chore(release): Promote develop to main for v2.2.0 (#1031)

* feat: replace individual linters with GitHub Super Linter

- Replace hadolint, shellcheck, and markdown-link-check with GitHub Super Linter
- Update ci-cd.yml lint-and-validate job to use Super Linter
- Update docs-validation.yml to use Super Linter for markdown files
- Update auto-sync-docs.yml to use Super Linter for markdown files
- Remove duplicate hadolint usage from integration tests
- Keep markdown-link-check for link validation (Super Linter doesn't do links)
- Keep environment file validation (Super Linter doesn't handle .env files)

* chore: update GitHub Super Linter to version 8.1.0

* feat: add DEFAULT_BRANCH environment variable to GitHub Super Linter step

* feat: enhance GitHub Super Linter step with SARIF reporting and error handling

* fix: resolve all Super Linter errors and warnings

- Fix shell script linting issues (SC2035, SC1091, SC2181, SC2001, SC2162, SC2153, SC2317, SC2086, SC2129)
- Fix Dockerfile best practices (DL3008, DL3015, DL3016, SC2015)
- Add appropriate shellcheck disable comments for acceptable cases
- Improve test script directory handling and log file initialization
- Ensure all scripts pass Super Linter validation
- Update emergency backup JSON files
- Fix glob patterns and variable quoting throughout codebase

This commit ensures the codebase passes all linting checks and follows
industry best practices for shell scripting and Docker configuration.

* fix: remove DISABLE_ERRORS option from linting configuration

* Fix YAML syntax error in CI/CD workflow

- Fix missing pipe character after 'run:' on line 85 in provision-normal-runner job
- Correct indentation of multi-line run block

* fix: remove Super Linter SARIF upload and failure steps from CI/CD workflow

* Fix shellcheck SC2329 warnings for unused functions

- Call suggest_alternatives() when packages fail validation in validate-packages.sh
- Add shellcheck disable comments for cleanup functions called via traps
- Add shellcheck disable comments for suggest_alternatives function called indirectly

* Fix shellcheck SC2329 warnings for cleanup functions

- Move shellcheck disable=SC2317 comments to first line before function definitions
- Add shellcheck disable comments for trap commands
- Ensure proper suppression of warnings for functions called via signal traps

* Fix shell script formatting with shfmt

- Apply consistent 8-space indentation to all shell scripts
- Convert tabs to spaces for proper formatting
- Fix indentation issues in scripts/ and tests/ directories
- Ensure all shell scripts follow shfmt standards

Files updated:
- scripts/*.sh (10 files)
- tests/**/*.sh (8 files)
- .github/workflows/ci-cd.yml (workflow formatting)

* fix: update Super Linter action path to use slim directory

* fix: resolve shellcheck SC2329 and shfmt formatting issues

- Add shellcheck disable comments for SC2329 (unused function) warnings
  in cleanup functions called via traps
- Apply consistent 8-space indentation using shfmt to all shell scripts
- Fix formatting in docker/entrypoint.sh, docker/entrypoint-chrome.sh,
  tests/docker/test-container-startup.sh, and tests/integration/comprehensive-tests.sh

This resolves the linting errors in the CI/CD pipeline and ensures
consistent code formatting across the codebase.

* fix: make Chrome headless test more robust

- Add multiple approaches for Chrome headless testing
- Use better flags to prevent segmentation faults
- Don't fail CI on headless issues (warn instead)
- Update both container test and CI/CD workflow tests

* Fix Chrome headless test segmentation fault and shell script linting errors

- Fix shellcheck errors by properly quoting data URLs in Chrome headless tests
- Resolve shfmt formatting issues in test-container-startup.sh
- Implement robust Chrome headless testing with multiple fallback approaches
- Change Chrome headless failures from hard errors to warnings
- Add comprehensive error handling for container environment limitations
- Update precommit instructions for better CI/CD workflow validation

* fix: remove unnecessary dependencies on lint-and-validate job

* Quote data URLs in CI workflow Chrome headless tests to avoid shell redirection syntax errors,--allow-empty:false

* ci(workflow): remove test-container-startup job (containers provisioned by provision jobs)

* ci(workflow): remove dangling needs reference to test-container-startup from cleanup job

* fix: update DEFAULT_BRANCH logic to handle pull request events correctly

* feat: Add Chrome-Go Runner Support (#1004)

Merge Chrome-Go runner support: all Go version references fixed, release and CI/CD workflows updated, Docker and config files consistent. Ready for develop integration.

* chore(deps)(deps): bump actions/checkout from 4 to 5 (#1008)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump github/super-linter from 6 to 7 (#1007)

Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <gt@grammatonic.nl>

* fix(docker): ensure unzip available before Chrome installation

- Move unzip installation to separate early layer
- Prevents 'command not found' error during Chrome/ChromeDriver download
- Resolves exit code 127 in Chrome installation step

* test(local): make local docker tests skip-mode aware; chrome compose wiring (#1012)

* test(local): make local docker tests skip-registration aware and fix compose overrides; wire RUNNER_SKIP_REGISTRATION to chrome compose

* fix(ci): repair Chrome/Chrome-Go builds (libgdk-pixbuf-2.0-0, early essentials), de-dupe Chrome deps; relax health check retries; tidy shell scripts for linter

* ci: make provisioning use skip-registration and fix shell linting (shfmt/SC1090); add skip support to chrome-go compose

* ci(lint): fix shfmt diffs in test_normal_runner_local.sh (redirection spacing and case indentation)

* chore(shell): fix shfmt case/indentation and redirection spacing in entrypoints and local test scripts to satisfy Super-Linter SHELL_SHFMT

* style(shell): apply shfmt-compliant indentation/redirection in entrypoint scripts

* style(shell): apply shfmt 2-space indentation across tests and scripts; no logic changes\n\n- Reformat tests/integration/comprehensive-tests.sh\n- Reformat tests/docker/validate-packages.sh\n- Reformat tests/unit/package-validation.sh\n- Reformat tests/integration/playwright_screenshot_integration.sh\n- Reformat tests/docker/test-container-startup.sh\n- Reformat tests/user-deployment/test-user-experience.sh\n- Consistency pass in previously edited scripts to satisfy Super-Linter SHELL_SHFMT

* fix(tests): remove stray 'done' in comprehensive-tests.sh to satisfy bash syntax and linter

* fix(tests): correct syntax errors in package-validation and user-experience tests

- tests/unit/package-validation.sh: Remove orphaned code block after main() call that caused unmatched closing brace
- tests/user-deployment/test-user-experience.sh: Fix while loop structure - move 'done' after case block body

These syntax errors were causing CI job failures:
- Package Validation Tests: exit code 127
- Comprehensive Integration Tests (unit): exit code 1
- User Deployment Experience Tests: exit code 2

* fix(tests): restore corrupted validate-packages.sh from git history

The file was corrupted during shfmt formatting in commit 19a7d10.
Restored working version from commit d3548d6.

This fixes the Package Validation Tests CI job exit code 127.

* style(tests): apply shfmt 2-space indentation to validate-packages.sh

Applied shfmt -i 2 -ci -sr formatting to ensure consistency with
Super-Linter SHELL_SHFMT requirements.

* fix(tests): restore missing test_obsolete_packages function

The test_obsolete_packages function was accidentally removed when cleaning
up orphaned code. Restored from git history (commit d3548d6) to fix:
- Package Validation Tests: exit code 1 ('command not found')
- Comprehensive Integration Tests (unit): exit code 1

The function checks Dockerfiles for known obsolete packages that are
no longer available in Ubuntu 24.04.

* fix(tests): improve package extraction from Dockerfiles

- Fix AWK script to properly collect multi-line apt-get install commands
- Fix regex character class to allow hyphens in package names (moved hyphen to end)
- Now correctly extracts packages like build-essential, ca-certificates, python3-pip
- Tested: extracts 11 packages from main Dockerfile (curl filtered intentionally)

* style: apply shfmt default formatting (tabs) to all shell scripts

- Super-Linter uses shfmt with default settings (tab indentation)
- Previously used 2-space indentation which failed SHELL_SHFMT validation
- Applied shfmt without -i flag to match CI expectations
- Fixes final Lint and Validate job failure

* fix(tests): add shellcheck directive to suppress SC2329 warnings

- SC2329 warns about functions not being invoked
- These functions ARE invoked by main() at end of script
- Added disable directive to silence false positive warnings
- Fixes BASH linting errors in CI

* fix(tests): add per-function shellcheck SC2329 directives

- SC2329 warns about functions appearing unused
- Added disable directive before each affected function
- Functions are invoked by main() so this is a false positive
- Fixes BASH linting in CI

* fix(ci): add fetch-depth: 0 to docs workflow checkout

- Super-Linter was failing with 'GITHUB_SHA reference doesn't exist'
- Need full git history for Super-Linter to work correctly
- Added fetch-depth: 0 to checkout step

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(deps)(deps): bump super-linter/super-linter from 8.1.0 to 8.2.0 (#1010)

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v8.1.0...v8.2.0)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump github/codeql-action from 3 to 4 (#1011)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump actions/upload-artifact from 4 to 5 (#1013)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(docker): update questing dependencies

* build: upgrade actions runner to v2.329.0 (#1015)

* build(runner): bump to v2.329.0 release

* fix(runner): relax chrome healthchecks

* fix(ci): use reg token for staging runners

* ci(docs-validation): fetch full history for super linter

* ci(docs-validation): disable jscpd and checkov

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore: bump Node.js and npm for Chrome runner (#1017)

* chore: bump Node.js to 24.11.1 and npm to 11.6.2

* chore: bump Go toolchain to 1.25.4 in chrome-go runner

---------

Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>

* chore: sync runner dependencies

* fix(docker): reinstall cross-spawn 7.0.6 (#1019)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* fix: patch tar vulnerability (#1020)

* fix(docker): bump tar to 7.5.2

* fix(docker): stage tar install via prefix

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* fix: patch npm brace-expansion dependencies (#1022)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(release): promote develop to main (#1021) (#1024)

* feat: replace individual linters with GitHub Super Linter

- Replace hadolint, shellcheck, and markdown-link-check with GitHub Super Linter
- Update ci-cd.yml lint-and-validate job to use Super Linter
- Update docs-validation.yml to use Super Linter for markdown files
- Update auto-sync-docs.yml to use Super Linter for markdown files
- Remove duplicate hadolint usage from integration tests
- Keep markdown-link-check for link validation (Super Linter doesn't do links)
- Keep environment file validation (Super Linter doesn't handle .env files)

* chore: update GitHub Super Linter to version 8.1.0

* feat: add DEFAULT_BRANCH environment variable to GitHub Super Linter step

* feat: enhance GitHub Super Linter step with SARIF reporting and error handling

* fix: resolve all Super Linter errors and warnings

- Fix shell script linting issues (SC2035, SC1091, SC2181, SC2001, SC2162, SC2153, SC2317, SC2086, SC2129)
- Fix Dockerfile best practices (DL3008, DL3015, DL3016, SC2015)
- Add appropriate shellcheck disable comments for acceptable cases
- Improve test script directory handling and log file initialization
- Ensure all scripts pass Super Linter validation
- Update emergency backup JSON files
- Fix glob patterns and variable quoting throughout codebase

This commit ensures the codebase passes all linting checks and follows
industry best practices for shell scripting and Docker configuration.

* fix: remove DISABLE_ERRORS option from linting configuration

* Fix YAML syntax error in CI/CD workflow

- Fix missing pipe character after 'run:' on line 85 in provision-normal-runner job
- Correct indentation of multi-line run block

* fix: remove Super Linter SARIF upload and failure steps from CI/CD workflow

* Fix shellcheck SC2329 warnings for unused functions

- Call suggest_alternatives() when packages fail validation in validate-packages.sh
- Add shellcheck disable comments for cleanup functions called via traps
- Add shellcheck disable comments for suggest_alternatives function called indirectly

* Fix shellcheck SC2329 warnings for cleanup functions

- Move shellcheck disable=SC2317 comments to first line before function definitions
- Add shellcheck disable comments for trap commands
- Ensure proper suppression of warnings for functions called via signal traps

* Fix shell script formatting with shfmt

- Apply consistent 8-space indentation to all shell scripts
- Convert tabs to spaces for proper formatting
- Fix indentation issues in scripts/ and tests/ directories
- Ensure all shell scripts follow shfmt standards

Files updated:
- scripts/*.sh (10 files)
- tests/**/*.sh (8 files)
- .github/workflows/ci-cd.yml (workflow formatting)

* fix: update Super Linter action path to use slim directory

* fix: resolve shellcheck SC2329 and shfmt formatting issues

- Add shellcheck disable comments for SC2329 (unused function) warnings
  in cleanup functions called via traps
- Apply consistent 8-space indentation using shfmt to all shell scripts
- Fix formatting in docker/entrypoint.sh, docker/entrypoint-chrome.sh,
  tests/docker/test-container-startup.sh, and tests/integration/comprehensive-tests.sh

This resolves the linting errors in the CI/CD pipeline and ensures
consistent code formatting across the codebase.

* fix: make Chrome headless test more robust

- Add multiple approaches for Chrome headless testing
- Use better flags to prevent segmentation faults
- Don't fail CI on headless issues (warn instead)
- Update both container test and CI/CD workflow tests

* Fix Chrome headless test segmentation fault and shell script linting errors

- Fix shellcheck errors by properly quoting data URLs in Chrome headless tests
- Resolve shfmt formatting issues in test-container-startup.sh
- Implement robust Chrome headless testing with multiple fallback approaches
- Change Chrome headless failures from hard errors to warnings
- Add comprehensive error handling for container environment limitations
- Update precommit instructions for better CI/CD workflow validation

* fix: remove unnecessary dependencies on lint-and-validate job

* Quote data URLs in CI workflow Chrome headless tests to avoid shell redirection syntax errors,--allow-empty:false

* ci(workflow): remove test-container-startup job (containers provisioned by provision jobs)

* ci(workflow): remove dangling needs reference to test-container-startup from cleanup job

* fix: update DEFAULT_BRANCH logic to handle pull request events correctly

* feat: Add Chrome-Go Runner Support (#1004)

Merge Chrome-Go runner support: all Go version references fixed, release and CI/CD workflows updated, Docker and config files consistent. Ready for develop integration.

* chore(deps)(deps): bump actions/checkout from 4 to 5 (#1008)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...




* chore(deps)(deps): bump github/super-linter from 6 to 7 (#1007)

Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...





* fix(docker): ensure unzip available before Chrome installation

- Move unzip installation to separate early layer
- Prevents 'command not found' error during Chrome/ChromeDriver download
- Resolves exit code 127 in Chrome installation step

* test(local): make local docker tests skip-mode aware; chrome compose wiring (#1012)

* test(local): make local docker tests skip-registration aware and fix compose overrides; wire RUNNER_SKIP_REGISTRATION to chrome compose

* fix(ci): repair Chrome/Chrome-Go builds (libgdk-pixbuf-2.0-0, early essentials), de-dupe Chrome deps; relax health check retries; tidy shell scripts for linter

* ci: make provisioning use skip-registration and fix shell linting (shfmt/SC1090); add skip support to chrome-go compose

* ci(lint): fix shfmt diffs in test_normal_runner_local.sh (redirection spacing and case indentation)

* chore(shell): fix shfmt case/indentation and redirection spacing in entrypoints and local test scripts to satisfy Super-Linter SHELL_SHFMT

* style(shell): apply shfmt-compliant indentation/redirection in entrypoint scripts

* style(shell): apply shfmt 2-space indentation across tests and scripts; no logic changes\n\n- Reformat tests/integration/comprehensive-tests.sh\n- Reformat tests/docker/validate-packages.sh\n- Reformat tests/unit/package-validation.sh\n- Reformat tests/integration/playwright_screenshot_integration.sh\n- Reformat tests/docker/test-container-startup.sh\n- Reformat tests/user-deployment/test-user-experience.sh\n- Consistency pass in previously edited scripts to satisfy Super-Linter SHELL_SHFMT

* fix(tests): remove stray 'done' in comprehensive-tests.sh to satisfy bash syntax and linter

* fix(tests): correct syntax errors in package-validation and user-experience tests

- tests/unit/package-validation.sh: Remove orphaned code block after main() call that caused unmatched closing brace
- tests/user-deployment/test-user-experience.sh: Fix while loop structure - move 'done' after case block body

These syntax errors were causing CI job failures:
- Package Validation Tests: exit code 127
- Comprehensive Integration Tests (unit): exit code 1
- User Deployment Experience Tests: exit code 2

* fix(tests): restore corrupted validate-packages.sh from git history

The file was corrupted during shfmt formatting in commit 19a7d10.
Restored working version from commit d3548d6.

This fixes the Package Validation Tests CI job exit code 127.

* style(tests): apply shfmt 2-space indentation to validate-packages.sh

Applied shfmt -i 2 -ci -sr formatting to ensure consistency with
Super-Linter SHELL_SHFMT requirements.

* fix(tests): restore missing test_obsolete_packages function

The test_obsolete_packages function was accidentally removed when cleaning
up orphaned code. Restored from git history (commit d3548d6) to fix:
- Package Validation Tests: exit code 1 ('command not found')
- Comprehensive Integration Tests (unit): exit code 1

The function checks Dockerfiles for known obsolete packages that are
no longer available in Ubuntu 24.04.

* fix(tests): improve package extraction from Dockerfiles

- Fix AWK script to properly collect multi-line apt-get install commands
- Fix regex character class to allow hyphens in package names (moved hyphen to end)
- Now correctly extracts packages like build-essential, ca-certificates, python3-pip
- Tested: extracts 11 packages from main Dockerfile (curl filtered intentionally)

* style: apply shfmt default formatting (tabs) to all shell scripts

- Super-Linter uses shfmt with default settings (tab indentation)
- Previously used 2-space indentation which failed SHELL_SHFMT validation
- Applied shfmt without -i flag to match CI expectations
- Fixes final Lint and Validate job failure

* fix(tests): add shellcheck directive to suppress SC2329 warnings

- SC2329 warns about functions not being invoked
- These functions ARE invoked by main() at end of script
- Added disable directive to silence false positive warnings
- Fixes BASH linting errors in CI

* fix(tests): add per-function shellcheck SC2329 directives

- SC2329 warns about functions appearing unused
- Added disable directive before each affected function
- Functions are invoked by main() so this is a false positive
- Fixes BASH linting in CI

* fix(ci): add fetch-depth: 0 to docs workflow checkout

- Super-Linter was failing with 'GITHUB_SHA reference doesn't exist'
- Need full git history for Super-Linter to work correctly
- Added fetch-depth: 0 to checkout step

---------



* chore(deps)(deps): bump super-linter/super-linter from 8.1.0 to 8.2.0 (#1010)

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v8.1.0...v8.2.0)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...




* chore(deps)(deps): bump github/codeql-action from 3 to 4 (#1011)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...




* chore(deps)(deps): bump actions/upload-artifact from 4 to 5 (#1013)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...




* fix(docker): update questing dependencies

* build: upgrade actions runner to v2.329.0 (#1015)

* build(runner): bump to v2.329.0 release

* fix(runner): relax chrome healthchecks

* fix(ci): use reg token for staging runners

* ci(docs-validation): fetch full history for super linter

* ci(docs-validation): disable jscpd and checkov

---------



* chore: bump Node.js and npm for Chrome runner (#1017)

* chore: bump Node.js to 24.11.1 and npm to 11.6.2

* chore: bump Go toolchain to 1.25.4 in chrome-go runner

---------



* chore: sync runner dependencies

* fix(docker): reinstall cross-spawn 7.0.6 (#1019)



* fix: patch tar vulnerability (#1020)

* fix(docker): bump tar to 7.5.2

* fix(docker): stage tar install via prefix

---------



---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>
Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>

* Update docker/Dockerfile.chrome-go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update docker/Dockerfile.chrome

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update docker/Dockerfile

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Revert "chore(release): promote develop to main (#1021)" (#1026)

This reverts commit 534e98a59e1b62877e8e28e58b9cf24046b3538e.

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* fix(docker): ensure npm bundles patched tar (#1027)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(chrome): bump runner chrome to 142.0.7444.162 (#1028)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(release): promote develop to main (#1023)

* feat: replace individual linters with GitHub Super Linter

- Replace hadolint, shellcheck, and markdown-link-check with GitHub Super Linter
- Update ci-cd.yml lint-and-validate job to use Super Linter
- Update docs-validation.yml to use Super Linter for markdown files
- Update auto-sync-docs.yml to use Super Linter for markdown files
- Remove duplicate hadolint usage from integration tests
- Keep markdown-link-check for link validation (Super Linter doesn't do links)
- Keep environment file validation (Super Linter doesn't handle .env files)

* chore: update GitHub Super Linter to version 8.1.0

* feat: add DEFAULT_BRANCH environment variable to GitHub Super Linter step

* feat: enhance GitHub Super Linter step with SARIF reporting and error handling

* fix: resolve all Super Linter errors and warnings

- Fix shell script linting issues (SC2035, SC1091, SC2181, SC2001, SC2162, SC2153, SC2317, SC2086, SC2129)
- Fix Dockerfile best practices (DL3008, DL3015, DL3016, SC2015)
- Add appropriate shellcheck disable comments for acceptable cases
- Improve test script directory handling and log file initialization
- Ensure all scripts pass Super Linter validation
- Update emergency backup JSON files
- Fix glob patterns and variable quoting throughout codebase

This commit ensures the codebase passes all linting checks and follows
industry best practices for shell scripting and Docker configuration.

* fix: remove DISABLE_ERRORS option from linting configuration

* Fix YAML syntax error in CI/CD workflow

- Fix missing pipe character after 'run:' on line 85 in provision-normal-runner job
- Correct indentation of multi-line run block

* fix: remove Super Linter SARIF upload and failure steps from CI/CD workflow

* Fix shellcheck SC2329 warnings for unused functions

- Call suggest_alternatives() when packages fail validation in validate-packages.sh
- Add shellcheck disable comments for cleanup functions called via traps
- Add shellcheck disable comments for suggest_alternatives function called indirectly

* Fix shellcheck SC2329 warnings for cleanup functions

- Move shellcheck disable=SC2317 comments to first line before function definitions
- Add shellcheck disable comments for trap commands
- Ensure proper suppression of warnings for functions called via signal traps

* Fix shell script formatting with shfmt

- Apply consistent 8-space indentation to all shell scripts
- Convert tabs to spaces for proper formatting
- Fix indentation issues in scripts/ and tests/ directories
- Ensure all shell scripts follow shfmt standards

Files updated:
- scripts/*.sh (10 files)
- tests/**/*.sh (8 files)
- .github/workflows/ci-cd.yml (workflow formatting)

* fix: update Super Linter action path to use slim directory

* fix: resolve shellcheck SC2329 and shfmt formatting issues

- Add shellcheck disable comments for SC2329 (unused function) warnings
  in cleanup functions called via traps
- Apply consistent 8-space indentation using shfmt to all shell scripts
- Fix formatting in docker/entrypoint.sh, docker/entrypoint-chrome.sh,
  tests/docker/test-container-startup.sh, and tests/integration/comprehensive-tests.sh

This resolves the linting errors in the CI/CD pipeline and ensures
consistent code formatting across the codebase.

* fix: make Chrome headless test more robust

- Add multiple approaches for Chrome headless testing
- Use better flags to prevent segmentation faults
- Don't fail CI on headless issues (warn instead)
- Update both container test and CI/CD workflow tests

* Fix Chrome headless test segmentation fault and shell script linting errors

- Fix shellcheck errors by properly quoting data URLs in Chrome headless tests
- Resolve shfmt formatting issues in test-container-startup.sh
- Implement robust Chrome headless testing with multiple fallback approaches
- Change Chrome headless failures from hard errors to warnings
- Add comprehensive error handling for container environment limitations
- Update precommit instructions for better CI/CD workflow validation

* fix: remove unnecessary dependencies on lint-and-validate job

* Quote data URLs in CI workflow Chrome headless tests to avoid shell redirection syntax errors,--allow-empty:false

* ci(workflow): remove test-container-startup job (containers provisioned by provision jobs)

* ci(workflow): remove dangling needs reference to test-container-startup from cleanup job

* fix: update DEFAULT_BRANCH logic to handle pull request events correctly

* feat: Add Chrome-Go Runner Support (#1004)

Merge Chrome-Go runner support: all Go version references fixed, release and CI/CD workflows updated, Docker and config files consistent. Ready for develop integration.

* chore(deps)(deps): bump actions/checkout from 4 to 5 (#1008)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump github/super-linter from 6 to 7 (#1007)

Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <gt@grammatonic.nl>

* fix(docker): ensure unzip available before Chrome installation

- Move unzip installation to separate early layer
- Prevents 'command not found' error during Chrome/ChromeDriver download
- Resolves exit code 127 in Chrome installation step

* test(local): make local docker tests skip-mode aware; chrome compose wiring (#1012)

* test(local): make local docker tests skip-registration aware and fix compose overrides; wire RUNNER_SKIP_REGISTRATION to chrome compose

* fix(ci): repair Chrome/Chrome-Go builds (libgdk-pixbuf-2.0-0, early essentials), de-dupe Chrome deps; relax health check retries; tidy shell scripts for linter

* ci: make provisioning use skip-registration and fix shell linting (shfmt/SC1090); add skip support to chrome-go compose

* ci(lint): fix shfmt diffs in test_normal_runner_local.sh (redirection spacing and case indentation)

* chore(shell): fix shfmt case/indentation and redirection spacing in entrypoints and local test scripts to satisfy Super-Linter SHELL_SHFMT

* style(shell): apply shfmt-compliant indentation/redirection in entrypoint scripts

* style(shell): apply shfmt 2-space indentation across tests and scripts; no logic changes\n\n- Reformat tests/integration/comprehensive-tests.sh\n- Reformat tests/docker/validate-packages.sh\n- Reformat tests/unit/package-validation.sh\n- Reformat tests/integration/playwright_screenshot_integration.sh\n- Reformat tests/docker/test-container-startup.sh\n- Reformat tests/user-deployment/test-user-experience.sh\n- Consistency pass in previously edited scripts to satisfy Super-Linter SHELL_SHFMT

* fix(tests): remove stray 'done' in comprehensive-tests.sh to satisfy bash syntax and linter

* fix(tests): correct syntax errors in package-validation and user-experience tests

- tests/unit/package-validation.sh: Remove orphaned code block after main() call that caused unmatched closing brace
- tests/user-deployment/test-user-experience.sh: Fix while loop structure - move 'done' after case block body

These syntax errors were causing CI job failures:
- Package Validation Tests: exit code 127
- Comprehensive Integration Tests (unit): exit code 1
- User Deployment Experience Tests: exit code 2

* fix(tests): restore corrupted validate-packages.sh from git history

The file was corrupted during shfmt formatting in commit 19a7d10.
Restored working version from commit d3548d6.

This fixes the Package Validation Tests CI job exit code 127.

* style(tests): apply shfmt 2-space indentation to validate-packages.sh

Applied shfmt -i 2 -ci -sr formatting to ensure consistency with
Super-Linter SHELL_SHFMT requirements.

* fix(tests): restore missing test_obsolete_packages function

The test_obsolete_packages function was accidentally removed when cleaning
up orphaned code. Restored from git history (commit d3548d6) to fix:
- Package Validation Tests: exit code 1 ('command not found')
- Comprehensive Integration Tests (unit): exit code 1

The function checks Dockerfiles for known obsolete packages that are
no longer available in Ubuntu 24.04.

* fix(tests): improve package extraction from Dockerfiles

- Fix AWK script to properly collect multi-line apt-get install commands
- Fix regex character class to allow hyphens in package names (moved hyphen to end)
- Now correctly extracts packages like build-essential, ca-certificates, python3-pip
- Tested: extracts 11 packages from main Dockerfile (curl filtered intentionally)

* style: apply shfmt default formatting (tabs) to all shell scripts

- Super-Linter uses shfmt with default settings (tab indentation)
- Previously used 2-space indentation which failed SHELL_SHFMT validation
- Applied shfmt without -i flag to match CI expectations
- Fixes final Lint and Validate job failure

* fix(tests): add shellcheck directive to suppress SC2329 warnings

- SC2329 warns about functions not being invoked
- These functions ARE invoked by main() at end of script
- Added disable directive to silence false positive warnings
- Fixes BASH linting errors in CI

* fix(tests): add per-function shellcheck SC2329 directives

- SC2329 warns about functions appearing unused
- Added disable directive before each affected function
- Functions are invoked by main() so this is a false positive
- Fixes BASH linting in CI

* fix(ci): add fetch-depth: 0 to docs workflow checkout

- Super-Linter was failing with 'GITHUB_SHA reference doesn't exist'
- Need full git history for Super-Linter to work correctly
- Added fetch-depth: 0 to checkout step

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(deps)(deps): bump super-linter/super-linter from 8.1.0 to 8.2.0 (#1010)

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v8.1.0...v8.2.0)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump github/codeql-action from 3 to 4 (#1011)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps)(deps): bump actions/upload-artifact from 4 to 5 (#1013)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix(docker): update questing dependencies

* build: upgrade actions runner to v2.329.0 (#1015)

* build(runner): bump to v2.329.0 release

* fix(runner): relax chrome healthchecks

* fix(ci): use reg token for staging runners

* ci(docs-validation): fetch full history for super linter

* ci(docs-validation): disable jscpd and checkov

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore: bump Node.js and npm for Chrome runner (#1017)

* chore: bump Node.js to 24.11.1 and npm to 11.6.2

* chore: bump Go toolchain to 1.25.4 in chrome-go runner

---------

Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>

* chore: sync runner dependencies

* fix(docker): reinstall cross-spawn 7.0.6 (#1019)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* fix: patch tar vulnerability (#1020)

* fix(docker): bump tar to 7.5.2

* fix(docker): stage tar install via prefix

---------

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* fix: patch npm brace-expansion dependencies (#1022)

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* chore(release): promote develop to main (#1021) (#1024)

* feat: replace individual linters with GitHub Super Linter

- Replace hadolint, shellcheck, and markdown-link-check with GitHub Super Linter
- Update ci-cd.yml lint-and-validate job to use Super Linter
- Update docs-validation.yml to use Super Linter for markdown files
- Update auto-sync-docs.yml to use Super Linter for markdown files
- Remove duplicate hadolint usage from integration tests
- Keep markdown-link-check for link validation (Super Linter doesn't do links)
- Keep environment file validation (Super Linter doesn't handle .env files)

* chore: update GitHub Super Linter to version 8.1.0

* feat: add DEFAULT_BRANCH environment variable to GitHub Super Linter step

* feat: enhance GitHub Super Linter step with SARIF reporting and error handling

* fix: resolve all Super Linter errors and warnings

- Fix shell script linting issues (SC2035, SC1091, SC2181, SC2001, SC2162, SC2153, SC2317, SC2086, SC2129)
- Fix Dockerfile best practices (DL3008, DL3015, DL3016, SC2015)
- Add appropriate shellcheck disable comments for acceptable cases
- Improve test script directory handling and log file initialization
- Ensure all scripts pass Super Linter validation
- Update emergency backup JSON files
- Fix glob patterns and variable quoting throughout codebase

This commit ensures the codebase passes all linting checks and follows
industry best practices for shell scripting and Docker configuration.

* fix: remove DISABLE_ERRORS option from linting configuration

* Fix YAML syntax error in CI/CD workflow

- Fix missing pipe character after 'run:' on line 85 in provision-normal-runner job
- Correct indentation of multi-line run block

* fix: remove Super Linter SARIF upload and failure steps from CI/CD workflow

* Fix shellcheck SC2329 warnings for unused functions

- Call suggest_alternatives() when packages fail validation in validate-packages.sh
- Add shellcheck disable comments for cleanup functions called via traps
- Add shellcheck disable comments for suggest_alternatives function called indirectly

* Fix shellcheck SC2329 warnings for cleanup functions

- Move shellcheck disable=SC2317 comments to first line before function definitions
- Add shellcheck disable comments for trap commands
- Ensure proper suppression of warnings for functions called via signal traps

* Fix shell script formatting with shfmt

- Apply consistent 8-space indentation to all shell scripts
- Convert tabs to spaces for proper formatting
- Fix indentation issues in scripts/ and tests/ directories
- Ensure all shell scripts follow shfmt standards

Files updated:
- scripts/*.sh (10 files)
- tests/**/*.sh (8 files)
- .github/workflows/ci-cd.yml (workflow formatting)

* fix: update Super Linter action path to use slim directory

* fix: resolve shellcheck SC2329 and shfmt formatting issues

- Add shellcheck disable comments for SC2329 (unused function) warnings
  in cleanup functions called via traps
- Apply consistent 8-space indentation using shfmt to all shell scripts
- Fix formatting in docker/entrypoint.sh, docker/entrypoint-chrome.sh,
  tests/docker/test-container-startup.sh, and tests/integration/comprehensive-tests.sh

This resolves the linting errors in the CI/CD pipeline and ensures
consistent code formatting across the codebase.

* fix: make Chrome headless test more robust

- Add multiple approaches for Chrome headless testing
- Use better flags to prevent segmentation faults
- Don't fail CI on headless issues (warn instead)
- Update both container test and CI/CD workflow tests

* Fix Chrome headless test segmentation fault and shell script linting errors

- Fix shellcheck errors by properly quoting data URLs in Chrome headless tests
- Resolve shfmt formatting issues in test-container-startup.sh
- Implement robust Chrome headless testing with multiple fallback approaches
- Change Chrome headless failures from hard errors to warnings
- Add comprehensive error handling for container environment limitations
- Update precommit instructions for better CI/CD workflow validation

* fix: remove unnecessary dependencies on lint-and-validate job

* Quote data URLs in CI workflow Chrome headless tests to avoid shell redirection syntax errors,--allow-empty:false

* ci(workflow): remove test-container-startup job (containers provisioned by provision jobs)

* ci(workflow): remove dangling needs reference to test-container-startup from cleanup job

* fix: update DEFAULT_BRANCH logic to handle pull request events correctly

* feat: Add Chrome-Go Runner Support (#1004)

Merge Chrome-Go runner support: all Go version references fixed, release and CI/CD workflows updated, Docker and config files consistent. Ready for develop integration.

* chore(deps)(deps): bump actions/checkout from 4 to 5 (#1008)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* chore(deps)(deps): bump github/super-linter from 6 to 7 (#1007)

Bumps [github/super-linter](https://github.com/github/super-linter) from 6 to 7.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/super-linter/compare/v6...v7)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* fix(docker): ensure unzip available before Chrome installation

- Move unzip installation to separate early layer
- Prevents 'command not found' error during Chrome/ChromeDriver download
- Resolves exit code 127 in Chrome installation step

* test(local): make local docker tests skip-mode aware; chrome compose wiring (#1012)

* test(local): make local docker tests skip-registration aware and fix compose overrides; wire RUNNER_SKIP_REGISTRATION to chrome compose

* fix(ci): repair Chrome/Chrome-Go builds (libgdk-pixbuf-2.0-0, early essentials), de-dupe Chrome deps; relax health check retries; tidy shell scripts for linter

* ci: make provisioning use skip-registration and fix shell linting (shfmt/SC1090); add skip support to chrome-go compose

* ci(lint): fix shfmt diffs in test_normal_runner_local.sh (redirection spacing and case indentation)

* chore(shell): fix shfmt case/indentation and redirection spacing in entrypoints and local test scripts to satisfy Super-Linter SHELL_SHFMT

* style(shell): apply shfmt-compliant indentation/redirection in entrypoint scripts

* style(shell): apply shfmt 2-space indentation across tests and scripts; no logic changes\n\n- Reformat tests/integration/comprehensive-tests.sh\n- Reformat tests/docker/validate-packages.sh\n- Reformat tests/unit/package-validation.sh\n- Reformat tests/integration/playwright_screenshot_integration.sh\n- Reformat tests/docker/test-container-startup.sh\n- Reformat tests/user-deployment/test-user-experience.sh\n- Consistency pass in previously edited scripts to satisfy Super-Linter SHELL_SHFMT

* fix(tests): remove stray 'done' in comprehensive-tests.sh to satisfy bash syntax and linter

* fix(tests): correct syntax errors in package-validation and user-experience tests

- tests/unit/package-validation.sh: Remove orphaned code block after main() call that caused unmatched closing brace
- tests/user-deployment/test-user-experience.sh: Fix while loop structure - move 'done' after case block body

These syntax errors were causing CI job failures:
- Package Validation Tests: exit code 127
- Comprehensive Integration Tests (unit): exit code 1
- User Deployment Experience Tests: exit code 2

* fix(tests): restore corrupted validate-packages.sh from git history

The file was corrupted during shfmt formatting in commit 19a7d10.
Restored working version from commit d3548d6.

This fixes the Package Validation Tests CI job exit code 127.

* style(tests): apply shfmt 2-space indentation to validate-packages.sh

Applied shfmt -i 2 -ci -sr formatting to ensure consistency with
Super-Linter SHELL_SHFMT requirements.

* fix(tests): restore missing test_obsolete_packages function

The test_obsolete_packages function was accidentally removed when cleaning
up orphaned code. Restored from git history (commit d3548d6) to fix:
- Package Validation Tests: exit code 1 ('command not found')
- Comprehensive Integration Tests (unit): exit code 1

The function checks Dockerfiles for known obsolete packages that are
no longer available in Ubuntu 24.04.

* fix(tests): improve package extraction from Dockerfiles

- Fix AWK script to properly collect multi-line apt-get install commands
- Fix regex character class to allow hyphens in package names (moved hyphen to end)
- Now correctly extracts packages like build-essential, ca-certificates, python3-pip
- Tested: extracts 11 packages from main Dockerfile (curl filtered intentionally)

* style: apply shfmt default formatting (tabs) to all shell scripts

- Super-Linter uses shfmt with default settings (tab indentation)
- Previously used 2-space indentation which failed SHELL_SHFMT validation
- Applied shfmt without -i flag to match CI expectations
- Fixes final Lint and Validate job failure

* fix(tests): add shellcheck directive to suppress SC2329 warnings

- SC2329 warns about functions not being invoked
- These functions ARE invoked by main() at end of script
- Added disable directive to silence false positive warnings
- Fixes BASH linting errors in CI

* fix(tests): add per-function shellcheck SC2329 directives

- SC2329 warns about functions appearing unused
- Added disable directive before each affected function
- Functions are invoked by main() so this is a false positive
- Fixes BASH linting in CI

* fix(ci): add fetch-depth: 0 to docs workflow checkout

- Super-Linter was failing with 'GITHUB_SHA reference doesn't exist'
- Need full git history for Super-Linter to work correctly
- Added fetch-depth: 0 to checkout step

---------

* chore(deps)(deps): bump super-linter/super-linter from 8.1.0 to 8.2.0 (#1010)

Bumps [super-linter/super-linter](https://github.com/super-linter/super-linter) from 8.1.0 to 8.2.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/v8.1.0...v8.2.0)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

* chore(deps)(deps): bump github/codeql-action from 3 to 4 (#1011)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* chore(deps)(deps): bump actions/upload-artifact from 4 to 5 (#1013)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

* fix(docker): update questing dependencies

* build: upgrade actions runner to v2.329.0 (#1015)

* build(runner): bump to v2.329.0 release

* fix(runner): relax chrome healthchecks

* fix(ci): use reg token for staging runners

* ci(docs-validation): fetch full history for super linter

* ci(docs-validation): disable jscpd and checkov

---------

* chore: bump Node.js and npm for Chrome runner (#1017)

* chore: bump Node.js to 24.11.1 and npm to 11.6.2

* chore: bump Go toolchain to 1.25.4 in chrome-go runner

---------

* chore: sync runner dependencies

* fix(docker): reinstall cross-spawn 7.0.6 (#1019)

* fix: patch tar vulnerability (#1020)

* fix(docker): bump tar to 7.5.2

* fix(docker): stage tar install via prefix

---------

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>
Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>

* Update docker/Dockerfile.chrome-go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update docker/Dockerfile.chrome

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update docker/Dockerfile

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>
Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Revert "chore(release): promote develop to main (#1023)" (#1025)

This reverts commit efa67573198b1a3fed1a255c18d69401b1df0361.

Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>

* Release (#1030)

Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Syam Sampatsing <grammatonic@macbookpro.home>
Co-authored-by: Syam Sampatsing <grammatonic@syams-mbp-1.home>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: 5 people

README.md

@@ -28,13 +28,13 @@ Note: Documentation workflows and repo prompts were recently improved — see
 
 | Component                 | Standard Runner  | Chrome Runner    | Status            |
 | ------------------------- | ---------------- | ---------------- | ----------------- |
-| **Image Version**         | v2.0.9           | v2.0.9           | ✅ Latest         |
+| **Image Version**         | v2.2.0           | v2.2.0           | ✅ Latest         |
 | **GitHub Actions Runner** | v2.329.0         | v2.329.0         | ✅ Latest         |
 | **Base OS**               | Ubuntu 25.10 Questing | Ubuntu 25.10 Questing | ✅ Supported/Pre-release |
 | **Node.js**               |                  | 24.11.1          | ✅ Chrome Only    |
 | **Python**                | 3.10+            | 3.10+            | ✅ Latest         |
-| **Playwright**            | -                | v1.55.0          | ✅ Latest         |
-| **Cypress**               | -                | v15.1.0          | ✅ Security Fixed |
+| **Playwright**            | -                | v1.55.1          | ✅ Latest         |
+| **Cypress**               | -                | v13.15.0         | ✅ Security Fixed |
 | **Chrome**                | -                | 142.0.7444.162   | ✅ Latest         |
 
 > 📋 For detailed version information, see [Version Overview](docs/VERSION_OVERVIEW.md)
@@ -62,14 +62,12 @@ Note: Documentation workflows and repo prompts were recently improved — see
   - **Security Scanning**: Weekly Trivy scans (filesystem, container, Chrome runner) with automated SARIF reporting and GitHub Security tab integration
   - **Architecture Enforcement**: Chrome runner image only supports `linux/amd64` (x86_64). Builds on ARM (Apple Silicon) will fail with a clear error.
 
-### 🆕 Recent Improvements (September 2025)
+### 🆕 Recent Improvements (November 2025)
 
--- ✅ Applied critical security patches for prototype pollution and DoS vulnerabilities
--- ✅ Optimized Docker image sizes with comprehensive cache cleaning
--- ✅ Enhanced Chrome Runner with latest Playwright (1.55.0), Cypress (15.1.0), and Chrome (142.0.7444.162)
--- ✅ Standardized Docker build contexts for consistent CI/CD pipeline execution
--- ✅ Implemented automated security advisory workflow with Trivy scanning (filesystem, container, Chrome runner)
--- ✅ All security scan jobs and workflow files are now kept in sync across branches for reliable code scanning and compliance
+- ✅ Added npm override to force `tar@7.5.2` inside all embedded npm distributions, closing CVE-2024-47554 exposure paths.
+- ✅ Chrome runners updated to Chrome `142.0.7444.162`, Playwright `1.55.1`, and Cypress `13.15.0` with matching `@playwright/test` tooling.
+- ✅ Documentation, version catalog, and wiki refreshed for v2.2.0 with Questing base image guidance and security workflow parity.
+- ✅ Release automation continues to publish SBOMs and Trivy scan SARIF reports for every tagged build.
 
 ## 📦 Installation
 
@@ -93,9 +91,9 @@ cd github-runner
 ### Using Release Archive
 
 ```bash
-wget https://github.com/GrammaTonic/github-runner/archive/v2.0.2.tar.gz
-tar -xzf v2.0.2.tar.gz
-cd github-runner-2.0.2
+wget https://github.com/GrammaTonic/github-runner/archive/v2.2.0.tar.gz
+tar -xzf v2.2.0.tar.gz
+cd github-runner-2.2.0
 ```
 
 ### Using Docker Images
@@ -104,18 +102,18 @@ Pre-built Docker images are available for each release:
 
 ```bash
 # Standard Runner (latest)
-docker pull ghcr.io/grammatonic/github-runner:v2.0.2
+docker pull ghcr.io/grammatonic/github-runner:v2.2.0
 
 # Chrome Runner (latest)
-docker pull ghcr.io/grammatonic/github-runner-chrome:v2.0.2
+docker pull ghcr.io/grammatonic/github-runner-chrome:v2.2.0
 
 # Development versions
 docker pull ghcr.io/grammatonic/github-runner:develop
 docker pull ghcr.io/grammatonic/github-runner-chrome:develop
 
 # Semantic versioning
-docker pull ghcr.io/grammatonic/github-runner:2.0.2
-docker pull ghcr.io/grammatonic/github-runner:2.0
+docker pull ghcr.io/grammatonic/github-runner:2.2.0
+docker pull ghcr.io/grammatonic/github-runner:2.2
 docker pull ghcr.io/grammatonic/github-runner:2
 ```
 

VERSION

@@ -1 +1 @@
-2.0.1
+2.2.0

docker/Dockerfile

@@ -4,7 +4,7 @@ FROM ubuntu:questing
 # --- METADATA AND ARGUMENTS ---
 LABEL maintainer="GrammaTonic"
 LABEL description="Base image for GitHub Actions Self-Hosted Runners"
-LABEL version="2.0.9"
+LABEL version="2.2.0"
 
 # Use TARGETPLATFORM which contains the full OS/architecture string (e.g., linux/amd64)
 ARG TARGETPLATFORM

docker/Dockerfile.chrome

@@ -11,7 +11,7 @@ FROM ubuntu:questing
 # --- METADATA AND ARGUMENTS ---
 LABEL maintainer="GrammaTonic"
 LABEL description="Optimized GitHub Actions Self-Hosted Runner for Chrome and web UI testing"
-LABEL version="2.0.9"
+LABEL version="2.2.0"
 
 # Define arguments at the top for easy management
 ARG TARGETARCH

docker/Dockerfile.chrome-go

@@ -11,7 +11,7 @@ FROM ubuntu:questing
 # --- METADATA AND ARGUMENTS ---
 LABEL maintainer="GrammaTonic"
 LABEL description="Optimized GitHub Actions Self-Hosted Runner for Chrome, Go, and web UI testing"
-LABEL version="2.0.9"
+LABEL version="2.2.0"
 
 # Define arguments at the top for easy management
 ARG TARGETARCH

docs-wiki-full-patch.diff

@@ -47,7 +47,7 @@ index 5a676bc..e6a603d 100644
  # GitHub Runner Documentation
 
 -This directory contains all project documentation organized by category. All documentation blocks, examples, and API docs are now synced with the latest code and workflow changes (as of 2025-09-10).
-+This directory contains all project documentation organized by category. All documentation blocks, examples, and API docs are now synced with the latest code and workflow changes (as of 2025-09-14).
++This directory contains all project documentation organized by category. All documentation blocks, examples, and API docs are now synced with the latest code and workflow changes (as of 2025-11-14).
 +
 +## 🛠️ Automated Documentation Validation
 +
@@ -111,7 +111,8 @@ index 5a676bc..e6a603d 100644
 
  ### Releases
 +- [Changelog](releases/CHANGELOG.md) - Full release history
-+- [Release Notes v2.1.0](releases/RELEASE_NOTES_v2.1.0.md) - Latest release information
++- [Release Notes v2.2.0](releases/RELEASE_NOTES_v2.2.0.md) - Latest release information
++- [Release Notes v2.1.0](releases/RELEASE_NOTES_v2.1.0.md)
 +- [Release Notes v2.0.2](releases/RELEASE_NOTES_v2.0.2.md)
 +- [Release Notes v1.1.1](releases/RELEASE_NOTES_v1.1.1.md)
 +- [Release Notes v1.1.0](releases/RELEASE_NOTES_v1.1.0.md)
@@ -174,7 +175,7 @@ index 1a51ac1..c7d1da2 100644
 
 -**Image Version**: v2.0.2
 -**Base Image**: `ubuntu:24.04`
-+**Image Version**: v2.0.9
++**Image Version**: v2.2.0
 +**Base Image**: `ubuntu:questing` (25.10 Pre-release)
  **Purpose**: General-purpose GitHub Actions runner with development tools
  **Target Architectures**: `linux/amd64` only
@@ -183,7 +184,7 @@ index 1a51ac1..c7d1da2 100644
 
 -**Image Version**: v2.0.2
 -**Base Image**: `ubuntu:24.04`
-+**Image Version**: v2.0.9
++**Image Version**: v2.2.0
 +**Base Image**: `ubuntu:questing` (25.10 Pre-release)
  **Purpose**: Chrome-optimized runner for web UI testing and browser automation
  **Target Architectures**: `linux/amd64` only (ARM builds are blocked for Chrome runner)
@@ -313,7 +314,8 @@ index 1a51ac1..c7d1da2 100644
 +
  ### Recent Changes
 
-+- **2025-09-14**: Updated to Ubuntu 25.10 Questing, image version v2.0.9, Chrome 142.0.7444.162, Playwright 1.55.0, Cypress 15.1.0, Node.js 24.11.1 (Chrome Runner only), and architecture enforcement (amd64 only)
++- **2025-11-14**: Release v2.2.0 with npm `tar@7.5.2` override, Chrome 142.0.7444.162, Playwright 1.55.1, Cypress 13.15.0, and refreshed Questing-based documentation.
++- **2025-09-14**: Updated to Ubuntu 25.10 Questing, image version v2.0.9, Chrome 142.0.7444.162, Playwright 1.55.0, Cypress 13.15.0, Node.js 24.11.1 (Chrome Runner only), and architecture enforcement (amd64 only)
 - **2025-09-10**: Extensive documentation update for Ubuntu 24.04 LTS, image version v2.0.2, Node.js 24.11.1 (Chrome Runner only), and architecture enforcement (amd64 only)
  - **2025-01-15**: Applied VDB-216777/CVE-2020-36632 flat package security fix
  - **2025-01-15**: Added comprehensive security patches for Chrome Runner
@@ -322,7 +324,7 @@ index 1a51ac1..c7d1da2 100644
  ---
 
 -**Last Updated**: September 10, 2025  
-+**Last Updated**: September 14, 2025 (Synced with code and workflows)
++**Last Updated**: November 14, 2025 (Synced with code and workflows)
  **Document Version**: 2.0  
  **Maintainer**: GrammaTonic
 diff --git a/docs/features/CHROME_RUNNER_FEATURE.md b/docs/features/CHROME_RUNNER_FEATURE.md

docs/README.md

@@ -1,6 +1,6 @@
 # GitHub Runner Documentation
 
-This directory contains all project documentation organized by category. All documentation blocks, examples, and API docs are now synced with the latest code and workflow changes (as of 2025-09-14).
+This directory contains all project documentation organized by category. All documentation blocks, examples, and API docs are now synced with the latest code and workflow changes (as of 2025-11-14).
 
 ## 🛠️ Automated Documentation Validation
 
@@ -59,7 +59,8 @@ docs/
 
 ### Releases
 - [Changelog](releases/CHANGELOG.md) - Full release history
-- [Release Notes v2.1.0](releases/RELEASE_NOTES_v2.1.0.md) - Latest release information
+- [Release Notes v2.2.0](releases/RELEASE_NOTES_v2.2.0.md) - Latest release information
+- [Release Notes v2.1.0](releases/RELEASE_NOTES_v2.1.0.md)
 - [Release Notes v2.0.2](releases/RELEASE_NOTES_v2.0.2.md)
 - [Release Notes v1.1.1](releases/RELEASE_NOTES_v1.1.1.md)
 - [Release Notes v1.1.0](releases/RELEASE_NOTES_v1.1.0.md)

docs/VERSION_OVERVIEW.md

@@ -8,14 +8,14 @@ This document provides a comprehensive overview of all software versions, depend
 
 ### 1. Standard Runner (`docker/Dockerfile`)
 
-**Image Version**: v2.0.9
+**Image Version**: v2.2.0
 **Base Image**: `ubuntu:questing` (25.10 Pre-release)
 **Purpose**: General-purpose GitHub Actions runner with development tools
 **Target Architectures**: `linux/amd64` only
 
 ### 2. Chrome Runner (`docker/Dockerfile.chrome`)
 
-**Image Version**: v2.0.9
+**Image Version**: v2.2.0
 **Base Image**: `ubuntu:questing` (25.10 Pre-release)
 **Purpose**: Chrome-optimized runner for web UI testing and browser automation
 **Target Architectures**: `linux/amd64` only (ARM builds are blocked for Chrome runner)
@@ -70,9 +70,9 @@ This document provides a comprehensive overview of all software versions, depend
 
 | Package            | Version    | Security Status                                  |
 | ------------------ | ---------- | ------------------------------------------------ |
-| `playwright`       | **1.55.0** | ✅ Latest stable                                 |
-| `cypress`          | **15.1.0** | ✅ **Security Fix** (CVE-2025-9288)              |
-| `@playwright/test` | **1.55.0** | ✅ Test framework                                |
+| `playwright`       | **1.55.1** | ✅ Latest stable                                 |
+| `cypress`          | **13.15.0** | ✅ **Security Fix** (CVE-2025-9288)              |
+| `@playwright/test` | **1.55.1** | ✅ Test framework                                |
 | `flat`             | **5.0.2**  | ✅ **Security Fix** (VDB-216777, CVE-2020-36632) |
 | `sha.js`           | **2.4.12** | ✅ **Security Fix** (CVE-2025-9288)              |
 | `ws`               | **8.17.1** | ✅ **Security Fix** (CVE-2024-37890)             |
@@ -154,7 +154,7 @@ This document provides a comprehensive overview of all software versions, depend
 - **Package**: `sha.js` (JavaScript SHA implementation)
 - **Vulnerability**: Cryptographic weakness in Cypress dependency
 - **Fix Applied**:
-  - Upgraded Cypress to `15.1.0+`
+  - Upgraded Cypress to `13.15.0`
   - Force-installed `sha.js@2.4.12`
 - **Status**: ✅ **RESOLVED**
 - **Applied In**: Chrome Runner only
@@ -267,6 +267,7 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
 
 ### Recent Changes
 
+- **2025-11-14**: Release v2.2.0 with npm `tar@7.5.2` override, Chrome 142.0.7444.162, Playwright 1.55.1, Cypress 13.15.0, and refreshed Questing-based documentation.
 - **2025-09-14**: Updated to Ubuntu 25.10 Questing, image version v2.0.9, Chrome 142.0.7444.162, Playwright 1.55.0, Cypress 15.1.0, Node.js 24.11.1 (Chrome Runner only), and architecture enforcement (amd64 only)
 - **2025-09-10**: Extensive documentation update for Ubuntu 24.04 LTS, image version v2.0.2, Node.js 24.11.1 (Chrome Runner only), and architecture enforcement (amd64 only)
 - **2025-01-15**: Applied VDB-216777/CVE-2020-36632 flat package security fix
@@ -283,6 +284,6 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
 
 ---
 
-**Last Updated**: September 14, 2025 (Synced with code and workflows)
+**Last Updated**: November 14, 2025 (Synced with code and workflows)
 **Document Version**: 2.0  
 **Maintainer**: GrammaTonic

docs/releases/CHANGELOG.md

@@ -1,9 +1,13 @@
-# [Unreleased]
-- Documentation updated to reflect use of `ubuntu:questing` (25.10 pre-release) as base image for all runners.
-- Added detailed explanation of CVE mitigation strategy, including npm overrides, Trivy scan automation, and audit workflow.
-- Migration notes for switching to stable Ubuntu LTS for production.
-- Reference: See PR #<PR_NUMBER> or commit <COMMIT_HASH>.
-## Unreleased
+# Changelog
+
+## [Unreleased]
+- Pending items
+
+## [v2.2.0] - 2025-11-14
+- Promote standard, Chrome, and Chrome-Go runner images to **v2.2.0**.
+- Force `tar@7.5.2`, `cross-spawn@7.0.6`, and `brace-expansion@2.0.2` into every npm distribution (system, global, embedded) to mitigate CVE-2024-47554 and related advisories.
+- Update Chrome runner stacks to Chrome **142.0.7444.162**, Playwright **1.55.1**, Cypress **13.15.0**, and Node.js **24.11.1**.
+- Refresh documentation, version overview, and wiki pages for Questing base image guidance and release automation workflow parity.
 
 ## v1.1.1 - 2025-01-15
 

docs/releases/RELEASE_NOTES_v2.2.0.md

@@ -0,0 +1,22 @@
+# Release Notes v2.2.0
+
+## Highlights
+- Standard, Chrome, and Chrome-Go runner images promoted to **v2.2.0** with refreshed metadata and documentation.
+- Chrome-based runners ship Chrome **142.0.7444.162**, Playwright **1.55.1**, Cypress **13.15.0**, and Node.js **24.11.1** for parity across UI testing stacks.
+- npm override now forces **tar@7.5.2** inside every embedded npm distribution (system install, global install, and runner-embedded copies) to mitigate CVE-2024-47554.
+- Documentation, version overview, and wiki content updated for Questing base image guidance, security posture, and release automation workflows.
+
+## Security & Compliance
+- `cross-spawn@7.0.6`, `tar@7.5.2`, and `brace-expansion@2.0.2` copied into each npm instance (system/global/embedded).
+- Chrome runners continue to install Cypress with SHA.js overrides and remove stale caches between builds.
+- Release workflow publishes SBOMs and Trivy SARIF reports for each image variant (`standard`, `chrome`, `chrome-go`).
+
+## Testing
+- `./tests/docker/validate-packages.sh`
+
+## References
+- See PR #<PR_NUMBER> or commit <COMMIT_HASH> for the full change history.
+- Review Trivy scan outputs under `test-results/docker/` for audit records.
+
+---
+Release date: 2025-11-14