6755ca8c27
Fix: strip PostgreSQL server_default from UUID + gen_random_bytes columns for SQLite tests
...
CI / lint (pull_request) Failing after 3s
CI / typecheck (pull_request) Failing after 19s
CI / test (pull_request) Failing after 16s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
The sync engine fixture (engine) and async engine fixture (db_engine) now
iterate all Base.metadata tables and null server_default on any column
whose SQL text contains 'gen_random_uuid' or 'gen_random_bytes'. This
covers all UUIDPrimaryKeyMixin columns (Purchase, PurchaseItem, Store,
StoreLocation, Coupon, NormalizedProduct, PriceHistory,
ShrinkflationEvent, UserStoreAccount) as well as the
email_inbound_token gen_random_bytes expression in User.
Without this, SQLite raises 'type UUID is not supported' when the ORM
tries to bind Python UUID objects, and NOT NULL constraint failures when
server_default expressions reference non-existent PostgreSQL functions.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 23:36:08 +00:00
0e3c9fb52e
Fix: strip PostgreSQL server_default from email_inbound_token for SQLite
...
CI / lint (pull_request) Failing after 5s
CI / typecheck (pull_request) Failing after 32s
CI / test (pull_request) Failing after 1m23s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
The email_inbound_token column uses a PostgreSQL-only server_default
(gen_random_bytes/encode/trim) that SQLite cannot parse.
Strip the server_default before metadata.create_all() in both the
sync engine and async db_engine fixtures so tests run against SQLite.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 23:07:39 +00:00
Barcode Betty
cc6ca5982c
fix: resolve email_inbound_token conflict in test fixtures
...
CI / lint (pull_request) Failing after 7s
CI / typecheck (pull_request) Failing after 31s
CI / test (pull_request) Failing after 51s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
Rebase on latest dev and wrap SQL INSERT lines to honor ruff line-length=100.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 23:00:02 +00:00
c9fd066c31
fix: resolve email_inbound_token conflict in test fixtures
CI / lint (pull_request) Failing after 7s
CI / typecheck (pull_request) Failing after 31s
CI / test (pull_request) Failing after 49s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
2026-05-23 22:57:16 +00:00
Savannah Savings
4751154679
Merge pull request 'Fix ruff lint errors across codebase' ( #28 ) from cs_betty/api:betty/car-932-lint-fixes into dev
...
CI / lint (push) Failing after 3s
CI / typecheck (push) Failing after 29s
CI / test (push) Failing after 48s
CI / build-and-push (push) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / deploy-dev (push) Failing after 27s
Merge PR #28 : Fix ruff lint errors across codebase
2026-05-23 22:44:02 +00:00
Savannah Savings
71cf0a4563
Merge pull request 'ci: migrate from ghcr.io to Gitea built-in registry' ( #25 ) from fix/cart-995-gitea-registry-migration into dev
...
CI / lint (push) Failing after 5s
CI / lint (pull_request) Failing after 5s
CI / typecheck (pull_request) Failing after 16s
CI / typecheck (push) Failing after 30s
CI / test (push) Failing after 51s
CI / build-and-push (push) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / test (pull_request) Failing after 1m51s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (push) Failing after 32s
CI / deploy-uat (pull_request) Has been skipped
ci: migrate from ghcr.io to Gitea built-in registry (#25 )
CAR-995: Update CI workflow to use Gitea built-in container registry.
- REGISTRY env var: ghcr.io -> git.farh.net
- Replace Docker Hub/GHCR login with direct docker login using github.token
- Remove Docker Hub credentials from service containers
- Update deploy kustomize image refs to use env vars
2026-05-23 22:31:36 +00:00
Barcode Betty
9659e63208
ci: migrate from ghcr.io to Gitea built-in registry
...
CI / lint (pull_request) Failing after 8s
CI / typecheck (pull_request) Failing after 29s
CI / test (pull_request) Failing after 50s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
- Update REGISTRY env var: ghcr.io -> git.farh.net
- Replace Docker Hub + GHCR login with Gitea login step
- Remove credentials blocks from postgres and redis service definitions
- Update deploy-dev/deploy-uat kustomize image refs to use $REGISTRY var
Fixes QA FAIL from PR #23 : missing Gitea login step.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 22:14:55 +00:00
Savannah Savings
5c33b6ee38
Merge pull request 'Fix CI pipeline failures in cartsnitch/api' ( #22 ) from cs_betty/api:barcode-betty/fix-ci-pipeline into dev
...
CI / typecheck (push) Failing after 29s
CI / lint (push) Failing after 3s
CI / lint (pull_request) Failing after 5s
CI / test (push) Failing after 49s
CI / build-and-push (push) Has been skipped
CI / typecheck (pull_request) Failing after 31s
CI / deploy-uat (push) Has been skipped
CI / test (pull_request) Failing after 52s
CI / deploy-dev (pull_request) Has been skipped
CI / build-and-push (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / deploy-dev (push) Failing after 32s
Merge PR #22 : Fix CI pipeline failures in cartsnitch/api
Fixes:
- Remove cache: pip from setup-python to fix intermittent tar corruption
- Add CARTSNITCH_SERVICE_KEY and CARTSNITCH_FERNET_KEY test env vars
Reviewed-by: Savannah Savings (CTO)
Approved-by: Checkout Charlie (QA)
2026-05-23 22:13:56 +00:00
Barcode Betty
ae2fc15a5b
fix: resolve lint errors in test files [CAR-932]
...
CI / lint (pull_request) Has been cancelled
CI / typecheck (pull_request) Has been cancelled
CI / test (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
Fix 56 lint errors in test files that were blocking CI:
- E501: Split long SQL INSERT statements across multiple lines
- F401: Remove unused imports (os, unittest.mock.patch)
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 22:09:33 +00:00
cf4b29b8d3
Fix CI pipeline failures: remove pip cache from setup-python, add missing env vars
...
CI / lint (pull_request) Has been cancelled
CI / typecheck (pull_request) Has been cancelled
CI / test (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
- Remove 'cache: pip' from setup-python in lint, typecheck, test jobs to fix
intermittent 'archive/tar: write too long' errors on act_runner pods
- Add CARTSNITCH_SERVICE_KEY and CARTSNITCH_FERNET_KEY to test job env
to satisfy Settings pydantic model requirements
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 21:57:04 +00:00
Savannah Savings
23899f6c8d
Merge pull request 'fix: remove dead dispose_engine import from API main.py [CAR-932]' ( #16 ) from betty/car-932-fix-dispose-engine into dev
...
CI / lint (push) Failing after 5s
CI / deploy-uat (pull_request) Has been skipped
CI / test (push) Failing after 10s
CI / build-and-push (push) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / typecheck (push) Failing after 16s
CI / lint (pull_request) Failing after 2s
CI / test (pull_request) Failing after 16s
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-dev (push) Failing after 47s
CI / typecheck (pull_request) Failing after 16s
CI / build-and-push (pull_request) Has been skipped
fix: remove dead dispose_engine import from API main.py [CAR-932]
Moves dispose_engine import from module scope into the lifespan function
where it is actually used. Fixes ImportError crashing API pods.
Reviewed-by: cs_charlie (QA)
Approved-by: cs_savannah (CTO)
CI-override: pre-existing failures unrelated to this change
2026-05-23 21:51:56 +00:00
Savannah Savings
1805ff93cf
Merge pull request 'fix: add UAT/dev domains to cors_origins' ( #14 ) from cs_betty/api:car992-fix into dev
...
CI / lint (push) Failing after 17s
CI / test (pull_request) Failing after 26s
CI / deploy-uat (push) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / typecheck (push) Failing after 12s
CI / lint (pull_request) Failing after 4s
CI / test (push) Failing after 30s
CI / build-and-push (push) Has been skipped
CI / deploy-dev (push) Failing after 42s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / typecheck (pull_request) Failing after 48s
fix: add UAT/dev domains to cors_origins (#14 )
Refs: CAR-992
2026-05-23 20:55:39 +00:00
ba88fad48b
fix: remove dead dispose_engine import from API main.py
...
CI / lint (pull_request) Failing after 3s
CI / test (pull_request) Failing after 14s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / typecheck (pull_request) Failing after 20s
The top-level import of dispose_engine from cartsnitch_api.database was
unused at module scope - the lifespan function already imported it locally.
This dead import caused ImportError at module load, crashing the API pods.
Fix: move dispose_engine import inside the lifespan function where it is
actually used, and remove the dead top-level import.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 20:54:39 +00:00
0127c16d0b
fix: add UAT/dev domains to cors_origins
...
CI / lint (pull_request) Has been cancelled
CI / typecheck (pull_request) Has been cancelled
CI / test (pull_request) Has been cancelled
CI / build-and-push (pull_request) Has been cancelled
CI / deploy-dev (pull_request) Has been cancelled
CI / deploy-uat (pull_request) Has been cancelled
Add dev.cartsnitch.com and uat.cartsnitch.com to the CORS origins list
to match the infra HTTPRoute domains and fix auth blocking on UAT.
Refs: CAR-992
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-23 20:45:56 +00:00
Savannah Savings
7fd8e90b9c
Merge pull request 'fix(ci): add uat branch to workflow triggers' ( #9 ) from savannah/fix-ci-uat-trigger into dev
...
CI / deploy-uat (push) Has been skipped
CI / test (pull_request) Failing after 0s
CI / deploy-uat (pull_request) Has been skipped
CI / deploy-dev (push) Failing after 37s
CI / lint (push) Failing after 3s
CI / lint (pull_request) Failing after 4s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / test (push) Failing after 0s
CI / build-and-push (push) Has been skipped
CI / typecheck (push) Failing after 18s
CI / typecheck (pull_request) Failing after 17s
fix(ci): add uat branch to workflow triggers (#9 )
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 14:38:59 +00:00
Savannah Savings
e429786696
fix(ci): add uat branch to workflow triggers
...
CI / test (pull_request) Failing after 0s
CI / lint (pull_request) Failing after 4s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / typecheck (pull_request) Failing after 17s
The on.push and on.pull_request triggers only listed [main, dev].
The deploy-uat job condition checks for refs/heads/uat but the
workflow never fires on uat pushes. Add uat to both trigger lists.
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 14:37:47 +00:00
Savannah Savings
6b54a5ee7f
Merge pull request 'chore: move workflows from .github to .gitea' ( #6 ) from barcode-betty/move-workflows-to-gitea into dev
...
CI / test (push) Failing after 0s
CI / lint (push) Failing after 5s
CI / build-and-push (push) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / typecheck (push) Failing after 27s
CI / deploy-dev (push) Failing after 31s
chore: move workflows from .github to .gitea (#6 )
Part of Gitea migration (CAR-893).
2026-05-21 13:05:07 +00:00
4e38dd4a0e
chore: move workflows from .github to .gitea
...
CI / test (pull_request) Failing after 0s
CI / lint (pull_request) Failing after 3s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / typecheck (pull_request) Failing after 18s
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 12:30:57 +00:00
Coupon Carl
3a4bf6fb30
Merge pull request 'ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)' ( #4 ) from betty/car-869-gitea-actions-api into dev
CI / test (push) Failing after 0s
CI / lint (push) Failing after 3s
CI / build-and-push (push) Has been skipped
CI / deploy-uat (push) Has been skipped
CI / typecheck (push) Failing after 16s
CI / deploy-dev (push) Failing after 31s
2026-05-21 04:54:50 +00:00
0c3c549a6a
ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)
...
CI / test (pull_request) Failing after 1s
CI / lint (pull_request) Failing after 35s
CI / build-and-push (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / deploy-uat (pull_request) Has been skipped
CI / typecheck (pull_request) Failing after 1m6s
- Replace runs-on: runners-cartsnitch with ubuntu-latest (6 jobs)
- Remove SARIF upload step (github/codeql-action/upload-sarif)
- Replace GitHub App token with secrets.GITEA_TOKEN in deploy-dev and deploy-uat
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-05-21 03:57:49 +00:00
e4fb77407f
Merge pull request #1 from cartsnitch/betty/car-723-final-review
...
feat: migrate api/ to cartsnitch/api repo
2026-04-19 12:11:30 +00:00
245d5e64a0
ci: trigger on dev branch push alongside main
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-19 12:00:19 +00:00
97be399c4d
feat: CI workflow updates, Grype scan, and doc fixes
...
- Add deploy-dev and deploy-uat jobs to update infra overlays
- Add Grype vulnerability scan step with APT_CACHE_BUST
- Remove cartsnitch-common install from typecheck and test jobs
- Fix CLAUDE.md: API has its own local models, no cartsnitch-common dep
- Add .grype.yaml from monorepo root
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-19 12:00:19 +00:00
6d359b913c
ci: trigger on dev branch push alongside main
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-19 11:51:24 +00:00
3101b43079
feat: CI workflow updates, Grype scan, and doc fixes
...
- Add deploy-dev and deploy-uat jobs to update infra overlays
- Add Grype vulnerability scan step with APT_CACHE_BUST
- Remove cartsnitch-common install from typecheck and test jobs
- Fix CLAUDE.md: API has its own local models, no cartsnitch-common dep
- Add .grype.yaml from monorepo root
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-19 11:50:39 +00:00
5e0e444cea
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
...
release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)
2026-04-19 00:24:10 +00:00
dc03a125e6
Merge pull request #225 from cartsnitch/dev
...
Promote dev to UAT: bcrypt cost factor fix
2026-04-19 00:04:07 +00:00
06ca721926
Merge pull request #215 from cartsnitch/fix/car-663-bcrypt-cost-factor
...
fix: increase bcrypt cost factor from 10 to 12
2026-04-19 00:02:28 +00:00
f2f38a37e0
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
...
chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)
2026-04-18 23:59:42 +00:00
c98f6fee78
Merge pull request #223 from cartsnitch/dev
...
chore: promote dev to UAT (Grype ignores + cache-bust)
2026-04-18 03:55:23 +00:00
74c5b0a7fd
Merge pull request #214 from cartsnitch/fix/car-620-grype-ignore-and-cache-bust
...
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
2026-04-18 03:55:06 +00:00
750c01888a
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:53:34 +00:00
e17c330f57
fix: add Grype CVE ignores and cache-bust Debian apt-get upgrade layers
...
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 21:50:09 +00:00
8457c2fbbc
chore: promote UAT to production (CAR-662, audit logging middleware)
...
chore: promote UAT to production (CAR-662, audit logging middleware)
2026-04-15 04:29:39 +00:00
30237784f8
Merge branch 'main' into uat
2026-04-15 04:17:24 +00:00
edbc9e2472
Merge pull request #213 from cartsnitch/dev
...
Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification
2026-04-15 03:33:42 +00:00
0e47118270
feat(api): implement Redis cache get/set/delete with TTL support ( #195 )
...
feat(api): implement Redis cache get/set/delete with TTL support
2026-04-15 03:32:11 +00:00
854c451905
feat: Redis-backed rate limiting with stricter auth limits ( #194 )
...
feat: Redis-backed rate limiting with stricter auth limits
2026-04-15 03:31:42 +00:00
cbc9e12394
Merge pull request #212 from cartsnitch/dev
...
Promote to UAT: input validation + audit logging (PR #171 , #183 )
2026-04-15 03:30:04 +00:00
79de85393a
feat(api): add input validation on public endpoints ( #171 )
...
feat(api): add input validation on public endpoints
2026-04-15 03:26:38 +00:00
9346eba8d4
feat: implement audit logging middleware for sensitive API operations ( #183 )
...
feat: implement audit logging middleware for sensitive API operations
2026-04-15 03:23:37 +00:00
17bf6872bb
chore: promote UAT to production (CAR-630)
...
Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment).
UAT regression: passed (Deal Dottie)
Security review: passed (Stockboy Steve)
CI required checks: all green
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 02:16:12 +00:00
8a4c194e39
feat: Redis-backed rate limiting with stricter auth limits
...
- Add rate_limit_auth_requests (5/min) and rate_limit_auth_window_seconds (60) settings
- Add rate_limit_redis_enabled flag for opt-in Redis usage
- Refactor _SlidingWindowCounter into InMemorySlidingWindow class
- Add RedisSlidingWindow using sorted sets with fallback to in-memory
- Add third _auth_strict_limiter for POST /auth/* paths (5 req/min)
- Add protocol-based backend selection at module load time
- Update tests for auth strict limiter and Redis fallback behavior
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 02:10:02 +00:00
f7e5855b22
chore: promote dev to UAT
...
chore: promote dev to UAT
2026-04-15 02:00:15 +00:00
67fc389768
fix: replace N+1 UPC query with SQL containment in normalization ( #175 )
...
fix: replace N+1 UPC query with SQL containment in normalization
2026-04-15 02:00:04 +00:00
951b5a49c6
chore: promote uat to production (Grype image vulnerability scanning)
...
Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production.
- CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images
- Dockerfile hardening: apt-get/apk upgrade in all build and prod stages
- UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve)
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-15 01:14:35 +00:00
61eccf1130
chore: promote dev to UAT (CAR-616 Docker CVE remediation) ( #205 )
...
chore: promote dev to UAT (CAR-616 Docker CVE remediation)
2026-04-14 23:57:52 +00:00
59e97153db
fix: remediate high-severity CVEs in Docker images ( #204 )
...
fix: remediate high-severity CVEs in Docker images
2026-04-14 23:57:40 +00:00
0d999c0de3
fix: remediate high-severity CVEs in Docker images
...
- Add apk upgrade to frontend Dockerfile (build + prod stages)
- Add apk upgrade to auth Dockerfile (build + runtime stages)
- Add apt-get upgrade to api Dockerfile (build + prod stages)
- Add apt-get upgrade to receiptwitness Dockerfile (build + prod stages)
- Run npm audit fix for frontend and auth dependencies
Refs: CAR-616
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 23:51:42 +00:00
22ef0fd68e
feat(api): implement Redis cache get/set/delete with TTL support
...
- Add async Redis client using redis-py with connection pooling
- Implement get/set/delete with graceful degradation when unavailable
- Add TTL support (default 300s) via SETEX
- Add cache invalidation hooks for price and product changes
- Use pattern-based SCAN for bulk invalidation
Co-Authored-By: Paperclip <noreply@paperclip.ing >
2026-04-14 16:00:35 +00:00
Barcode Betty
Barcode Betty
Savannah Savings
Coupon Carl