNT(*) FROM deployment_targets UNION ALL +SELECT 'SUMMARY: managed_certificates', COUNT(*) FROM managed_certificates UNION ALL +SELECT 'SUMMARY: certificate_versions', COUNT(*) FROM certificate_versions UNION ALL +SELECT 'SUMMARY: certificate_target_mappings', COUNT(*) FROM certificate_target_mappings UNION ALL +SELECT 'SUMMARY: issuers', COUNT(*) FROM issuers UNION ALL +SELECT 'SUMMARY: renewal_policies', COUNT(*) FROM renewal_policies UNION ALL +SELECT 'SUMMARY: jobs', COUNT(*) FROM jobs UNION ALL +SELECT 'SUMMARY: certificate_profiles', COUNT(*) FROM certificate_profiles UNION ALL +SELECT 'SUMMARY: certificate_revocations', COUNT(*) FROM certificate_revocations UNION ALL +SELECT 'SUMMARY: audit_events', COUNT(*) FROM audit_events UNION ALL +SELECT 'SUMMARY: discovery_scans', COUNT(*) FROM discovery_scans UNION ALL +SELECT 'SUMMARY: discovered_certificates', COUNT(*) FROM discovered_certificates;